| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.02.2012, 13:23
| #1 |
 |  Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Hallo liebe Mitglieder des Trojaner-Boards! Wie vielen Personen in jüngster Vergangenheit erging es vor ein paar Minuten auch mir so, dass mich der bekannte "50€-Virus" befiel und nach dem Systemstart mein System unbrauchbar machte. Hektisch und etwas ratlos erkundigte ich mich hier und benutzte OTL, um der Lage Herr zu werden. In meiner Hektik achtete ich jedoch nicht darauf, dass die Kommando-Parameter im OTL für jeden User spezifisch und individuell erstellt wurden, und nahm einen der vorgefertigten Befehle. Nachdem ich anhand dessen OTL seinen Dienst verrichten ließ (von einem anderen Konto aus), und mein System erneut startete, scheint das Problem nun behoben zu sein. Da ich mir nun nicht sicher bin, wie es um mein System steht, befinden sich im Anhang noch ein paar Logs (OTL, Hijackthis). Falls erwünscht, können andersweitige Logs noch nachgereicht werden. Mit freundlichen Grüßen Dennis |
|
09.02.2012, 16:46
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Bitte KEINE HijackThis Log mehr posten!
__________________Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
10.02.2012, 12:46
| #3 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" MBAM: (Es existieren keine älteren Scans)
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dennis :: DENNIS-PC [Administrator] 10.02.2012 09:15:44 mbam-log-2012-02-10 (09-15-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 558292 Laufzeit: 1 Stunde(n), 38 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7ad4fc2456799d4bb809c2f9f21158a0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-10 11:43:48
# local_time=2012-02-10 12:43:48 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 88340 65409665 79943 0
# compatibility_mode=5893 16776573 100 94 14444 80502694 0 0
# compatibility_mode=8192 67108863 100 0 3691 3691 0 0
# scanned=21459
# found=0
# cleaned=0
# scan_time=1384
Geändert von ch0ka (10.02.2012 um 13:30 Uhr) |
|
10.02.2012, 14:25
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.02.2012, 14:48
| #5 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2012 14:33:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = H:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,65% Memory free 7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 16,91 Gb Free Space | 28,86% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 16,71 Gb Free Space | 17,11% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 28,21 Gb Free Space | 28,89% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 0,12 Gb Free Space | 0,12% Space Free | Partition Type: NTFS Drive H: | 101,10 Gb Total Space | 25,63 Gb Free Space | 25,36% Space Free | Partition Type: NTFS Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.09 12:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWService.exe PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWTray.exe PRC - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.20 04:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- H:\PowerDVD\PowerDVD11\PDVD11Serv.exe PRC - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe PRC - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.09.26 17:16:22 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2011.09.26 17:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- E:\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.10.25 13:18:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.29 13:57:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 13:57:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.08 12:06:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2011.01.11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2010.12.25 20:11:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.25 16:16:09 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.16 16:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.08.22 22:18:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- E:\AdAware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.04.20 04:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.04.12 10:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/09 09:44:33] [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.01.11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\DivXWebPlayer\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: E:\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.25 16:34:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M] [2010.12.24 19:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.01.26 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions [2011.03.16 23:36:45 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2011.12.24 15:56:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.26 09:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.10.21 13:02:03 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI Hosts file not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] E:\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RemoteControl11] H:\PowerDVD\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32EBF9C2-18F3-4502-8B1D-5DC6412F6EDE}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2E9BA4-4171-4983-B472-E525B029C54D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435C03AB-BF0C-4DFB-9C9D-C282B4ED729A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C19A40CF-B54E-41CD-808E-C2E68611E58C}: DhcpNameServer = 10.44.37.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - E:\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.09 13:43:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.02.09 13:41:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.02.09 09:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11 [2012.02.08 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.02.08 16:35:29 | 000,015,672 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys [2012.02.07 15:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaShow [2012.02.07 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\CyberLink [2012.02.07 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2012.02.07 15:27:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaServer [2012.02.07 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2012.02.07 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CyberLink [2012.02.07 15:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.02.07 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2012.02.07 15:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2012.02.02 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Data [2012.01.30 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2012.01.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira [2012.01.29 11:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache [2012.01.29 11:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker [2012.01.26 13:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FullTiltPoker [2012.01.26 13:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMI PHARMINDEX [2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2012.01.19 19:14:13 | 000,000,000 | ---D | C] -- C:\med7net [2012.01.16 15:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark [2012.01.16 15:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyboardTest [2012.01.12 11:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.08.13 21:33:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dennis\AppData\Roaming\pcouffin.sys [2010.10.25 13:11:10 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe ========== Files - Modified Within 30 Days ========== [2012.02.10 14:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.10 09:22:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 09:13:23 | 001,501,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.10 09:13:23 | 000,653,986 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.10 09:13:23 | 000,615,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.10 09:13:23 | 000,131,652 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.10 09:13:23 | 000,107,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.10 09:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.10 09:07:17 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2012.02.09 14:20:59 | 000,299,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.08 16:36:05 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr [2012.02.07 16:42:24 | 000,006,144 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.07 12:22:36 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.02.07 12:22:36 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.01.30 09:33:30 | 000,001,494 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.15 16:25:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2012.02.08 16:35:58 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr [2011.12.20 20:50:18 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2011.09.04 16:36:28 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.09.04 16:36:28 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.22 21:05:21 | 000,000,008 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe [2011.08.13 21:33:20 | 000,099,384 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\inst.exe [2011.08.13 21:33:20 | 000,007,859 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.cat [2011.08.13 21:33:20 | 000,001,167 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.inf [2011.06.06 19:43:06 | 000,000,343 | ---- | C] () -- C:\Windows\ATB_Prec.Ini [2011.04.14 11:27:50 | 000,006,144 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.14 11:26:09 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.02.23 13:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2011.02.16 20:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 15:07:04 | 000,001,057 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml [2011.01.29 20:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI [2011.01.14 11:04:40 | 001,528,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.05 14:21:21 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg [2011.01.03 01:10:37 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.03 01:10:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.01.03 01:10:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.24 23:39:49 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.24 19:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.25 13:11:10 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.10.25 13:11:10 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.10.25 13:11:10 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.10.25 13:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.07.14 15:22:22 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2005.07.14 15:22:21 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll ========== LOP Check ========== [2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon [2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC [2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software [2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize [2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client [2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject [2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3 [2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca [2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX [2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP [2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt [2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso [2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net [2011.05.26 21:21:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.01 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AccurateRip [2011.10.19 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2010.12.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI [2012.01.29 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira [2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon [2012.02.07 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2012.02.04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC [2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software [2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize [2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2010.12.24 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2010.12.24 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2011.08.22 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2012.01.19 19:13:50 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2010.12.24 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2012.01.29 11:24:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache [2011.12.03 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nero [2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2011.01.03 01:34:23 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM [2012.01.12 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Skype [2012.01.12 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM [2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client [2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject [2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3 [2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca [2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX [2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP [2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt [2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.08.14 13:13:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso [2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net [2011.01.28 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Winamp [2010.12.25 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.08.13 21:33:20 | 000,099,384 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\inst.exe [2011.08.22 21:05:21 | 000,000,008 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe [2011.08.22 21:12:43 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2012.01.30 18:33:15 | 005,185,536 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe [2012.01.30 18:33:15 | 000,028,672 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe [2010.12.27 08:24:04 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.05.19 10:06:56 | 000,374,160 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe [2011.05.16 12:31:42 | 000,070,984 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956 < End of report > |
|
10.02.2012, 16:38
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956
:Files
C:\Users\Dennis\AppData\Roaming\*.exe
C:\Users\Dennis\AppData\Roaming\Babylon
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" |
|
12.02.2012, 10:48
| #7 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Hier die OTL-Logfile nach dem Fix: Code:
ATTFilter All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
E:\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
ADS C:\ProgramData\Temp:BC359956 deleted successfully.
========== FILES ==========
C:\Users\Dennis\AppData\Roaming\inst.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe moved successfully.
C:\Users\Dennis\AppData\Roaming\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: cHk
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1660502 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Dennis
->Temp folder emptied: 17678844 bytes
->Temporary Internet Files folder emptied: 3921171 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 644459455 bytes
->Flash cache emptied: 4327 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256377 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 637,00 mb
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_103717
Files\Folders moved on Reboot...
C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Dennis\AppData\Local\Temp\~PI46E4.tmp moved successfully.
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
12.02.2012, 14:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 16:53
| #9 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"Code:
ATTFilter 16:53:08.0824 1160 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57
16:53:08.0906 1160 ============================================================
16:53:08.0906 1160 Current date / time: 2012/02/12 16:53:08.0906
16:53:08.0906 1160 SystemInfo:
16:53:08.0907 1160
16:53:08.0907 1160 OS Version: 6.1.7601 ServicePack: 1.0
16:53:08.0907 1160 Product type: Workstation
16:53:08.0907 1160 ComputerName: DENNIS-PC
16:53:08.0907 1160 UserName: Dennis
16:53:08.0907 1160 Windows directory: C:\Windows
16:53:08.0907 1160 System windows directory: C:\Windows
16:53:08.0907 1160 Running under WOW64
16:53:08.0907 1160 Processor architecture: Intel x64
16:53:08.0907 1160 Number of processors: 2
16:53:08.0907 1160 Page size: 0x1000
16:53:08.0907 1160 Boot type: Normal boot
16:53:08.0907 1160 ============================================================
16:53:10.0110 1160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:53:10.0115 1160 \Device\Harddisk0\DR0:
16:53:10.0115 1160 MBR used
16:53:10.0115 1160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
16:53:10.0115 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x7530000
16:53:10.0136 1160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8F63000, BlocksNum 0xC350000
16:53:10.0155 1160 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x152B3800, BlocksNum 0xC350000
16:53:10.0176 1160 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21604000, BlocksNum 0xC350000
16:53:10.0194 1160 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2D954800, BlocksNum 0xCA31000
16:53:10.0425 1160 Initialize success
16:53:10.0425 1160 ============================================================
16:53:14.0221 1972 ============================================================
16:53:14.0221 1972 Scan started
16:53:14.0221 1972 Mode: Manual; SigCheck; TDLFS;
16:53:14.0221 1972 ============================================================
16:53:15.0662 1972 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:53:15.0719 1972 1394ohci - ok
16:53:15.0777 1972 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:53:15.0793 1972 ACPI - ok
16:53:15.0857 1972 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:53:15.0873 1972 AcpiPmi - ok
16:53:16.0054 1972 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:53:16.0072 1972 adp94xx - ok
16:53:16.0132 1972 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:53:16.0147 1972 adpahci - ok
16:53:16.0272 1972 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:53:16.0284 1972 adpu320 - ok
16:53:16.0417 1972 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
16:53:16.0436 1972 AFD - ok
16:53:16.0549 1972 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:53:16.0560 1972 agp440 - ok
16:53:16.0663 1972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:53:16.0677 1972 aliide - ok
16:53:16.0816 1972 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:53:16.0825 1972 amdide - ok
16:53:16.0877 1972 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
16:53:16.0915 1972 amdiox64 - ok
16:53:17.0027 1972 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:53:17.0041 1972 AmdK8 - ok
16:53:17.0313 1972 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys
16:53:17.0481 1972 amdkmdag - ok
16:53:17.0576 1972 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys
16:53:17.0616 1972 amdkmdap - ok
16:53:17.0694 1972 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:53:17.0708 1972 AmdPPM - ok
16:53:17.0765 1972 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:53:17.0776 1972 amdsata - ok
16:53:17.0828 1972 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:53:17.0845 1972 amdsbs - ok
16:53:17.0926 1972 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:53:17.0936 1972 amdxata - ok
16:53:18.0054 1972 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
16:53:18.0064 1972 AODDriver4.01 - ok
16:53:18.0175 1972 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:53:18.0211 1972 AppID - ok
16:53:18.0326 1972 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:53:18.0337 1972 arc - ok
16:53:18.0384 1972 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:53:18.0395 1972 arcsas - ok
16:53:18.0515 1972 ArcSec (36661a0497d8ed2d07b82524df932ea3) C:\Windows\system32\drivers\ArcSec.sys
16:53:18.0528 1972 ArcSec - ok
16:53:18.0631 1972 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:53:18.0674 1972 AsyncMac - ok
16:53:18.0705 1972 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:53:18.0716 1972 atapi - ok
16:53:18.0851 1972 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys
16:53:18.0900 1972 athr - ok
16:53:19.0034 1972 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
16:53:19.0044 1972 AtiHDAudioService - ok
16:53:19.0098 1972 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys
16:53:19.0106 1972 AtiPcie - ok
16:53:19.0174 1972 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:53:19.0183 1972 avgntflt - ok
16:53:19.0219 1972 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:53:19.0229 1972 avipbb - ok
16:53:19.0317 1972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:53:19.0336 1972 b06bdrv - ok
16:53:19.0389 1972 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:53:19.0405 1972 b57nd60a - ok
16:53:19.0511 1972 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:53:19.0549 1972 Beep - ok
16:53:19.0604 1972 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:53:19.0618 1972 blbdrive - ok
16:53:19.0664 1972 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:53:19.0677 1972 bowser - ok
16:53:19.0753 1972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:53:19.0769 1972 BrFiltLo - ok
16:53:19.0921 1972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:53:19.0937 1972 BrFiltUp - ok
16:53:20.0099 1972 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:53:20.0116 1972 Brserid - ok
16:53:20.0154 1972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:53:20.0170 1972 BrSerWdm - ok
16:53:20.0249 1972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:53:20.0268 1972 BrUsbMdm - ok
16:53:20.0280 1972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:53:20.0294 1972 BrUsbSer - ok
16:53:20.0384 1972 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:53:20.0401 1972 BTHMODEM - ok
16:53:20.0512 1972 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:53:20.0551 1972 cdfs - ok
16:53:20.0657 1972 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:53:20.0672 1972 cdrom - ok
16:53:20.0726 1972 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:53:20.0742 1972 circlass - ok
16:53:20.0786 1972 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:53:20.0803 1972 CLFS - ok
16:53:20.0960 1972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:53:20.0973 1972 CmBatt - ok
16:53:21.0001 1972 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:53:21.0011 1972 cmdide - ok
16:53:21.0097 1972 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:53:21.0120 1972 CNG - ok
16:53:21.0164 1972 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:53:21.0173 1972 Compbatt - ok
16:53:21.0209 1972 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:53:21.0234 1972 CompositeBus - ok
16:53:21.0344 1972 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:53:21.0354 1972 crcdisk - ok
16:53:21.0504 1972 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:53:21.0544 1972 DfsC - ok
16:53:21.0597 1972 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:53:21.0637 1972 discache - ok
16:53:21.0666 1972 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:53:21.0680 1972 Disk - ok
16:53:21.0813 1972 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:53:21.0828 1972 drmkaud - ok
16:53:21.0926 1972 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:53:21.0951 1972 DXGKrnl - ok
16:53:22.0066 1972 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:53:22.0116 1972 ebdrv - ok
16:53:22.0211 1972 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:53:22.0229 1972 elxstor - ok
16:53:22.0283 1972 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:53:22.0296 1972 ErrDev - ok
16:53:22.0379 1972 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:53:22.0419 1972 exfat - ok
16:53:22.0439 1972 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:53:22.0483 1972 fastfat - ok
16:53:22.0563 1972 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:53:22.0576 1972 fdc - ok
16:53:22.0606 1972 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:53:22.0618 1972 FileInfo - ok
16:53:22.0628 1972 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:53:22.0666 1972 Filetrace - ok
16:53:22.0752 1972 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:53:22.0768 1972 flpydisk - ok
16:53:22.0825 1972 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:53:22.0839 1972 FltMgr - ok
16:53:22.0876 1972 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:53:22.0886 1972 FsDepends - ok
16:53:22.0897 1972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:53:22.0907 1972 Fs_Rec - ok
16:53:22.0965 1972 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:53:22.0981 1972 fvevol - ok
16:53:23.0010 1972 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:53:23.0021 1972 gagp30kx - ok
16:53:23.0146 1972 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:53:23.0163 1972 hcw85cir - ok
16:53:23.0219 1972 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:53:23.0238 1972 HdAudAddService - ok
16:53:23.0329 1972 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:53:23.0346 1972 HDAudBus - ok
16:53:23.0385 1972 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:53:23.0400 1972 HidBatt - ok
16:53:23.0419 1972 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:53:23.0437 1972 HidBth - ok
16:53:23.0458 1972 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:53:23.0476 1972 HidIr - ok
16:53:23.0578 1972 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:53:23.0592 1972 HidUsb - ok
16:53:23.0649 1972 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:53:23.0660 1972 HpSAMD - ok
16:53:23.0754 1972 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:53:23.0767 1972 HTCAND64 - ok
16:53:23.0815 1972 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:53:23.0862 1972 HTTP - ok
16:53:23.0891 1972 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:53:23.0901 1972 hwpolicy - ok
16:53:23.0970 1972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:53:23.0984 1972 i8042prt - ok
16:53:24.0049 1972 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:53:24.0065 1972 iaStorV - ok
16:53:24.0188 1972 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:53:24.0199 1972 iirsp - ok
16:53:24.0295 1972 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys
16:53:24.0345 1972 IntcAzAudAddService - ok
16:53:24.0376 1972 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:53:24.0386 1972 intelide - ok
16:53:24.0472 1972 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:53:24.0486 1972 intelppm - ok
16:53:24.0541 1972 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:53:24.0579 1972 IpFilterDriver - ok
16:53:24.0618 1972 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:53:24.0632 1972 IPMIDRV - ok
16:53:24.0673 1972 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:53:24.0716 1972 IPNAT - ok
16:53:24.0776 1972 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:53:24.0796 1972 IRENUM - ok
16:53:24.0841 1972 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:53:24.0851 1972 isapnp - ok
16:53:24.0903 1972 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:53:24.0917 1972 iScsiPrt - ok
16:53:24.0980 1972 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys
16:53:24.0994 1972 k57nd60a - ok
16:53:25.0060 1972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:53:25.0070 1972 kbdclass - ok
16:53:25.0189 1972 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:53:25.0203 1972 kbdhid - ok
16:53:25.0241 1972 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:53:25.0252 1972 KSecDD - ok
16:53:25.0298 1972 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:53:25.0310 1972 KSecPkg - ok
16:53:25.0388 1972 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:53:25.0429 1972 ksthunk - ok
16:53:25.0542 1972 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) E:\AdAware\KernExplorer64.sys
16:53:25.0551 1972 Lavasoft Kernexplorer - ok
16:53:25.0686 1972 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
16:53:25.0695 1972 Lbd - ok
16:53:25.0763 1972 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:53:25.0804 1972 lltdio - ok
16:53:25.0900 1972 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) E:\LogMeIn\x64\RaInfo.sys
16:53:25.0908 1972 LMIInfo - ok
16:53:26.0012 1972 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
16:53:26.0021 1972 lmimirr - ok
16:53:26.0085 1972 LMIRfsClientNP - ok
16:53:26.0140 1972 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
16:53:26.0149 1972 LMIRfsDriver - ok
16:53:26.0253 1972 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:53:26.0265 1972 LSI_FC - ok
16:53:26.0295 1972 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:53:26.0306 1972 LSI_SAS - ok
16:53:26.0334 1972 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:53:26.0344 1972 LSI_SAS2 - ok
16:53:26.0369 1972 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:53:26.0381 1972 LSI_SCSI - ok
16:53:26.0480 1972 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:53:26.0521 1972 luafv - ok
16:53:26.0568 1972 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:53:26.0580 1972 megasas - ok
16:53:26.0601 1972 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:53:26.0616 1972 MegaSR - ok
16:53:26.0647 1972 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:53:26.0688 1972 Modem - ok
16:53:26.0724 1972 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:53:26.0740 1972 monitor - ok
16:53:26.0786 1972 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:53:26.0796 1972 mouclass - ok
16:53:26.0845 1972 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:53:26.0858 1972 mouhid - ok
16:53:26.0918 1972 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:53:26.0929 1972 mountmgr - ok
16:53:26.0985 1972 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:53:26.0997 1972 mpio - ok
16:53:27.0022 1972 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:53:27.0063 1972 mpsdrv - ok
16:53:27.0128 1972 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:53:27.0148 1972 MRxDAV - ok
16:53:27.0185 1972 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:53:27.0200 1972 mrxsmb - ok
16:53:27.0236 1972 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:53:27.0251 1972 mrxsmb10 - ok
16:53:27.0281 1972 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:53:27.0295 1972 mrxsmb20 - ok
16:53:27.0337 1972 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:53:27.0347 1972 msahci - ok
16:53:27.0384 1972 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:53:27.0396 1972 msdsm - ok
16:53:27.0492 1972 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:53:27.0530 1972 Msfs - ok
16:53:27.0542 1972 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:53:27.0579 1972 mshidkmdf - ok
16:53:27.0608 1972 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:53:27.0618 1972 msisadrv - ok
16:53:27.0722 1972 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:53:27.0760 1972 MSKSSRV - ok
16:53:27.0793 1972 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:53:27.0830 1972 MSPCLOCK - ok
16:53:27.0884 1972 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:53:27.0923 1972 MSPQM - ok
16:53:27.0978 1972 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:53:27.0993 1972 MsRPC - ok
16:53:28.0029 1972 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:53:28.0041 1972 mssmbios - ok
16:53:28.0129 1972 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:53:28.0166 1972 MSTEE - ok
16:53:28.0180 1972 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:53:28.0194 1972 MTConfig - ok
16:53:28.0224 1972 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:53:28.0234 1972 Mup - ok
16:53:28.0296 1972 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:53:28.0317 1972 NativeWifiP - ok
16:53:28.0398 1972 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:53:28.0423 1972 NDIS - ok
16:53:28.0464 1972 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:53:28.0502 1972 NdisCap - ok
16:53:28.0587 1972 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:53:28.0626 1972 NdisTapi - ok
16:53:28.0666 1972 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:53:28.0702 1972 Ndisuio - ok
16:53:28.0735 1972 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:53:28.0773 1972 NdisWan - ok
16:53:28.0825 1972 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:53:28.0862 1972 NDProxy - ok
16:53:28.0965 1972 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:53:29.0003 1972 NetBIOS - ok
16:53:29.0042 1972 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:53:29.0082 1972 NetBT - ok
16:53:29.0190 1972 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:53:29.0200 1972 nfrd960 - ok
16:53:29.0238 1972 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:53:29.0279 1972 Npfs - ok
16:53:29.0447 1972 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:53:29.0487 1972 nsiproxy - ok
16:53:29.0579 1972 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:53:29.0616 1972 Ntfs - ok
16:53:29.0835 1972 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) E:\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
16:53:29.0844 1972 ntk_PowerDVD12 - ok
16:53:29.0931 1972 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:53:29.0969 1972 Null - ok
16:53:30.0009 1972 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:53:30.0021 1972 nvraid - ok
16:53:30.0062 1972 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:53:30.0076 1972 nvstor - ok
16:53:30.0119 1972 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:53:30.0131 1972 nv_agp - ok
16:53:30.0167 1972 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:53:30.0182 1972 ohci1394 - ok
16:53:30.0476 1972 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:53:30.0490 1972 Parport - ok
16:53:30.0524 1972 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:53:30.0534 1972 partmgr - ok
16:53:30.0575 1972 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:53:30.0588 1972 pci - ok
16:53:30.0612 1972 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:53:30.0622 1972 pciide - ok
16:53:30.0659 1972 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:53:30.0673 1972 pcmcia - ok
16:53:30.0701 1972 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:53:30.0711 1972 pcw - ok
16:53:30.0729 1972 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:53:30.0776 1972 PEAUTH - ok
16:53:30.0872 1972 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys
16:53:30.0881 1972 Point64 - ok
16:53:30.0985 1972 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:53:31.0023 1972 PptpMiniport - ok
16:53:31.0050 1972 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:53:31.0064 1972 Processor - ok
16:53:31.0179 1972 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:53:31.0217 1972 Psched - ok
16:53:31.0248 1972 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
16:53:31.0257 1972 PxHlpa64 - ok
16:53:31.0319 1972 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:53:31.0353 1972 ql2300 - ok
16:53:31.0375 1972 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:53:31.0387 1972 ql40xx - ok
16:53:31.0416 1972 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:53:31.0434 1972 QWAVEdrv - ok
16:53:31.0463 1972 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:53:31.0501 1972 RasAcd - ok
16:53:31.0613 1972 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:53:31.0652 1972 RasAgileVpn - ok
16:53:31.0787 1972 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:53:31.0825 1972 Rasl2tp - ok
16:53:31.0859 1972 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:53:31.0900 1972 RasPppoe - ok
16:53:31.0912 1972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:53:31.0952 1972 RasSstp - ok
16:53:31.0996 1972 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:53:32.0037 1972 rdbss - ok
16:53:32.0065 1972 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:53:32.0081 1972 rdpbus - ok
16:53:32.0106 1972 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:53:32.0144 1972 RDPCDD - ok
16:53:32.0228 1972 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:53:32.0266 1972 RDPENCDD - ok
16:53:32.0291 1972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:53:32.0331 1972 RDPREFMP - ok
16:53:32.0367 1972 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
16:53:32.0407 1972 RDPWD - ok
16:53:32.0504 1972 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:53:32.0517 1972 rdyboost - ok
16:53:32.0590 1972 regi (84c83c7577407c4ff6ab1379ee944610) C:\Windows\system32\drivers\regi.sys
16:53:32.0600 1972 regi - ok
16:53:32.0727 1972 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:53:32.0767 1972 rspndr - ok
16:53:32.0866 1972 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys
16:53:32.0886 1972 RSUSBSTOR - ok
16:53:32.0923 1972 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys
16:53:32.0934 1972 RTHDMIAzAudService - ok
16:53:33.0011 1972 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:53:33.0023 1972 sbp2port - ok
16:53:33.0099 1972 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:53:33.0137 1972 scfilter - ok
16:53:33.0200 1972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:53:33.0241 1972 secdrv - ok
16:53:33.0304 1972 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:53:33.0316 1972 Serenum - ok
16:53:33.0352 1972 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:53:33.0366 1972 Serial - ok
16:53:33.0456 1972 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:53:33.0469 1972 sermouse - ok
16:53:33.0518 1972 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:53:33.0531 1972 sffdisk - ok
16:53:33.0552 1972 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:53:33.0566 1972 sffp_mmc - ok
16:53:33.0611 1972 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:53:33.0626 1972 sffp_sd - ok
16:53:33.0651 1972 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:53:33.0665 1972 sfloppy - ok
16:53:33.0792 1972 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
16:53:33.0813 1972 Sftfs - ok
16:53:33.0865 1972 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
16:53:33.0877 1972 Sftplay - ok
16:53:33.0906 1972 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
16:53:33.0914 1972 Sftredir - ok
16:53:34.0018 1972 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
16:53:34.0026 1972 Sftvol - ok
16:53:34.0141 1972 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:53:34.0152 1972 SiSRaid2 - ok
16:53:34.0194 1972 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:53:34.0206 1972 SiSRaid4 - ok
16:53:34.0256 1972 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:53:34.0307 1972 Smb - ok
16:53:34.0411 1972 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:53:34.0421 1972 spldr - ok
16:53:34.0496 1972 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
16:53:34.0497 1972 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
16:53:34.0519 1972 sptd ( LockedFile.Multi.Generic ) - warning
16:53:34.0519 1972 sptd - detected LockedFile.Multi.Generic (1)
16:53:34.0565 1972 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:53:34.0597 1972 srv - ok
16:53:34.0672 1972 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:53:34.0692 1972 srv2 - ok
16:53:34.0732 1972 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:53:34.0748 1972 srvnet - ok
16:53:34.0895 1972 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:53:34.0905 1972 stexstor - ok
16:53:34.0953 1972 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:53:34.0963 1972 swenum - ok
16:53:35.0152 1972 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys
16:53:35.0166 1972 SynTP - ok
16:53:35.0253 1972 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:53:35.0298 1972 Tcpip - ok
16:53:35.0375 1972 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:53:35.0417 1972 TCPIP6 - ok
16:53:35.0498 1972 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:53:35.0536 1972 tcpipreg - ok
16:53:35.0592 1972 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:53:35.0629 1972 TDPIPE - ok
16:53:35.0648 1972 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:53:35.0687 1972 TDTCP - ok
16:53:35.0750 1972 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:53:35.0791 1972 tdx - ok
16:53:35.0826 1972 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:53:35.0836 1972 TermDD - ok
16:53:35.0949 1972 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys
16:53:35.0962 1972 truecrypt - ok
16:53:36.0007 1972 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:53:36.0044 1972 tssecsrv - ok
16:53:36.0076 1972 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:53:36.0089 1972 TsUsbFlt - ok
16:53:36.0190 1972 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:53:36.0228 1972 tunnel - ok
16:53:36.0263 1972 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:53:36.0273 1972 uagp35 - ok
16:53:36.0322 1972 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:53:36.0361 1972 udfs - ok
16:53:36.0457 1972 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:53:36.0467 1972 uliagpkx - ok
16:53:36.0508 1972 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
16:53:36.0521 1972 umbus - ok
16:53:36.0560 1972 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:53:36.0573 1972 UmPass - ok
16:53:36.0610 1972 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:53:36.0624 1972 usbccgp - ok
16:53:36.0689 1972 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:53:36.0706 1972 usbcir - ok
16:53:36.0741 1972 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:53:36.0754 1972 usbehci - ok
16:53:36.0864 1972 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:53:36.0881 1972 usbhub - ok
16:53:36.0927 1972 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:53:36.0940 1972 usbohci - ok
16:53:37.0039 1972 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:53:37.0055 1972 usbprint - ok
16:53:37.0091 1972 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
16:53:37.0104 1972 USBSTOR - ok
16:53:37.0123 1972 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:53:37.0136 1972 usbuhci - ok
16:53:37.0231 1972 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:53:37.0249 1972 usbvideo - ok
16:53:37.0300 1972 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
16:53:37.0316 1972 usb_rndisx - ok
16:53:37.0441 1972 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:53:37.0452 1972 vdrvroot - ok
16:53:37.0528 1972 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:53:37.0545 1972 vga - ok
16:53:37.0565 1972 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:53:37.0607 1972 VgaSave - ok
16:53:37.0663 1972 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:53:37.0677 1972 vhdmp - ok
16:53:37.0707 1972 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:53:37.0717 1972 viaide - ok
16:53:37.0785 1972 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:53:37.0796 1972 volmgr - ok
16:53:37.0859 1972 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:53:37.0875 1972 volmgrx - ok
16:53:37.0966 1972 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:53:37.0980 1972 volsnap - ok
16:53:38.0026 1972 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:53:38.0038 1972 vsmraid - ok
16:53:38.0059 1972 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:53:38.0075 1972 vwifibus - ok
16:53:38.0156 1972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:53:38.0174 1972 vwififlt - ok
16:53:38.0269 1972 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:53:38.0286 1972 vwifimp - ok
16:53:38.0328 1972 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:53:38.0341 1972 WacomPen - ok
16:53:38.0435 1972 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0472 1972 WANARP - ok
16:53:38.0491 1972 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:53:38.0529 1972 Wanarpv6 - ok
16:53:38.0601 1972 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:53:38.0612 1972 Wd - ok
16:53:38.0645 1972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:53:38.0668 1972 Wdf01000 - ok
16:53:38.0796 1972 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:53:38.0836 1972 WfpLwf - ok
16:53:38.0858 1972 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:53:38.0868 1972 WIMMount - ok
16:53:39.0013 1972 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
16:53:39.0030 1972 WinUSB - ok
16:53:39.0087 1972 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:53:39.0102 1972 WmiAcpi - ok
16:53:39.0160 1972 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:53:39.0200 1972 ws2ifsl - ok
16:53:39.0297 1972 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:53:39.0335 1972 WudfPf - ok
16:53:39.0386 1972 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:53:39.0429 1972 WUDFRd - ok
16:53:39.0615 1972 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) E:\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl
16:53:39.0626 1972 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok
16:53:39.0688 1972 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:53:39.0912 1972 \Device\Harddisk0\DR0 - ok
16:53:39.0919 1972 Boot (0x1200) (4e3aef28cafcf33c4d429cfcec665d08) \Device\Harddisk0\DR0\Partition0
16:53:39.0920 1972 \Device\Harddisk0\DR0\Partition0 - ok
16:53:39.0936 1972 Boot (0x1200) (f25242f33a915291ecdacca4a033b879) \Device\Harddisk0\DR0\Partition1
16:53:39.0939 1972 \Device\Harddisk0\DR0\Partition1 - ok
16:53:39.0980 1972 Boot (0x1200) (d09cd79c54ec9eab0ae37d102cd56401) \Device\Harddisk0\DR0\Partition2
16:53:39.0982 1972 \Device\Harddisk0\DR0\Partition2 - ok
16:53:40.0000 1972 Boot (0x1200) (f11e41c889f093fad6929d60c432bb0d) \Device\Harddisk0\DR0\Partition3
16:53:40.0002 1972 \Device\Harddisk0\DR0\Partition3 - ok
16:53:40.0021 1972 Boot (0x1200) (9d4d2898fbe398f697f4e6bc6e83608a) \Device\Harddisk0\DR0\Partition4
16:53:40.0023 1972 \Device\Harddisk0\DR0\Partition4 - ok
16:53:40.0042 1972 Boot (0x1200) (0d82256b5134d65ab8b52e3271cb2972) \Device\Harddisk0\DR0\Partition5
16:53:40.0044 1972 \Device\Harddisk0\DR0\Partition5 - ok
16:53:40.0044 1972 ============================================================
16:53:40.0044 1972 Scan finished
16:53:40.0045 1972 ============================================================
16:53:40.0063 4900 Detected object count: 1
16:53:40.0063 4900 Actual detected object count: 1
16:53:42.0802 4900 sptd ( LockedFile.Multi.Generic ) - skipped by user
16:53:42.0802 4900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Geändert von ch0ka (12.02.2012 um 17:40 Uhr) |
|
12.02.2012, 18:04
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 20:18
| #11 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" War nach dem ComboFix schon ganz verzweifelt, als die von dir genannte Fehlermeldung erschien  Aber hier nun der Log (welcher sich übrigens nicht unter "C:\ComboFix.txt" sondern unter "C:\ComboFix/ComboFix.txt" befand  Code:
ATTFilter ComboFix 12-02-12.01 - Dennis 12.02.2012 19:14:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2616 [GMT 1:00]
ausgeführt von:: C:\Users\Dennis\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml
((((((((((((((((((((((( Dateien erstellt von 2012-01-12 bis 2012-02-12 ))))))))))))))))))))))))))))))
2012-02-12 18:24:58 . 2012-02-12 18:24:58 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-02-12 18:24:58 . 2012-02-12 18:24:58 -------- d-----w- C:\Users\cHk\AppData\Local\temp
2012-02-12 17:13:14 . 2011-05-20 12:49:22 34624 ----a-w- C:\Windows\system32\TURegOpt.exe
2012-02-12 17:13:06 . 2011-05-20 12:43:32 25920 ----a-w- C:\Windows\system32\authuitu.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:26 36160 ----a-w- C:\Windows\system32\uxtuneup.dll
2012-02-12 17:13:06 . 2011-05-20 12:43:18 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2012-02-12 17:13:02 . 2011-05-20 12:43:30 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll
2012-02-12 15:47:29 . 2012-02-12 15:47:29 -------- d-----w- C:\Users\Dennis\AppData\Roaming\ArcSoft
2012-02-12 15:46:57 . 2012-02-12 15:46:58 -------- d-----w- C:\Users\Dennis\AppData\Local\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:58 -------- d-----w- C:\ProgramData\ArcSoft
2012-02-12 15:46:56 . 2012-02-12 15:46:56 -------- d-----w- C:\Program Files (x86)\Common Files\ArcSoft
2012-02-12 15:46:52 . 2011-11-10 10:14:14 311872 ----a-w- C:\Windows\system32\drivers\ArcSec.sys
2012-02-12 15:46:52 . 2010-12-30 16:29:20 80448 ----a-w- C:\Windows\system32\MMCEDT5.exe
2012-02-12 15:44:20 . 2012-02-12 15:44:20 -------- d-----w- C:\Users\Dennis\AppData\Local\Downloaded Installations
2012-02-12 15:22:11 . 2012-02-12 15:22:11 -------- d-----w- C:\Users\Dennis\AppData\Local\AMD
2012-02-12 15:21:28 . 2012-02-12 15:21:28 -------- d-----w- C:\ProgramData\ATI
2012-02-12 15:13:42 . 2012-02-12 15:13:42 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-02-12 15:12:35 . 2012-02-12 15:12:35 -------- d-----w- C:\ProgramData\AMD
2012-02-12 15:12:33 . 2010-02-18 08:18:24 46136 ----a-w- C:\Windows\system32\drivers\amdiox64.sys
2012-02-12 09:40:45 . 2012-02-12 09:40:45 -------- d-----w- C:\Windows\system32\%LOCALAPPDATA%
2012-02-10 11:19:13 . 2012-02-10 11:19:13 -------- d-----w- C:\Program Files (x86)\ESET
2012-02-10 08:20:00 . 2012-01-06 05:15:20 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73B97690-9A8A-484B-9F5A-D364843EC570}\mpengine.dll
2012-02-09 12:43:16 . 2012-02-09 12:43:16 -------- d-----w- C:\Windows\system32\SPReview
2012-02-09 12:41:57 . 2012-02-09 12:41:58 -------- d-----w- C:\Windows\system32\EventProviders
2012-02-09 11:55:02 . 2012-02-09 11:55:02 -------- d-----w- C:\Users\cHk\AppData\Local\LogMeIn
2012-02-08 15:37:38 . 2012-02-08 15:39:35 -------- d-----w- C:\ProgramData\Protexis
2012-02-08 15:35:29 . 2010-11-16 15:24:16 15672 ----a-w- C:\Windows\system32\drivers\regi.sys
2012-02-07 14:32:20 . 2012-02-07 14:32:20 -------- d-----w- C:\Users\Dennis\AppData\Local\MediaShow
2012-02-07 14:27:02 . 2012-02-07 14:27:02 -------- d-----w- C:\Users\Dennis\AppData\Local\MediaServer
2012-02-07 14:26:59 . 2012-02-08 15:05:39 -------- d-----w- C:\ProgramData\PDVD
2012-02-07 14:26:44 . 2012-02-12 16:25:31 -------- d-----w- C:\Users\Public\CyberLink
2012-02-07 14:26:44 . 2012-02-12 16:25:31 -------- d-----w- C:\Users\Dennis\AppData\Local\CyberLink
2012-02-07 14:13:13 . 2012-02-12 16:26:53 -------- d-----w- C:\ProgramData\CyberLink
2012-02-07 14:13:12 . 2012-02-07 14:31:56 -------- d-----w- C:\Users\Dennis\AppData\Roaming\CyberLink
2012-02-07 14:07:03 . 2012-02-07 14:23:05 -------- d-----w- C:\ProgramData\install_clap
2012-01-30 17:33:15 . 2012-01-30 17:33:15 5185536 ----a-r- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe
2012-01-30 17:33:15 . 2012-01-30 17:33:15 28672 ----a-r- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe
2012-01-29 18:25:25 . 2012-01-29 18:25:25 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Avira
2012-01-29 10:24:18 . 2012-01-29 10:24:18 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache
2012-01-26 12:19:15 . 2012-01-26 12:20:22 -------- d-----w- C:\Users\Dennis\AppData\Local\FullTiltPoker
2012-01-19 22:47:32 . 2012-01-19 23:10:34 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex
2012-01-19 18:14:13 . 2012-01-19 18:15:13 -------- d-----w- C:\med7net
2012-01-19 18:13:51 . 2004-12-13 20:16:44 53248 ----a-w- C:\Windows\SysWow64\foxtools.fll
2012-01-16 14:30:36 . 2012-01-16 14:30:36 -------- d-----w- C:\ProgramData\PassMark
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
2012-02-09 12:59:29 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll
2012-02-09 12:59:29 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2012-01-26 23:52:58 . 2011-02-24 15:18:26 279656 ------w- C:\Windows\system32\MpSigStub.exe
2012-01-15 15:26:47 . 2011-01-03 00:34:46 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-01-15 15:26:47 . 2011-01-03 00:10:37 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-01-15 15:25:33 . 2011-01-03 00:10:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-12-10 14:24:08 . 2011-08-22 21:18:46 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys
2011-12-06 03:45:40 . 2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\system32\drivers\atikmdag.sys
2011-12-06 03:18:38 . 2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\system32\atio6axx.dll
2011-12-06 03:17:50 . 2011-12-06 03:17:50 159744 ----a-w- C:\Windows\system32\atiapfxx.exe
2011-12-06 03:17:36 . 2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-12-06 03:16:00 . 2011-12-06 03:16:00 933888 ----a-w- C:\Windows\system32\aticfx64.dll
2011-12-06 03:12:52 . 2011-12-06 03:12:52 466944 ----a-w- C:\Windows\system32\ATIDEMGX.dll
2011-12-06 03:12:36 . 2011-12-06 03:12:36 494080 ----a-w- C:\Windows\system32\atieclxx.exe
2011-12-06 03:11:56 . 2011-12-06 03:11:56 235520 ----a-w- C:\Windows\system32\atiesrxx.exe
2011-12-06 03:10:38 . 2011-12-06 03:10:38 120320 ----a-w- C:\Windows\system32\atitmm64.dll
2011-12-06 03:10:20 . 2011-12-06 03:10:20 423424 ----a-w- C:\Windows\system32\atipdl64.dll
2011-12-06 03:10:12 . 2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-12-06 03:10:00 . 2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-12-06 03:09:56 . 2011-12-06 03:09:56 21504 ----a-w- C:\Windows\system32\atimuixx.dll
2011-12-06 03:09:50 . 2011-12-06 03:09:50 59392 ----a-w- C:\Windows\system32\atiedu64.dll
2011-12-06 03:09:44 . 2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-12-06 03:06:38 . 2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-12-06 02:56:40 . 2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-12-06 02:51:22 . 2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\system32\atidxx64.dll
2011-12-06 02:39:58 . 2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll
2011-12-06 02:39:24 . 2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-12-06 02:39:12 . 2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\system32\atiumd6a.dll
2011-12-06 02:34:28 . 2011-12-06 02:34:28 51200 ----a-w- C:\Windows\system32\aticalrt64.dll
2011-12-06 02:34:24 . 2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-12-06 02:34:16 . 2011-12-06 02:34:16 44544 ----a-w- C:\Windows\system32\aticalcl64.dll
2011-12-06 02:34:14 . 2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-12-06 02:34:00 . 2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\system32\aticaldd64.dll
2011-12-06 02:33:36 . 2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-12-06 02:29:30 . 2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-12-06 02:28:50 . 2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-12-06 02:24:02 . 2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\system32\atiumd64.dll
2011-12-06 02:18:46 . 2011-12-06 02:18:46 58880 ----a-w- C:\Windows\system32\coinst.dll
2011-12-06 02:13:02 . 2010-09-16 10:55:56 509952 ----a-w- C:\Windows\system32\atiadlxx.dll
2011-12-06 02:12:52 . 2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-12-06 02:12:38 . 2011-12-06 02:12:38 17408 ----a-w- C:\Windows\system32\atig6pxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-12-06 02:12:34 . 2011-12-06 02:12:34 14336 ----a-w- C:\Windows\system32\atiglpxx.dll
2011-12-06 02:12:30 . 2011-12-06 02:12:30 39936 ----a-w- C:\Windows\system32\atig6txx.dll
2011-12-06 02:12:22 . 2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-12-06 02:12:14 . 2011-12-06 02:12:14 327168 ----a-w- C:\Windows\system32\drivers\atikmpag.sys
2011-12-06 02:11:24 . 2010-11-26 02:16:04 42496 ----a-w- C:\Windows\system32\atiuxp64.dll
2011-12-06 02:11:16 . 2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-12-06 02:11:10 . 2011-12-06 02:11:10 39936 ----a-w- C:\Windows\system32\atiu9p64.dll
2011-12-06 02:11:02 . 2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48 54784 ----a-w- C:\Windows\system32\atimpc64.dll
2011-12-06 02:10:48 . 2011-12-06 02:10:48 54784 ----a-w- C:\Windows\system32\amdpcom64.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-12-06 02:10:42 . 2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-12-06 02:10:24 . 2011-12-06 02:10:24 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll
2011-12-05 21:04:06 . 2011-12-05 21:04:06 69632 ----a-w- C:\Windows\system32\OpenVideo64.dll
2011-12-05 21:04:00 . 2011-12-05 21:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2011-12-05 21:03:54 . 2011-12-05 21:03:54 61952 ----a-w- C:\Windows\system32\OVDecode64.dll
2011-12-05 21:03:52 . 2011-12-05 21:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-12-05 21:03:42 . 2011-12-05 21:03:42 17580544 ----a-w- C:\Windows\system32\amdocl64.dll
2011-12-05 21:03:04 . 2011-12-05 21:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-12-05 21:02:20 . 2011-12-05 21:02:20 51200 ----a-w- C:\Windows\system32\OpenCL.dll
2011-12-05 21:02:16 . 2011-12-05 21:02:16 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2011-12-05 19:47:30 . 2011-12-05 19:47:30 95248 ----a-w- C:\Windows\system32\drivers\AtihdW76.sys
2011-11-24 04:52:09 . 2011-12-14 13:48:44 3145216 ----a-w- C:\Windows\system32\win32k.sys
2011-11-19 14:58:00 . 2012-01-11 13:51:23 77312 ----a-w- C:\Windows\system32\packager.dll
2011-11-19 14:01:00 . 2012-01-11 13:51:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2011-11-17 06:41:18 . 2012-01-11 13:51:24 1731920 ----a-w- C:\Windows\system32\ntdll.dll
2011-11-17 05:38:39 . 2012-01-11 13:51:24 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2011-11-15 16:58:56 . 2011-11-15 16:58:56 146432 ----a-w- C:\Windows\system32\SlotMaximizerAg.dll
2011-11-15 16:58:54 . 2011-11-15 16:58:54 3507712 ----a-w- C:\Windows\system32\SlotMaximizerBe.dll
2011-11-15 16:57:06 . 2011-11-15 16:57:06 2463744 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll
2011-11-15 16:57:02 . 2011-11-15 16:57:02 122880 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll
2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll
2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll
2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll
|
|
12.02.2012, 20:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Log ist leider unvollständig 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.02.2012, 20:53
| #13 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mehr ist in der Datei leider nicht zu finden... Soll ich ComboFix noch einmal neu durchlaufen lassen, oder hätte dies negative Auswirkungen ? |
|
13.02.2012, 10:13
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.02.2012, 17:54
| #15 |
| | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Erfolgreich hochgeladen |
|
| Themen zu Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" |
| andere, anderen, anhang, befinden, bekannte, benutzte, dienst, erneut, erstell, erstellt, hijack, hijackthis, konto, minute, minuten, mitglieder, nicht sicher, personen, problem, ratlos, schei, sicherer, starte, systems, systemstart, troja, unsicherer |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
