| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.01.2012, 01:07
| #1 |
 |  Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Servus und danke vorab für Eure arbeit hier! Heute komme ich leider nicht mehr alleine weiter, ein Freund von mir hat sich was eingefangen, womit ich auch nicht weiter weis. 1. Seine Systemsteuerung ist im Startmenü weg, bzw. läßt sich auch nicht durch diverse Befehle oder Startmenü anpassen aufrufen. Meldung in etwa "Sie haben keine Berechtigung, wenden Sie sich an den Admin, welches er aber ist! 2. Windows schreit nach den updates, willst Du es ausführen, Meldung siehe oben, keine Berechtigung! Meine Vermutung lag bei einem Trojaner/Rootkit, er hat mittlerweile eset als Internetsecurity-Programm laufen, welches auch einiges entfernt hat, aber nicht alles. Habe heute mal (war nix anderes zur Hand), die Notfall-CD con CB gestartet und dort das Virenprogramm drüber laufen lassen, mit folgendem Ergebniss, das wohl ein Rootkit und div. andere Trojaner auf dem PC sind. Leider keine LOG-Datei aber ein Bildschirmfoto gemacht und unten angehängt. Nun habe ich vorher gegooglet etc. und sehe das ich die iastor.sys wohl nicht so einfach löschen darf, diese aber nunmal betroffen ist. Jetzt bin ich mit meinem Latein am Ende und hoffe es kann mir / meinem Freund hier jemand weiterhelfen. Vorab schonmal VIELEN DANK!
__________________ Don´t Panic! |
|
06.01.2012, 23:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Und wie bitte soll man den text auf diesem Screenshot erkennen?
__________________Warum kann man Text nicht einfach als Text transportieren via Copy&Paste?
__________________ |
|
07.01.2012, 14:35
| #3 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Servus,
__________________Sorry bei mir auf dem PC lies sich das Bild so vergrößern das man es lesen konnte. Habe leider nur den Screenshot gemacht und vergessen die Textpassage zu kopieren bevor ich neu gestartet habe. Mea Culpa! Ich fahr gleich nochmal hin und mach die ersten Schritte wie hier beschrieben mit defogger etc. Und poste es dann hier OK?! Und bringe den Text vom Screenshot auch noch zum lesen!
__________________ |
|
07.01.2012, 16:17
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Den Text kann man doch markieren und kopieren! Einfach hier dann in den Beitrag einfügen! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
07.01.2012, 16:59
| #5 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Hallo, so habe eben defogger und OTL durchlaufen lassen. Hier die Log von OTL: Code:
ATTFilter OTL logfile created on: 1/7/2012 4:25:48 PM - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eltern\Desktop\TrojanTools 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.62% Memory free 8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.32% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 606.84 Gb Total Space | 523.98 Gb Free Space | 86.35% Space Free | Partition Type: NTFS Drive D: | 13.29 Gb Total Space | 1.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Drive F: | 78.40 Gb Total Space | 78.31 Gb Free Space | 99.88% Space Free | Partition Type: NTFS Drive G: | 97.65 Gb Total Space | 38.43 Gb Free Space | 39.35% Space Free | Partition Type: NTFS Drive H: | 135.22 Gb Total Space | 123.11 Gb Free Space | 91.04% Space Free | Partition Type: NTFS Computer Name: ELTERN-HP | User Name: Eltern | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/06 22:16:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eltern\Desktop\TrojanTools\OTL.exe PRC - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe PRC - [2011/12/19 09:06:53 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010/12/06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010/12/06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010/11/16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2009/07/14 00:15:34 | 002,559,888 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\ccsync.exe PRC - [2009/07/14 00:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe ========== Modules (No Company Name) ========== MOD - [2011/12/19 09:06:53 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2010/12/06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/03/05 01:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2010/03/05 01:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2011/12/14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010/12/06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/08/25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon) SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/23 15:51:35 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011/01/23 15:51:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2011/01/23 15:51:28 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011/01/23 15:51:24 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/09/21 12:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb) DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/11/08 21:25:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010/06/10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110608 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb49f690e-aa79-4055-9f1c-f067e5ad9520%7D&mid=8efc22c0075147d1b29da138fa8b9963-1d1dc49f60bf337cd3b057ffe75c21b824a1b47b&ds=tt015&v=8.0.0.40&lang=de&pr=sa&d=2011-11-17%2020%3A28%3A44&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Eltern\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 16:23:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 10:40:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/20 19:46:54 | 000,000,000 | ---D | M] [2010/10/29 16:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Extensions [2012/01/07 16:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions [2011/07/30 12:22:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/01/23 13:08:55 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\2020Player@2020Technologies.com [2012/01/07 16:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ELTERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YHHRYH7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/01/07 16:23:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/11/06 08:22:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/19 09:06:53 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/06 08:22:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/06 08:22:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/11/06 08:22:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/06 08:22:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/06 08:22:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/10/30 17:03:21 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFADFBD-564F-4624-8BBE-034BB1748FF2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DT ACR - hkey= - key= - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: NapsterShell - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/01/07 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Eltern\Desktop\TrojanTools [2012/01/02 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/19 09:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2011/12/10 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2011/12/10 12:56:58 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011/12/10 12:56:57 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll ========== Files - Modified Within 30 Days ========== [2012/01/07 16:29:21 | 000,859,940 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012/01/07 16:24:29 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/07 16:24:29 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/07 16:22:37 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/07 16:22:37 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/01/07 16:22:37 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/07 16:22:37 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/01/07 16:22:37 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/07 16:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Eltern\defogger_reenable [2012/01/07 16:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/07 16:16:56 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012/01/05 18:42:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001UA.job [2012/01/04 20:28:13 | 000,000,680 | RHS- | M] () -- C:\Users\Eltern\ntuser.pol [2012/01/03 12:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001Core.job [2011/12/27 16:51:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEltern.job [2011/12/20 19:37:40 | 003,775,065 | ---- | M] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf [2011/12/14 12:23:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011/12/14 12:23:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011/12/14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011/12/14 11:51:30 | 000,687,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/11 13:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2012/01/07 16:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Eltern\defogger_reenable [2011/12/20 19:37:40 | 003,775,065 | ---- | C] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf [2011/08/10 18:29:52 | 000,002,528 | ---- | C] () -- C:\Users\Eltern\AppData\Roaming\$_hpcst$.hpc [2011/04/29 18:27:03 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll [2011/04/29 18:27:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll [2011/02/18 15:09:55 | 000,000,142 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011/02/18 15:09:55 | 000,000,123 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011/02/18 15:09:49 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011/02/02 19:18:54 | 000,005,632 | ---- | C] () -- C:\Users\Eltern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/08 14:32:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2010/12/26 14:48:22 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2010/12/22 19:50:23 | 000,000,022 | ---- | C] () -- C:\Windows\emgtech.ini [2010/12/22 19:45:59 | 000,381,952 | ---- | C] () -- C:\Windows\c4dll.dll [2010/12/22 19:45:59 | 000,002,430 | ---- | C] () -- C:\Windows\Xfiler32.ini [2010/12/22 19:45:59 | 000,000,069 | ---- | C] () -- C:\Windows\Avintray.ini [2010/12/17 09:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI [2010/12/17 09:44:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE [2010/10/31 18:17:41 | 000,003,315 | ---- | C] () -- C:\Windows\uninstall_sca1.ini [2010/10/31 18:13:03 | 000,000,485 | ---- | C] () -- C:\Windows\uninstall_USAirports.ini [2010/10/29 17:15:13 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat [2010/10/29 17:15:13 | 000,059,681 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat [2010/10/29 17:15:13 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat [2010/10/29 17:15:07 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys [2010/10/29 17:15:07 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2010/10/29 17:15:07 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat [2010/10/29 17:15:06 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2010/10/29 16:42:46 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/29 15:02:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/10/09 18:28:12 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/09 18:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/10/09 17:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5 [2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis [2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo [2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint [2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune [2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft [2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers [2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular [2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames [2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron [2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn [2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView [2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst [2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung [2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client [2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer [2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP [2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software [2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent [2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch [2011/11/14 19:01:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/02/02 19:19:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011/01/23 22:31:58 | 000,000,000 | ---D | M] -- C:\7d0688f19e5bdf2f042bb70a7d5b [2010/10/30 16:34:00 | 000,000,000 | ---D | M] -- C:\AdobePhotoIso [2011/04/29 18:33:00 | 000,000,000 | ---D | M] -- C:\Auerswald [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/08/03 16:45:53 | 000,000,000 | ---D | M] -- C:\Download [2010/11/27 14:51:58 | 000,000,000 | RHSD | M] -- C:\hp [2010/11/26 19:26:34 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/05/24 18:17:18 | 000,000,000 | ---D | M] -- C:\PaperCom32 [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011/12/20 19:46:47 | 000,000,000 | R--D | M] -- C:\Program Files [2012/01/02 10:52:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/01/02 10:52:39 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/01/22 14:11:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER [2011/01/30 14:56:29 | 000,000,000 | ---D | M] -- C:\swsetup [2011/07/24 16:36:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010/10/29 15:10:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011/07/29 11:00:11 | 000,000,000 | ---D | M] -- C:\TEMP [2010/11/02 19:50:11 | 000,000,000 | ---D | M] -- C:\Unsere Daten [2010/10/29 20:41:04 | 000,000,000 | R--D | M] -- C:\Users [2010/10/31 19:45:19 | 000,000,000 | ---D | M] -- C:\VistaMare [2011/06/05 14:49:37 | 000,000,000 | ---D | M] -- C:\VueScan [2012/01/02 11:48:08 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: AFD.SYS > [2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys [2009/07/14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys [2010/11/20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys [2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys [2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys [2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys [2011/04/25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys < MD5 for: EXPLORER.EXE > [2010/10/09 18:16:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2010/10/09 18:19:02 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2010/10/09 18:16:40 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010/10/09 18:14:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010/10/09 18:19:02 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010/10/09 18:14:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2010/10/09 18:19:02 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010/10/09 18:14:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2010/10/09 18:19:02 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2010/10/09 18:16:40 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010/10/09 18:14:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2010/10/09 18:16:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < > < End of report >
__________________ Don´t Panic! |
|
07.01.2012, 17:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ --> Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert |
|
07.01.2012, 18:53
| #7 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Hallo hier schon mal der Log von Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.07.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Eltern :: ELTERN-HP [Administrator] Schutz: Aktiviert 07.01.2012 17:16:16 mbam-log-2012-01-07 (17-16-16).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 606527 Laufzeit: 1 Stunde(n), 22 Minute(n), 29 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 2 HKCU\SOFTWARE\Policies\Microsoft\Windows\System|DisableCMD (PUM.Hijack.CMDPrompt) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 G:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für olba.zip\lebor_lc_cst\CoastlineLandclassFS2004.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende)
__________________ Don´t Panic! |
|
07.01.2012, 21:03
| #8 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Hier jetzt der Log von eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c429b184af129e4d8589ac507fe0f7d6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 06:33:37
# local_time=2012-01-07 07:33:37 (+0100, Mitteleurop�ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 32315086 32315086 0 0
# compatibility_mode=5893 16776573 100 94 4307 77589582 0 0
# compatibility_mode=8204 39157181 100 74 6621 9270496 0 0
# scanned=129854
# found=0
# cleaned=0
# scan_time=1506
# nod_component=V3 Build:0x30000000
__________________ Don´t Panic! |
|
07.01.2012, 21:06
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2012, 11:59
| #10 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Hallo Arne, hier der OTL Log: Code:
ATTFilter OTL logfile created on: 1/8/2012 11:41:38 AM - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Eltern\Desktop\TrojanTools 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.17% Memory free 8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.05% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 606.84 Gb Total Space | 523.89 Gb Free Space | 86.33% Space Free | Partition Type: NTFS Drive D: | 13.29 Gb Total Space | 1.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS Drive F: | 78.40 Gb Total Space | 78.31 Gb Free Space | 99.88% Space Free | Partition Type: NTFS Drive G: | 97.65 Gb Total Space | 38.43 Gb Free Space | 39.35% Space Free | Partition Type: NTFS Drive H: | 135.22 Gb Total Space | 134.75 Gb Free Space | 99.66% Space Free | Partition Type: NTFS Computer Name: ELTERN-HP | User Name: Eltern | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/01/06 22:16:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eltern\Desktop\TrojanTools\OTL.exe PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe PRC - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010/12/06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2010/12/06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2010/11/16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe PRC - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe PRC - [2009/07/14 00:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe ========== Modules (No Company Name) ========== MOD - [2010/12/06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp) SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn) SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/03/05 01:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp) SRV:64bit: - [2010/03/05 01:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2011/12/14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp) SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service) SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe) SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010/12/06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService) SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010/08/25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon) SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC) SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/01/23 15:51:35 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2011/01/23 15:51:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) DRV:64bit: - [2011/01/23 15:51:28 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2011/01/23 15:51:24 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk) DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM) DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET) DRV:64bit: - [2009/09/21 12:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb) DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011/11/08 21:25:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2010/06/10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.gmx.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9 FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0 FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4 FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110608 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb49f690e-aa79-4055-9f1c-f067e5ad9520%7D&mid=8efc22c0075147d1b29da138fa8b9963-1d1dc49f60bf337cd3b057ffe75c21b824a1b47b&ds=tt015&v=8.0.0.40&lang=de&pr=sa&d=2011-11-17%2020%3A28%3A44&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Eltern\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 16:23:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 10:40:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/20 19:46:54 | 000,000,000 | ---D | M] [2010/10/29 16:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Extensions [2012/01/07 18:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions [2011/07/30 12:22:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/01/23 13:08:55 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\2020Player@2020Technologies.com [2012/01/07 16:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions () (No name found) -- C:\USERS\ELTERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YHHRYH7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012/01/07 16:23:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011/11/06 08:22:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/19 09:06:53 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2011/11/06 08:22:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011/11/06 08:22:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/11/06 08:22:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011/11/06 08:22:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011/11/06 08:22:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010/10/30 17:03:21 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll () O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET) O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard) O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFADFBD-564F-4624-8BBE-034BB1748FF2}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:64bit: - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27:64bit: - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O27 - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DT ACR - hkey= - key= - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe () MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: NapsterShell - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= - File not found MsConfig:64bit - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe () MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "bootini" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Error creating restore point. ========== Files/Folders - Created Within 30 Days ========== [2012/01/07 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/01/07 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Eltern\AppData\Roaming\Malwarebytes [2012/01/07 17:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/07 17:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/07 17:11:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012/01/07 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012/01/07 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Eltern\Desktop\TrojanTools [2012/01/02 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/12/19 09:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2011/12/10 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2011/12/10 12:56:58 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011/12/10 12:56:57 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll ========== Files - Modified Within 30 Days ========== [2012/01/08 11:43:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/01/08 11:43:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/01/08 11:42:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001UA.job [2012/01/08 11:40:27 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/01/08 11:40:27 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/01/08 11:40:27 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/01/08 11:40:27 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/01/08 11:40:27 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/01/08 11:36:17 | 000,964,753 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err [2012/01/08 11:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/01/08 11:35:39 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2012/01/07 18:54:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEltern.job [2012/01/07 17:11:30 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/07 16:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Eltern\defogger_reenable [2012/01/04 20:28:13 | 000,000,680 | RHS- | M] () -- C:\Users\Eltern\ntuser.pol [2012/01/03 12:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001Core.job [2011/12/20 19:37:40 | 003,775,065 | ---- | M] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf [2011/12/14 12:23:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2011/12/14 12:23:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2011/12/14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2011/12/14 11:51:30 | 000,687,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011/12/11 13:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012/01/07 17:11:30 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012/01/07 16:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Eltern\defogger_reenable [2011/12/20 19:37:40 | 003,775,065 | ---- | C] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf [2011/08/10 18:29:52 | 000,002,528 | ---- | C] () -- C:\Users\Eltern\AppData\Roaming\$_hpcst$.hpc [2011/04/29 18:27:03 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll [2011/04/29 18:27:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll [2011/02/18 15:09:55 | 000,000,142 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2011/02/18 15:09:55 | 000,000,123 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2011/02/18 15:09:49 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2011/02/02 19:18:54 | 000,005,632 | ---- | C] () -- C:\Users\Eltern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/01/08 14:32:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2010/12/26 14:48:22 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys [2010/12/22 19:50:23 | 000,000,022 | ---- | C] () -- C:\Windows\emgtech.ini [2010/12/22 19:45:59 | 000,381,952 | ---- | C] () -- C:\Windows\c4dll.dll [2010/12/22 19:45:59 | 000,002,430 | ---- | C] () -- C:\Windows\Xfiler32.ini [2010/12/22 19:45:59 | 000,000,069 | ---- | C] () -- C:\Windows\Avintray.ini [2010/12/17 09:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI [2010/12/17 09:44:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE [2010/10/31 18:17:41 | 000,003,315 | ---- | C] () -- C:\Windows\uninstall_sca1.ini [2010/10/31 18:13:03 | 000,000,485 | ---- | C] () -- C:\Windows\uninstall_USAirports.ini [2010/10/29 17:15:13 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat [2010/10/29 17:15:13 | 000,059,681 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat [2010/10/29 17:15:13 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat [2010/10/29 17:15:07 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys [2010/10/29 17:15:07 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2010/10/29 17:15:07 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat [2010/10/29 17:15:06 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2010/10/29 16:42:46 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/10/29 15:02:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2010/10/09 18:28:12 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2010/10/09 18:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2010/10/09 17:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys ========== LOP Check ========== [2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5 [2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis [2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo [2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint [2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune [2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft [2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers [2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular [2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames [2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron [2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn [2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView [2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst [2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung [2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client [2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer [2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP [2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software [2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent [2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch [2011/11/14 19:01:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5 [2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis [2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Adobe [2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo [2010/10/29 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ATI [2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint [2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/07/22 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CyberLink [2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune [2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft [2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers [2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular [2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames [2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron [2011/01/30 14:48:56 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Hewlett-Packard [2012/01/07 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\HP Support Assistant [2011/01/30 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\hpqLog [2012/01/07 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\HpUpdate [2010/10/29 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Identities [2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn [2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView [2010/10/29 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Macromedia [2012/01/07 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Malwarebytes [2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Media Center Programs [2011/08/21 17:09:28 | 000,000,000 | --SD | M] -- C:\Users\Eltern\AppData\Roaming\Microsoft [2010/10/29 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Mozilla [2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst [2010/10/30 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PSpad [2010/12/22 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Roxio [2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung [2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client [2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer [2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP [2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software [2011/07/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\vlc [2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent [2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch [2011/04/29 21:37:31 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010/10/30 16:48:33 | 000,038,784 | ---- | M] () -- C:\Users\Eltern\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2010/10/09 18:26:47 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2010/10/09 18:26:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2010/10/09 18:26:47 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2010/10/09 18:26:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report >
__________________ Don´t Panic! |
|
08.01.2012, 20:12
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.01.2012, 22:01
| #12 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert TDSS-Killer durchgelaufen bei Win7, aber ohne Befund?! Zur Sicherheit hier der Log von Win7: Code:
ATTFilter 21:34:53.0996 4508 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:34:54.0168 4508 ============================================================
21:34:54.0168 4508 Current date / time: 2012/01/08 21:34:54.0168
21:34:54.0168 4508 SystemInfo:
21:34:54.0168 4508
21:34:54.0168 4508 OS Version: 6.1.7601 ServicePack: 1.0
21:34:54.0168 4508 Product type: Workstation
21:34:54.0168 4508 ComputerName: ELTERN-HP
21:34:54.0168 4508 UserName: Eltern
21:34:54.0168 4508 Windows directory: C:\Windows
21:34:54.0168 4508 System windows directory: C:\Windows
21:34:54.0168 4508 Running under WOW64
21:34:54.0168 4508 Processor architecture: Intel x64
21:34:54.0168 4508 Number of processors: 4
21:34:54.0168 4508 Page size: 0x1000
21:34:54.0168 4508 Boot type: Normal boot
21:34:54.0168 4508 ============================================================
21:34:54.0995 4508 Initialize success
21:35:45.0851 4152 ============================================================
21:35:45.0851 4152 Scan started
21:35:45.0851 4152 Mode: Manual; SigCheck; TDLFS;
21:35:45.0851 4152 ============================================================
21:35:46.0085 4152 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:46.0147 4152 1394ohci - ok
21:35:46.0178 4152 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:46.0194 4152 ACPI - ok
21:35:46.0209 4152 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:46.0241 4152 AcpiPmi - ok
21:35:46.0287 4152 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:46.0303 4152 adp94xx - ok
21:35:46.0319 4152 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:46.0319 4152 adpahci - ok
21:35:46.0334 4152 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:46.0350 4152 adpu320 - ok
21:35:46.0397 4152 afcdp (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
21:35:46.0412 4152 afcdp - ok
21:35:46.0459 4152 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:35:46.0490 4152 AFD - ok
21:35:46.0506 4152 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:46.0521 4152 agp440 - ok
21:35:46.0537 4152 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:46.0537 4152 aliide - ok
21:35:46.0553 4152 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:46.0568 4152 amdide - ok
21:35:46.0584 4152 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:46.0584 4152 AmdK8 - ok
21:35:46.0709 4152 amdkmdag (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:46.0865 4152 amdkmdag - ok
21:35:46.0880 4152 amdkmdap (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:46.0896 4152 amdkmdap - ok
21:35:46.0896 4152 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:46.0927 4152 AmdPPM - ok
21:35:46.0958 4152 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:35:46.0974 4152 amdsata - ok
21:35:46.0974 4152 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:46.0989 4152 amdsbs - ok
21:35:47.0005 4152 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:35:47.0005 4152 amdxata - ok
21:35:47.0036 4152 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:47.0067 4152 AppID - ok
21:35:47.0099 4152 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:47.0099 4152 arc - ok
21:35:47.0114 4152 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:47.0130 4152 arcsas - ok
21:35:47.0145 4152 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:47.0177 4152 AsyncMac - ok
21:35:47.0192 4152 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:47.0208 4152 atapi - ok
21:35:47.0239 4152 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
21:35:47.0255 4152 AtiHdmiService - ok
21:35:47.0270 4152 auusb (f8a87be34ecd676e22d4178042bf8fd5) C:\Windows\system32\DRIVERS\auusb.sys
21:35:47.0286 4152 auusb - ok
21:35:47.0301 4152 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:47.0364 4152 b06bdrv - ok
21:35:47.0395 4152 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:47.0411 4152 b57nd60a - ok
21:35:47.0442 4152 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:47.0473 4152 Beep - ok
21:35:47.0504 4152 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:47.0520 4152 blbdrive - ok
21:35:47.0535 4152 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:47.0551 4152 bowser - ok
21:35:47.0551 4152 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:47.0567 4152 BrFiltLo - ok
21:35:47.0582 4152 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:47.0598 4152 BrFiltUp - ok
21:35:47.0629 4152 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:47.0660 4152 Brserid - ok
21:35:47.0676 4152 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:47.0676 4152 BrSerWdm - ok
21:35:47.0691 4152 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:47.0707 4152 BrUsbMdm - ok
21:35:47.0738 4152 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:47.0754 4152 BrUsbSer - ok
21:35:47.0769 4152 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:47.0769 4152 BTHMODEM - ok
21:35:47.0816 4152 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:47.0832 4152 cdfs - ok
21:35:47.0863 4152 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:35:47.0879 4152 cdrom - ok
21:35:47.0894 4152 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:47.0910 4152 circlass - ok
21:35:47.0957 4152 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:47.0957 4152 CLFS - ok
21:35:47.0972 4152 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:48.0003 4152 CmBatt - ok
21:35:48.0019 4152 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:48.0019 4152 cmdide - ok
21:35:48.0050 4152 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:35:48.0066 4152 CNG - ok
21:35:48.0081 4152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:48.0097 4152 Compbatt - ok
21:35:48.0113 4152 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:48.0144 4152 CompositeBus - ok
21:35:48.0159 4152 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:48.0159 4152 crcdisk - ok
21:35:48.0206 4152 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:48.0253 4152 DfsC - ok
21:35:48.0269 4152 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:48.0300 4152 discache - ok
21:35:48.0300 4152 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:48.0315 4152 Disk - ok
21:35:48.0347 4152 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:48.0362 4152 drmkaud - ok
21:35:48.0409 4152 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:48.0425 4152 DXGKrnl - ok
21:35:48.0456 4152 eamonm (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
21:35:48.0456 4152 eamonm - ok
21:35:48.0518 4152 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:48.0627 4152 ebdrv - ok
21:35:48.0690 4152 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
21:35:48.0690 4152 ehdrv - ok
21:35:48.0721 4152 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:48.0737 4152 elxstor - ok
21:35:48.0768 4152 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
21:35:48.0768 4152 epfwwfpr - ok
21:35:48.0799 4152 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:48.0815 4152 ErrDev - ok
21:35:48.0846 4152 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:48.0877 4152 exfat - ok
21:35:48.0893 4152 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:48.0939 4152 fastfat - ok
21:35:48.0955 4152 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:48.0971 4152 fdc - ok
21:35:49.0002 4152 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:49.0002 4152 FileInfo - ok
21:35:49.0017 4152 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:49.0064 4152 Filetrace - ok
21:35:49.0064 4152 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:49.0080 4152 flpydisk - ok
21:35:49.0095 4152 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:49.0111 4152 FltMgr - ok
21:35:49.0142 4152 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:49.0142 4152 FsDepends - ok
21:35:49.0158 4152 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:49.0173 4152 Fs_Rec - ok
21:35:49.0189 4152 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:49.0189 4152 fvevol - ok
21:35:49.0205 4152 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:49.0220 4152 gagp30kx - ok
21:35:49.0236 4152 GMSIPCI - ok
21:35:49.0267 4152 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:49.0298 4152 hcw85cir - ok
21:35:49.0329 4152 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:35:49.0345 4152 HdAudAddService - ok
21:35:49.0376 4152 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:49.0392 4152 HDAudBus - ok
21:35:49.0407 4152 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:49.0439 4152 HidBatt - ok
21:35:49.0454 4152 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:49.0470 4152 HidBth - ok
21:35:49.0485 4152 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:49.0501 4152 HidIr - ok
21:35:49.0532 4152 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:35:49.0548 4152 HidUsb - ok
21:35:49.0595 4152 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:49.0595 4152 HpSAMD - ok
21:35:49.0626 4152 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:49.0673 4152 HTTP - ok
21:35:49.0688 4152 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:49.0688 4152 hwpolicy - ok
21:35:49.0704 4152 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:35:49.0719 4152 i8042prt - ok
21:35:49.0751 4152 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:49.0766 4152 iaStorV - ok
21:35:49.0782 4152 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:49.0797 4152 iirsp - ok
21:35:49.0844 4152 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:49.0891 4152 IntcAzAudAddService - ok
21:35:49.0907 4152 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:49.0907 4152 intelide - ok
21:35:49.0938 4152 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:49.0953 4152 intelppm - ok
21:35:49.0985 4152 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:50.0016 4152 IpFilterDriver - ok
21:35:50.0016 4152 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:50.0031 4152 IPMIDRV - ok
21:35:50.0047 4152 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:50.0094 4152 IPNAT - ok
21:35:50.0109 4152 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:50.0125 4152 IRENUM - ok
21:35:50.0156 4152 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:50.0156 4152 isapnp - ok
21:35:50.0172 4152 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:50.0187 4152 iScsiPrt - ok
21:35:50.0203 4152 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:35:50.0203 4152 kbdclass - ok
21:35:50.0219 4152 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:35:50.0250 4152 kbdhid - ok
21:35:50.0281 4152 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:35:50.0281 4152 KSecDD - ok
21:35:50.0312 4152 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:50.0328 4152 KSecPkg - ok
21:35:50.0328 4152 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:50.0359 4152 ksthunk - ok
21:35:50.0406 4152 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:50.0453 4152 lltdio - ok
21:35:50.0468 4152 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:50.0484 4152 LSI_FC - ok
21:35:50.0499 4152 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:50.0515 4152 LSI_SAS - ok
21:35:50.0531 4152 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:50.0531 4152 LSI_SAS2 - ok
21:35:50.0546 4152 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:50.0562 4152 LSI_SCSI - ok
21:35:50.0577 4152 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:50.0593 4152 luafv - ok
21:35:50.0640 4152 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:35:50.0640 4152 MBAMProtector - ok
21:35:50.0655 4152 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:50.0671 4152 megasas - ok
21:35:50.0671 4152 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:50.0687 4152 MegaSR - ok
21:35:50.0702 4152 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:50.0733 4152 Modem - ok
21:35:50.0749 4152 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:50.0765 4152 monitor - ok
21:35:50.0780 4152 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:35:50.0780 4152 mouclass - ok
21:35:50.0796 4152 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:50.0811 4152 mouhid - ok
21:35:50.0811 4152 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:50.0827 4152 mountmgr - ok
21:35:50.0843 4152 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:50.0843 4152 mpio - ok
21:35:50.0858 4152 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:50.0889 4152 mpsdrv - ok
21:35:50.0921 4152 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:50.0967 4152 MRxDAV - ok
21:35:50.0983 4152 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:50.0999 4152 mrxsmb - ok
21:35:51.0030 4152 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:51.0045 4152 mrxsmb10 - ok
21:35:51.0061 4152 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:51.0061 4152 mrxsmb20 - ok
21:35:51.0077 4152 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:51.0092 4152 msahci - ok
21:35:51.0108 4152 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:51.0108 4152 msdsm - ok
21:35:51.0139 4152 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:51.0155 4152 Msfs - ok
21:35:51.0186 4152 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:51.0217 4152 mshidkmdf - ok
21:35:51.0233 4152 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:51.0233 4152 msisadrv - ok
21:35:51.0264 4152 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:51.0295 4152 MSKSSRV - ok
21:35:51.0311 4152 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:51.0342 4152 MSPCLOCK - ok
21:35:51.0342 4152 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:51.0389 4152 MSPQM - ok
21:35:51.0435 4152 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:51.0451 4152 MsRPC - ok
21:35:51.0467 4152 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:51.0467 4152 mssmbios - ok
21:35:51.0482 4152 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:51.0513 4152 MSTEE - ok
21:35:51.0529 4152 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:51.0545 4152 MTConfig - ok
21:35:51.0560 4152 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:51.0560 4152 Mup - ok
21:35:51.0591 4152 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:51.0623 4152 NativeWifiP - ok
21:35:51.0669 4152 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:51.0685 4152 NDIS - ok
21:35:51.0716 4152 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:51.0732 4152 NdisCap - ok
21:35:51.0763 4152 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:51.0779 4152 NdisTapi - ok
21:35:51.0810 4152 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:51.0825 4152 Ndisuio - ok
21:35:51.0857 4152 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:51.0888 4152 NdisWan - ok
21:35:51.0919 4152 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:51.0950 4152 NDProxy - ok
21:35:51.0966 4152 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:51.0997 4152 NetBIOS - ok
21:35:51.0997 4152 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:52.0028 4152 NetBT - ok
21:35:52.0059 4152 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:52.0059 4152 nfrd960 - ok
21:35:52.0075 4152 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:52.0106 4152 Npfs - ok
21:35:52.0153 4152 NPF_devolo (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
21:35:52.0153 4152 NPF_devolo - ok
21:35:52.0200 4152 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:52.0247 4152 nsiproxy - ok
21:35:52.0293 4152 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:52.0340 4152 Ntfs - ok
21:35:52.0340 4152 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:52.0387 4152 Null - ok
21:35:52.0418 4152 NVNET (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:35:52.0418 4152 NVNET - ok
21:35:52.0449 4152 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:52.0465 4152 nvraid - ok
21:35:52.0481 4152 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:52.0481 4152 nvstor - ok
21:35:52.0512 4152 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
21:35:52.0512 4152 nvstor64 - ok
21:35:52.0527 4152 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:52.0543 4152 nv_agp - ok
21:35:52.0559 4152 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:52.0574 4152 ohci1394 - ok
21:35:52.0605 4152 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:52.0621 4152 Parport - ok
21:35:52.0637 4152 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:35:52.0652 4152 partmgr - ok
21:35:52.0652 4152 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:52.0668 4152 pci - ok
21:35:52.0683 4152 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:52.0683 4152 pciide - ok
21:35:52.0699 4152 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:52.0715 4152 pcmcia - ok
21:35:52.0730 4152 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:52.0730 4152 pcw - ok
21:35:52.0777 4152 PdiPorts (25fd4d8109114266a610fd1088bfd522) C:\Windows\system32\DRIVERS\PdiPorts.sys
21:35:52.0777 4152 PdiPorts - ok
21:35:52.0808 4152 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:52.0855 4152 PEAUTH - ok
21:35:52.0902 4152 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:52.0933 4152 PptpMiniport - ok
21:35:52.0949 4152 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:52.0964 4152 Processor - ok
21:35:52.0995 4152 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:53.0027 4152 Psched - ok
21:35:53.0058 4152 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:35:53.0058 4152 PxHlpa64 - ok
21:35:53.0105 4152 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:53.0151 4152 ql2300 - ok
21:35:53.0151 4152 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:53.0167 4152 ql40xx - ok
21:35:53.0183 4152 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:53.0214 4152 QWAVEdrv - ok
21:35:53.0229 4152 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:53.0261 4152 RasAcd - ok
21:35:53.0292 4152 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:53.0307 4152 RasAgileVpn - ok
21:35:53.0339 4152 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:53.0370 4152 Rasl2tp - ok
21:35:53.0370 4152 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:53.0401 4152 RasPppoe - ok
21:35:53.0417 4152 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:53.0448 4152 RasSstp - ok
21:35:53.0479 4152 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:53.0510 4152 rdbss - ok
21:35:53.0541 4152 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:53.0541 4152 rdpbus - ok
21:35:53.0573 4152 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:53.0588 4152 RDPCDD - ok
21:35:53.0604 4152 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:53.0635 4152 RDPENCDD - ok
21:35:53.0651 4152 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:53.0682 4152 RDPREFMP - ok
21:35:53.0713 4152 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:35:53.0729 4152 RDPWD - ok
21:35:53.0760 4152 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:53.0775 4152 rdyboost - ok
21:35:53.0791 4152 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:53.0838 4152 rspndr - ok
21:35:53.0869 4152 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:53.0869 4152 sbp2port - ok
21:35:53.0900 4152 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:53.0931 4152 scfilter - ok
21:35:53.0947 4152 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:53.0978 4152 secdrv - ok
21:35:53.0994 4152 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:54.0009 4152 Serenum - ok
21:35:54.0025 4152 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:54.0041 4152 Serial - ok
21:35:54.0072 4152 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:54.0087 4152 sermouse - ok
21:35:54.0119 4152 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:54.0150 4152 sffdisk - ok
21:35:54.0165 4152 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:54.0181 4152 sffp_mmc - ok
21:35:54.0197 4152 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:54.0212 4152 sffp_sd - ok
21:35:54.0228 4152 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:54.0243 4152 sfloppy - ok
21:35:54.0290 4152 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:35:54.0290 4152 Sftfs - ok
21:35:54.0337 4152 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:35:54.0353 4152 Sftplay - ok
21:35:54.0368 4152 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:35:54.0368 4152 Sftredir - ok
21:35:54.0384 4152 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:35:54.0384 4152 Sftvol - ok
21:35:54.0446 4152 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:54.0446 4152 SiSRaid2 - ok
21:35:54.0477 4152 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:54.0493 4152 SiSRaid4 - ok
21:35:54.0509 4152 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:54.0540 4152 Smb - ok
21:35:54.0571 4152 snapman (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
21:35:54.0571 4152 snapman - ok
21:35:54.0587 4152 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:54.0587 4152 spldr - ok
21:35:54.0618 4152 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:54.0633 4152 srv - ok
21:35:54.0649 4152 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:54.0680 4152 srv2 - ok
21:35:54.0696 4152 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:54.0727 4152 srvnet - ok
21:35:54.0758 4152 ss_bbus (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
21:35:54.0774 4152 ss_bbus - ok
21:35:54.0789 4152 ss_bmdfl (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
21:35:54.0789 4152 ss_bmdfl - ok
21:35:54.0805 4152 ss_bmdm (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
21:35:54.0821 4152 ss_bmdm - ok
21:35:54.0836 4152 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:54.0836 4152 stexstor - ok
21:35:54.0867 4152 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:54.0883 4152 swenum - ok
21:35:54.0945 4152 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:35:54.0992 4152 Tcpip - ok
21:35:55.0039 4152 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:55.0070 4152 TCPIP6 - ok
21:35:55.0086 4152 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:55.0133 4152 tcpipreg - ok
21:35:55.0148 4152 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:55.0179 4152 TDPIPE - ok
21:35:55.0226 4152 tdrpman273 (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
21:35:55.0257 4152 tdrpman273 - ok
21:35:55.0257 4152 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:35:55.0289 4152 TDTCP - ok
21:35:55.0320 4152 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:55.0351 4152 tdx - ok
21:35:55.0382 4152 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:55.0382 4152 TermDD - ok
21:35:55.0398 4152 TFsExDisk (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
21:35:55.0413 4152 TFsExDisk - ok
21:35:55.0445 4152 timounter (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
21:35:55.0460 4152 timounter - ok
21:35:55.0491 4152 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:55.0538 4152 tssecsrv - ok
21:35:55.0554 4152 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:55.0569 4152 TsUsbFlt - ok
21:35:55.0616 4152 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
21:35:55.0616 4152 TuneUpUtilitiesDrv - ok
21:35:55.0647 4152 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:55.0679 4152 tunnel - ok
21:35:55.0694 4152 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:55.0710 4152 uagp35 - ok
21:35:55.0741 4152 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:55.0772 4152 udfs - ok
21:35:55.0788 4152 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:55.0803 4152 uliagpkx - ok
21:35:55.0819 4152 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:55.0835 4152 umbus - ok
21:35:55.0835 4152 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:55.0866 4152 UmPass - ok
21:35:55.0881 4152 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:55.0897 4152 usbccgp - ok
21:35:55.0928 4152 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:55.0944 4152 usbcir - ok
21:35:55.0959 4152 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:55.0959 4152 usbehci - ok
21:35:55.0991 4152 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:56.0006 4152 usbhub - ok
21:35:56.0022 4152 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:56.0037 4152 usbohci - ok
21:35:56.0053 4152 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:56.0069 4152 usbprint - ok
21:35:56.0084 4152 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:56.0131 4152 USBSTOR - ok
21:35:56.0131 4152 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:56.0147 4152 usbuhci - ok
21:35:56.0193 4152 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:56.0193 4152 vdrvroot - ok
21:35:56.0209 4152 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:56.0225 4152 vga - ok
21:35:56.0240 4152 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:56.0271 4152 VgaSave - ok
21:35:56.0287 4152 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:56.0303 4152 vhdmp - ok
21:35:56.0318 4152 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:56.0318 4152 viaide - ok
21:35:56.0334 4152 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:56.0334 4152 volmgr - ok
21:35:56.0365 4152 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:56.0365 4152 volmgrx - ok
21:35:56.0381 4152 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:56.0396 4152 volsnap - ok
21:35:56.0427 4152 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:56.0443 4152 vsmraid - ok
21:35:56.0459 4152 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:35:56.0459 4152 vwifibus - ok
21:35:56.0474 4152 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:56.0505 4152 WacomPen - ok
21:35:56.0537 4152 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:56.0568 4152 WANARP - ok
21:35:56.0568 4152 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:56.0583 4152 Wanarpv6 - ok
21:35:56.0599 4152 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:35:56.0615 4152 Wd - ok
21:35:56.0630 4152 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:35:56.0646 4152 Wdf01000 - ok
21:35:56.0677 4152 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:56.0693 4152 WfpLwf - ok
21:35:56.0708 4152 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:35:56.0724 4152 WIMMount - ok
21:35:56.0755 4152 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:35:56.0771 4152 WmiAcpi - ok
21:35:56.0817 4152 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:56.0849 4152 ws2ifsl - ok
21:35:56.0880 4152 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:35:56.0911 4152 WudfPf - ok
21:35:56.0927 4152 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:56.0958 4152 WUDFRd - ok
21:35:56.0973 4152 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:35:57.0083 4152 \Device\Harddisk0\DR0 - ok
21:35:57.0083 4152 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
21:35:57.0317 4152 \Device\Harddisk1\DR1 - ok
21:35:57.0332 4152 Boot (0x1200) (ca7eb2cd50a82d6a5a6d989057010092) \Device\Harddisk0\DR0\Partition0
21:35:57.0332 4152 \Device\Harddisk0\DR0\Partition0 - ok
21:35:57.0348 4152 Boot (0x1200) (7d423beeb74d136e1fd7970cb7c512b2) \Device\Harddisk0\DR0\Partition1
21:35:57.0348 4152 \Device\Harddisk0\DR0\Partition1 - ok
21:35:57.0379 4152 Boot (0x1200) (d9f6c977189804591ac3bd0a13d0ebc4) \Device\Harddisk0\DR0\Partition2
21:35:57.0379 4152 \Device\Harddisk0\DR0\Partition2 - ok
21:35:57.0395 4152 Boot (0x1200) (ff55e34dd0b0386560d6f09d36e81b71) \Device\Harddisk0\DR0\Partition3
21:35:57.0395 4152 \Device\Harddisk0\DR0\Partition3 - ok
21:35:57.0395 4152 Boot (0x1200) (bb77d96d69d4486575c43feca92f8020) \Device\Harddisk1\DR1\Partition0
21:35:57.0410 4152 \Device\Harddisk1\DR1\Partition0 - ok
21:35:57.0410 4152 Boot (0x1200) (0b26dbc4dae260870ab7714eef214aa3) \Device\Harddisk1\DR1\Partition1
21:35:57.0410 4152 \Device\Harddisk1\DR1\Partition1 - ok
21:35:57.0410 4152 ============================================================
21:35:57.0410 4152 Scan finished
21:35:57.0410 4152 ============================================================
21:35:57.0410 4324 Detected object count: 0
21:35:57.0410 4324 Actual detected object count: 0
Code:
ATTFilter 21:54:02.0921 2744 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:54:02.0953 2744 ============================================================
21:54:02.0953 2744 Current date / time: 2012/01/08 21:54:02.0953
21:54:02.0953 2744 SystemInfo:
21:54:02.0953 2744
21:54:02.0953 2744 OS Version: 5.1.2600 ServicePack: 3.0
21:54:02.0953 2744 Product type: Workstation
21:54:02.0953 2744 ComputerName: FLUGSIMULATOR
21:54:02.0953 2744 UserName: Holger
21:54:02.0953 2744 Windows directory: D:\windows
21:54:02.0953 2744 System windows directory: D:\windows
21:54:02.0953 2744 Processor architecture: Intel x86
21:54:02.0953 2744 Number of processors: 4
21:54:02.0953 2744 Page size: 0x1000
21:54:02.0953 2744 Boot type: Normal boot
21:54:02.0953 2744 ============================================================
21:54:03.0406 2744 Initialize success
21:54:09.0500 2772 ============================================================
21:54:09.0500 2772 Scan started
21:54:09.0500 2772 Mode: Manual; SigCheck; TDLFS;
21:54:09.0500 2772 ============================================================
21:54:09.0593 2772 Abiosdsk - ok
21:54:09.0593 2772 abp480n5 - ok
21:54:09.0640 2772 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) D:\windows\system32\DRIVERS\ACPI.sys
21:54:10.0671 2772 ACPI - ok
21:54:10.0718 2772 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) D:\windows\system32\drivers\ACPIEC.sys
21:54:10.0859 2772 ACPIEC - ok
21:54:10.0859 2772 adpu160m - ok
21:54:10.0906 2772 aec (8bed39e3c35d6a489438b8141717a557) D:\windows\system32\drivers\aec.sys
21:54:10.0984 2772 aec - ok
21:54:11.0015 2772 AFD (1e44bc1e83d8fd2305f8d452db109cf9) D:\windows\System32\drivers\afd.sys
21:54:11.0109 2772 AFD - ok
21:54:11.0109 2772 Aha154x - ok
21:54:11.0125 2772 aic78u2 - ok
21:54:11.0125 2772 aic78xx - ok
21:54:11.0140 2772 AliIde - ok
21:54:11.0140 2772 amsint - ok
21:54:11.0156 2772 asc - ok
21:54:11.0156 2772 asc3350p - ok
21:54:11.0171 2772 asc3550 - ok
21:54:11.0187 2772 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) D:\windows\system32\DRIVERS\asyncmac.sys
21:54:11.0281 2772 AsyncMac - ok
21:54:11.0312 2772 atapi (9f3a2f5aa6875c72bf062c712cfa2674) D:\windows\system32\DRIVERS\atapi.sys
21:54:11.0390 2772 atapi - ok
21:54:11.0406 2772 Atdisk - ok
21:54:11.0515 2772 ati2mtag (3fff73a29663eda8ec7169a7cfde29f4) D:\windows\system32\DRIVERS\ati2mtag.sys
21:54:11.0703 2772 ati2mtag - ok
21:54:11.0781 2772 Atmarpc (9916c1225104ba14794209cfa8012159) D:\windows\system32\DRIVERS\atmarpc.sys
21:54:11.0875 2772 Atmarpc - ok
21:54:11.0906 2772 audstub (d9f724aa26c010a217c97606b160ed68) D:\windows\system32\DRIVERS\audstub.sys
21:54:11.0984 2772 audstub - ok
21:54:12.0046 2772 Beep (da1f27d85e0d1525f6621372e7b685e9) D:\windows\system32\drivers\Beep.sys
21:54:12.0156 2772 Beep - ok
21:54:12.0203 2772 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) D:\windows\system32\drivers\cbidf2k.sys
21:54:12.0328 2772 cbidf2k - ok
21:54:12.0484 2772 cd20xrnt - ok
21:54:12.0625 2772 Cdaudio (c1b486a7658353d33a10cc15211a873b) D:\windows\system32\drivers\Cdaudio.sys
21:54:12.0734 2772 Cdaudio - ok
21:54:12.0796 2772 Cdfs (c885b02847f5d2fd45a24e219ed93b32) D:\windows\system32\drivers\Cdfs.sys
21:54:12.0921 2772 Cdfs - ok
21:54:13.0031 2772 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) D:\windows\system32\DRIVERS\cdrom.sys
21:54:13.0109 2772 Cdrom - ok
21:54:13.0187 2772 cercsr6 (84853b3fd012251690570e9e7e43343f) D:\windows\system32\drivers\cercsr6.sys
21:54:13.0234 2772 cercsr6 ( UnsignedFile.Multi.Generic ) - warning
21:54:13.0234 2772 cercsr6 - detected UnsignedFile.Multi.Generic (1)
21:54:13.0281 2772 Changer - ok
21:54:13.0312 2772 CmdIde - ok
21:54:13.0375 2772 Cpqarray - ok
21:54:13.0437 2772 dac2w2k - ok
21:54:13.0500 2772 dac960nt - ok
21:54:13.0562 2772 Disk (044452051f3e02e7963599fc8f4f3e25) D:\windows\system32\DRIVERS\disk.sys
21:54:13.0656 2772 Disk - ok
21:54:13.0765 2772 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) D:\windows\system32\drivers\dmboot.sys
21:54:13.0968 2772 dmboot - ok
21:54:14.0046 2772 dmio (53720ab12b48719d00e327da470a619a) D:\windows\system32\drivers\dmio.sys
21:54:14.0203 2772 dmio - ok
21:54:14.0250 2772 dmload (e9317282a63ca4d188c0df5e09c6ac5f) D:\windows\system32\drivers\dmload.sys
21:54:14.0375 2772 dmload - ok
21:54:14.0453 2772 DMusic (8a208dfcf89792a484e76c40e5f50b45) D:\windows\system32\drivers\DMusic.sys
21:54:14.0546 2772 DMusic - ok
21:54:14.0578 2772 dpti2o - ok
21:54:14.0593 2772 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) D:\windows\system32\drivers\drmkaud.sys
21:54:14.0671 2772 drmkaud - ok
21:54:14.0718 2772 eamon (9309c5c9831203436e64cf2ae605c5d7) D:\windows\system32\DRIVERS\eamon.sys
21:54:14.0734 2772 eamon - ok
21:54:14.0781 2772 ehdrv (deff87f04ab5f6dd5edf2b80853bbe10) D:\windows\system32\DRIVERS\ehdrv.sys
21:54:14.0812 2772 ehdrv - ok
21:54:14.0843 2772 epfwtdir (06c65ac0a703cf8eea4f284d901a1550) D:\windows\system32\DRIVERS\epfwtdir.sys
21:54:14.0859 2772 epfwtdir - ok
21:54:14.0906 2772 Fastfat (38d332a6d56af32635675f132548343e) D:\windows\system32\drivers\Fastfat.sys
21:54:15.0000 2772 Fastfat - ok
21:54:15.0000 2772 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\windows\system32\drivers\Fdc.sys
21:54:15.0078 2772 Fdc - ok
21:54:15.0093 2772 Fips (b0678a548587c5f1967b0d70bacad6c1) D:\windows\system32\drivers\Fips.sys
21:54:15.0171 2772 Fips - ok
21:54:15.0171 2772 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\windows\system32\drivers\Flpydisk.sys
21:54:15.0250 2772 Flpydisk - ok
21:54:15.0281 2772 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\windows\system32\drivers\fltmgr.sys
21:54:15.0375 2772 FltMgr - ok
21:54:15.0390 2772 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\windows\system32\drivers\Fs_Rec.sys
21:54:15.0468 2772 Fs_Rec - ok
21:54:15.0468 2772 Ftdisk (8f1955ce42e1484714b542f341647778) D:\windows\system32\DRIVERS\ftdisk.sys
21:54:15.0546 2772 Ftdisk - ok
21:54:15.0562 2772 GMSIPCI - ok
21:54:15.0562 2772 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) D:\windows\system32\DRIVERS\msgpc.sys
21:54:15.0656 2772 Gpc - ok
21:54:15.0671 2772 HDAudBus (573c7d0a32852b48f3058cfd8026f511) D:\windows\system32\DRIVERS\HDAudBus.sys
21:54:15.0765 2772 HDAudBus - ok
21:54:15.0781 2772 hidusb (ccf82c5ec8a7326c3066de870c06daf1) D:\windows\system32\DRIVERS\hidusb.sys
21:54:15.0859 2772 hidusb - ok
21:54:15.0890 2772 hpn - ok
21:54:15.0921 2772 HTTP (f80a415ef82cd06ffaf0d971528ead38) D:\windows\system32\Drivers\HTTP.sys
21:54:15.0984 2772 HTTP - ok
21:54:16.0000 2772 i2omgmt - ok
21:54:16.0000 2772 i2omp - ok
21:54:16.0015 2772 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) D:\windows\system32\drivers\i8042prt.sys
21:54:16.0093 2772 i8042prt - ok
21:54:16.0109 2772 Imapi (083a052659f5310dd8b6a6cb05edcf8e) D:\windows\system32\DRIVERS\imapi.sys
21:54:16.0203 2772 Imapi - ok
21:54:16.0218 2772 ini910u - ok
21:54:16.0359 2772 IntcAzAudAddService (ed90e04f7a1e385e2ea956cad83f8070) D:\windows\system32\drivers\RtkHDAud.sys
21:54:16.0515 2772 IntcAzAudAddService - ok
21:54:16.0562 2772 IntelIde - ok
21:54:16.0593 2772 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) D:\windows\system32\drivers\ip6fw.sys
21:54:16.0671 2772 Ip6Fw - ok
21:54:16.0703 2772 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) D:\windows\system32\DRIVERS\ipfltdrv.sys
21:54:16.0781 2772 IpFilterDriver - ok
21:54:16.0796 2772 IpInIp (b87ab476dcf76e72010632b5550955f5) D:\windows\system32\DRIVERS\ipinip.sys
21:54:16.0890 2772 IpInIp - ok
21:54:16.0906 2772 IpNat (cc748ea12c6effde940ee98098bf96bb) D:\windows\system32\DRIVERS\ipnat.sys
21:54:16.0984 2772 IpNat - ok
21:54:17.0000 2772 IPSec (23c74d75e36e7158768dd63d92789a91) D:\windows\system32\DRIVERS\ipsec.sys
21:54:17.0109 2772 IPSec - ok
21:54:17.0125 2772 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) D:\windows\system32\DRIVERS\irenum.sys
21:54:17.0171 2772 IRENUM - ok
21:54:17.0187 2772 isapnp (6dfb88f64135c525433e87648bda30de) D:\windows\system32\DRIVERS\isapnp.sys
21:54:17.0250 2772 isapnp - ok
21:54:17.0265 2772 Kbdclass (1704d8c4c8807b889e43c649b478a452) D:\windows\system32\DRIVERS\kbdclass.sys
21:54:17.0359 2772 Kbdclass - ok
21:54:17.0359 2772 kbdhid (b6d6c117d771c98130497265f26d1882) D:\windows\system32\DRIVERS\kbdhid.sys
21:54:17.0453 2772 kbdhid - ok
21:54:17.0468 2772 kmixer (692bcf44383d056aed41b045a323d378) D:\windows\system32\drivers\kmixer.sys
21:54:17.0562 2772 kmixer - ok
21:54:17.0593 2772 KSecDD (b467646c54cc746128904e1654c750c1) D:\windows\system32\drivers\KSecDD.sys
21:54:17.0640 2772 KSecDD - ok
21:54:17.0656 2772 lbrtfdc - ok
21:54:17.0687 2772 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) D:\windows\system32\drivers\mnmdd.sys
21:54:17.0796 2772 mnmdd - ok
21:54:17.0812 2772 Modem (6fb74ebd4ec57a6f1781de3852cc3362) D:\windows\system32\drivers\Modem.sys
21:54:17.0890 2772 Modem - ok
21:54:17.0906 2772 Mouclass (b24ce8005deab254c0251e15cb71d802) D:\windows\system32\DRIVERS\mouclass.sys
21:54:17.0984 2772 Mouclass - ok
21:54:18.0015 2772 mouhid (66a6f73c74e1791464160a7065ce711a) D:\windows\system32\DRIVERS\mouhid.sys
21:54:18.0109 2772 mouhid - ok
21:54:18.0125 2772 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) D:\windows\system32\drivers\MountMgr.sys
21:54:18.0203 2772 MountMgr - ok
21:54:18.0218 2772 mraid35x - ok
21:54:18.0218 2772 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) D:\windows\system32\DRIVERS\mrxdav.sys
21:54:18.0312 2772 MRxDAV - ok
21:54:18.0328 2772 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\windows\system32\DRIVERS\mrxsmb.sys
21:54:18.0421 2772 MRxSmb - ok
21:54:18.0437 2772 Msfs (c941ea2454ba8350021d774daf0f1027) D:\windows\system32\drivers\Msfs.sys
21:54:18.0515 2772 Msfs - ok
21:54:18.0546 2772 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) D:\windows\system32\drivers\MSKSSRV.sys
21:54:18.0640 2772 MSKSSRV - ok
21:54:18.0671 2772 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) D:\windows\system32\drivers\MSPCLOCK.sys
21:54:18.0734 2772 MSPCLOCK - ok
21:54:18.0734 2772 MSPQM (bad59648ba099da4a17680b39730cb3d) D:\windows\system32\drivers\MSPQM.sys
21:54:18.0828 2772 MSPQM - ok
21:54:18.0843 2772 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) D:\windows\system32\DRIVERS\mssmbios.sys
21:54:18.0937 2772 mssmbios - ok
21:54:18.0953 2772 Mup (de6a75f5c270e756c5508d94b6cf68f5) D:\windows\system32\drivers\Mup.sys
21:54:19.0031 2772 Mup - ok
21:54:19.0062 2772 NDIS (1df7f42665c94b825322fae71721130d) D:\windows\system32\drivers\NDIS.sys
21:54:19.0140 2772 NDIS - ok
21:54:19.0171 2772 NdisTapi (0109c4f3850dfbab279542515386ae22) D:\windows\system32\DRIVERS\ndistapi.sys
21:54:19.0218 2772 NdisTapi - ok
21:54:19.0250 2772 Ndisuio (f927a4434c5028758a842943ef1a3849) D:\windows\system32\DRIVERS\ndisuio.sys
21:54:19.0328 2772 Ndisuio - ok
21:54:19.0343 2772 NdisWan (edc1531a49c80614b2cfda43ca8659ab) D:\windows\system32\DRIVERS\ndiswan.sys
21:54:19.0421 2772 NdisWan - ok
21:54:19.0453 2772 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) D:\windows\system32\drivers\NDProxy.sys
21:54:19.0500 2772 NDProxy - ok
21:54:19.0515 2772 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) D:\windows\system32\DRIVERS\netbios.sys
21:54:19.0625 2772 NetBIOS - ok
21:54:19.0656 2772 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) D:\windows\system32\DRIVERS\netbt.sys
21:54:19.0765 2772 NetBT - ok
21:54:19.0781 2772 Npfs (3182d64ae053d6fb034f44b6def8034a) D:\windows\system32\drivers\Npfs.sys
21:54:19.0859 2772 Npfs - ok
21:54:19.0890 2772 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) D:\windows\system32\drivers\Ntfs.sys
21:54:20.0000 2772 Ntfs - ok
21:54:20.0031 2772 Null (73c1e1f395918bc2c6dd67af7591a3ad) D:\windows\system32\drivers\Null.sys
21:54:20.0125 2772 Null - ok
21:54:20.0140 2772 nvatabus (b7fb72492b753930ec70a0f49d04f12f) D:\windows\system32\drivers\nvatabus.sys
21:54:20.0156 2772 nvatabus ( UnsignedFile.Multi.Generic ) - warning
21:54:20.0156 2772 nvatabus - detected UnsignedFile.Multi.Generic (1)
21:54:20.0187 2772 NVENETFD (7d275ecda4628318912f6c945d5cf963) D:\windows\system32\DRIVERS\NVENETFD.sys
21:54:20.0250 2772 NVENETFD - ok
21:54:20.0265 2772 nvgts (75e2e77c5497f34e60491d27bf03f1cb) D:\windows\system32\DRIVERS\nvgts.sys
21:54:20.0265 2772 nvgts - ok
21:54:20.0281 2772 nvnetbus (b64aacefad2be5bff5353fe681253c67) D:\windows\system32\DRIVERS\nvnetbus.sys
21:54:20.0328 2772 nvnetbus - ok
21:54:20.0359 2772 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) D:\windows\system32\DRIVERS\nwlnkflt.sys
21:54:20.0453 2772 NwlnkFlt - ok
21:54:20.0453 2772 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) D:\windows\system32\DRIVERS\nwlnkfwd.sys
21:54:20.0531 2772 NwlnkFwd - ok
21:54:20.0562 2772 Parport (f84785660305b9b903fb3bca8ba29837) D:\windows\system32\drivers\Parport.sys
21:54:20.0640 2772 Parport - ok
21:54:20.0656 2772 PartMgr (beb3ba25197665d82ec7065b724171c6) D:\windows\system32\drivers\PartMgr.sys
21:54:20.0734 2772 PartMgr - ok
21:54:20.0750 2772 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) D:\windows\system32\drivers\ParVdm.sys
21:54:20.0828 2772 ParVdm - ok
21:54:20.0843 2772 PCI (387e8dedc343aa2d1efbc30580273acd) D:\windows\system32\DRIVERS\pci.sys
21:54:20.0937 2772 PCI - ok
21:54:20.0953 2772 PCIDump - ok
21:54:20.0968 2772 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) D:\windows\system32\DRIVERS\pciide.sys
21:54:21.0062 2772 PCIIde - ok
21:54:21.0078 2772 Pcmcia (a2a966b77d61847d61a3051df87c8c97) D:\windows\system32\drivers\Pcmcia.sys
21:54:21.0156 2772 Pcmcia - ok
21:54:21.0156 2772 PDCOMP - ok
21:54:21.0171 2772 PDFRAME - ok
21:54:21.0171 2772 PDRELI - ok
21:54:21.0187 2772 PDRFRAME - ok
21:54:21.0187 2772 perc2 - ok
21:54:21.0203 2772 perc2hib - ok
21:54:21.0234 2772 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\windows\system32\DRIVERS\raspptp.sys
21:54:21.0328 2772 PptpMiniport - ok
21:54:21.0359 2772 Processor (2cb55427c58679f49ad600fccba76360) D:\windows\system32\DRIVERS\processr.sys
21:54:21.0437 2772 Processor - ok
21:54:21.0437 2772 PSched (09298ec810b07e5d582cb3a3f9255424) D:\windows\system32\DRIVERS\psched.sys
21:54:21.0531 2772 PSched - ok
21:54:21.0546 2772 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\windows\system32\DRIVERS\ptilink.sys
21:54:21.0609 2772 Ptilink - ok
21:54:21.0625 2772 ql1080 - ok
21:54:21.0640 2772 Ql10wnt - ok
21:54:21.0640 2772 ql12160 - ok
21:54:21.0656 2772 ql1240 - ok
21:54:21.0656 2772 ql1280 - ok
21:54:21.0671 2772 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) D:\windows\system32\DRIVERS\rasacd.sys
21:54:21.0750 2772 RasAcd - ok
21:54:21.0781 2772 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) D:\windows\system32\DRIVERS\rasl2tp.sys
21:54:21.0843 2772 Rasl2tp - ok
21:54:21.0843 2772 RasPppoe (5bc962f2654137c9909c3d4603587dee) D:\windows\system32\DRIVERS\raspppoe.sys
21:54:21.0953 2772 RasPppoe - ok
21:54:21.0953 2772 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) D:\windows\system32\DRIVERS\raspti.sys
21:54:22.0031 2772 Raspti - ok
21:54:22.0046 2772 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) D:\windows\system32\DRIVERS\rdbss.sys
21:54:22.0140 2772 Rdbss - ok
21:54:22.0156 2772 RDPCDD (4912d5b403614ce99c28420f75353332) D:\windows\system32\DRIVERS\RDPCDD.sys
21:54:22.0234 2772 RDPCDD - ok
21:54:22.0250 2772 rdpdr (15cabd0f7c00c47c70124907916af3f1) D:\windows\system32\DRIVERS\rdpdr.sys
21:54:22.0359 2772 rdpdr - ok
21:54:22.0390 2772 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) D:\windows\system32\drivers\RDPWD.sys
21:54:22.0453 2772 RDPWD - ok
21:54:22.0468 2772 redbook (ed761d453856f795a7fe056e42c36365) D:\windows\system32\DRIVERS\redbook.sys
21:54:22.0531 2772 redbook - ok
21:54:22.0640 2772 RTHDMIAzAudService (e7d4fcac8aa994d022e91540f9e5b815) D:\windows\system32\drivers\RtKHDMI.sys
21:54:22.0750 2772 RTHDMIAzAudService - ok
21:54:22.0828 2772 Secdrv (ba0d892d2f786bcebdf03b0a252b47f3) D:\windows\system32\DRIVERS\secdrv.sys
21:54:22.0843 2772 Secdrv ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0843 2772 Secdrv - detected UnsignedFile.Multi.Generic (1)
21:54:22.0859 2772 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) D:\windows\system32\drivers\Serial.sys
21:54:22.0953 2772 Serial - ok
21:54:22.0984 2772 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) D:\windows\system32\drivers\Sfloppy.sys
21:54:23.0046 2772 Sfloppy - ok
21:54:23.0062 2772 Simbad - ok
21:54:23.0078 2772 Sparrow - ok
21:54:23.0093 2772 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\windows\system32\drivers\splitter.sys
21:54:23.0171 2772 splitter - ok
21:54:23.0187 2772 sr (50fa898f8c032796d3b1b9951bb5a90f) D:\windows\system32\DRIVERS\sr.sys
21:54:23.0234 2772 sr - ok
21:54:23.0265 2772 Srv (47ddfc2f003f7f9f0592c6874962a2e7) D:\windows\system32\DRIVERS\srv.sys
21:54:23.0359 2772 Srv - ok
21:54:23.0390 2772 StarOpen (e57b778208c783d8debab320c16a1b82) D:\windows\system32\drivers\StarOpen.sys
21:54:23.0421 2772 StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:23.0421 2772 StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:23.0453 2772 swenum (3941d127aef12e93addf6fe6ee027e0f) D:\windows\system32\DRIVERS\swenum.sys
21:54:23.0531 2772 swenum - ok
21:54:23.0546 2772 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\windows\system32\drivers\swmidi.sys
21:54:23.0640 2772 swmidi - ok
21:54:23.0656 2772 symc810 - ok
21:54:23.0656 2772 symc8xx - ok
21:54:23.0671 2772 sym_hi - ok
21:54:23.0671 2772 sym_u3 - ok
21:54:23.0687 2772 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) D:\windows\system32\drivers\sysaudio.sys
21:54:23.0781 2772 sysaudio - ok
21:54:23.0828 2772 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) D:\windows\system32\DRIVERS\tcpip.sys
21:54:23.0875 2772 Tcpip - ok
21:54:23.0890 2772 TDPIPE (6471a66807f5e104e4885f5b67349397) D:\windows\system32\drivers\TDPIPE.sys
21:54:23.0984 2772 TDPIPE - ok
21:54:24.0000 2772 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) D:\windows\system32\drivers\TDTCP.sys
21:54:24.0109 2772 TDTCP - ok
21:54:24.0125 2772 TermDD (88155247177638048422893737429d9e) D:\windows\system32\DRIVERS\termdd.sys
21:54:24.0203 2772 TermDD - ok
21:54:24.0218 2772 TosIde - ok
21:54:24.0234 2772 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\windows\system32\drivers\Udfs.sys
21:54:24.0328 2772 Udfs - ok
21:54:24.0343 2772 ultra - ok
21:54:24.0375 2772 Update (402ddc88356b1bac0ee3dd1580c76a31) D:\windows\system32\DRIVERS\update.sys
21:54:24.0468 2772 Update - ok
21:54:24.0484 2772 usbccgp (173f317ce0db8e21322e71b7e60a27e8) D:\windows\system32\DRIVERS\usbccgp.sys
21:54:24.0578 2772 usbccgp - ok
21:54:24.0593 2772 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\windows\system32\DRIVERS\usbehci.sys
21:54:24.0671 2772 usbehci - ok
21:54:24.0687 2772 usbhub (1ab3cdde553b6e064d2e754efe20285c) D:\windows\system32\DRIVERS\usbhub.sys
21:54:24.0796 2772 usbhub - ok
21:54:24.0796 2772 usbohci (0daecce65366ea32b162f85f07c6753b) D:\windows\system32\DRIVERS\usbohci.sys
21:54:24.0875 2772 usbohci - ok
21:54:24.0890 2772 usbprint (a717c8721046828520c9edf31288fc00) D:\windows\system32\DRIVERS\usbprint.sys
21:54:24.0968 2772 usbprint - ok
21:54:24.0968 2772 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) D:\windows\system32\DRIVERS\usbscan.sys
21:54:25.0062 2772 usbscan - ok
21:54:25.0062 2772 usbstor (a32426d9b14a089eaa1d922e0c5801a9) D:\windows\system32\DRIVERS\USBSTOR.SYS
21:54:25.0140 2772 usbstor - ok
21:54:25.0171 2772 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) D:\windows\System32\drivers\vga.sys
21:54:25.0250 2772 VgaSave - ok
21:54:25.0265 2772 ViaIde - ok
21:54:25.0281 2772 VolSnap (a5a712f4e880874a477af790b5186e1d) D:\windows\system32\drivers\VolSnap.sys
21:54:25.0375 2772 VolSnap - ok
21:54:25.0406 2772 Wanarp (e20b95baedb550f32dd489265c1da1f6) D:\windows\system32\DRIVERS\wanarp.sys
21:54:25.0484 2772 Wanarp - ok
21:54:25.0484 2772 WDICA - ok
21:54:25.0515 2772 wdmaud (6768acf64b18196494413695f0c3a00f) D:\windows\system32\drivers\wdmaud.sys
21:54:25.0578 2772 wdmaud - ok
21:54:25.0625 2772 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:54:25.0687 2772 \Device\Harddisk0\DR0 - ok
21:54:25.0703 2772 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
21:54:25.0937 2772 \Device\Harddisk1\DR1 - ok
21:54:25.0968 2772 Boot (0x1200) (ca7eb2cd50a82d6a5a6d989057010092) \Device\Harddisk0\DR0\Partition0
21:54:25.0968 2772 \Device\Harddisk0\DR0\Partition0 - ok
21:54:25.0968 2772 Boot (0x1200) (7d423beeb74d136e1fd7970cb7c512b2) \Device\Harddisk0\DR0\Partition1
21:54:25.0968 2772 \Device\Harddisk0\DR0\Partition1 - ok
21:54:25.0968 2772 Boot (0x1200) (d9f6c977189804591ac3bd0a13d0ebc4) \Device\Harddisk0\DR0\Partition2
21:54:25.0968 2772 \Device\Harddisk0\DR0\Partition2 - ok
21:54:25.0984 2772 Boot (0x1200) (ff55e34dd0b0386560d6f09d36e81b71) \Device\Harddisk0\DR0\Partition3
21:54:25.0984 2772 \Device\Harddisk0\DR0\Partition3 - ok
21:54:25.0984 2772 Boot (0x1200) (bb77d96d69d4486575c43feca92f8020) \Device\Harddisk1\DR1\Partition0
21:54:25.0984 2772 \Device\Harddisk1\DR1\Partition0 - ok
21:54:25.0984 2772 Boot (0x1200) (0b26dbc4dae260870ab7714eef214aa3) \Device\Harddisk1\DR1\Partition1
21:54:25.0984 2772 \Device\Harddisk1\DR1\Partition1 - ok
21:54:25.0984 2772 ============================================================
21:54:25.0984 2772 Scan finished
21:54:25.0984 2772 ============================================================
21:54:26.0093 2764 Detected object count: 4
21:54:26.0093 2764 Actual detected object count: 4
21:55:02.0828 2764 cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764 cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:02.0828 2764 nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764 nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:02.0828 2764 Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764 Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:55:02.0828 2764 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
__________________ Don´t Panic! |
|
08.01.2012, 22:21
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Also Logs von verschiedenen Betriebssystemen in einem Strang sind verwirrdend. Man muss sich hier schon auf ein System einigen was bereinigt werden soll.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.01.2012, 00:49
| #14 |
| | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert OK, dann machen wir erstmal Windows 7 wieder fit? Und wenn es nicht zuviel Mühe macht danach Windows XP von der anderen Festplatte? Ist halt ein PC, XP ist noch auf einer kleinen Extra Platte für den Flugsimulator. Nur noch mal zu Info beide Platten ein PC über BIOS Boot-Menü wird entschieden welche Platte booten soll. Also wenn möglich erst Win7 danach XP? THX zum xten mal!
__________________ Don´t Panic! |
|
09.01.2012, 11:11
| #15 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert Wir machen hier erstmal WIn7. Wenn wir fertig sind kümmern wir uns um das parallel installierte XP, da machst du dann einen neuen Strang zu auf. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert |
| admin, anderes, angemeldet, arbeit, aufrufe, diverse, einfach, eingefangen, entfernt, eset, folge, freund, gen, gestartet, infiziert, interne, lag, laufen, log-datei, löschen, meldung, nicht mehr, schonmal, systemsteuerung, updates, verschwunden, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
