|
Plagegeister aller Art und deren Bekämpfung: Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.02.2012, 13:23 | #1 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Hallo liebe Mitglieder des Trojaner-Boards! Wie vielen Personen in jüngster Vergangenheit erging es vor ein paar Minuten auch mir so, dass mich der bekannte "50€-Virus" befiel und nach dem Systemstart mein System unbrauchbar machte. Hektisch und etwas ratlos erkundigte ich mich hier und benutzte OTL, um der Lage Herr zu werden. In meiner Hektik achtete ich jedoch nicht darauf, dass die Kommando-Parameter im OTL für jeden User spezifisch und individuell erstellt wurden, und nahm einen der vorgefertigten Befehle. Nachdem ich anhand dessen OTL seinen Dienst verrichten ließ (von einem anderen Konto aus), und mein System erneut startete, scheint das Problem nun behoben zu sein. Da ich mir nun nicht sicher bin, wie es um mein System steht, befinden sich im Anhang noch ein paar Logs (OTL, Hijackthis). Falls erwünscht, können andersweitige Logs noch nachgereicht werden. Mit freundlichen Grüßen Dennis |
09.02.2012, 16:46 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Bitte KEINE HijackThis Log mehr posten!
__________________Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
10.02.2012, 12:46 | #3 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" MBAM: (Es existieren keine älteren Scans)
__________________Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.10.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Dennis :: DENNIS-PC [Administrator] 10.02.2012 09:15:44 mbam-log-2012-02-10 (09-15-44).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 558292 Laufzeit: 1 Stunde(n), 38 Minute(n), 52 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=7ad4fc2456799d4bb809c2f9f21158a0 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-02-10 11:43:48 # local_time=2012-02-10 12:43:48 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 88340 65409665 79943 0 # compatibility_mode=5893 16776573 100 94 14444 80502694 0 0 # compatibility_mode=8192 67108863 100 0 3691 3691 0 0 # scanned=21459 # found=0 # cleaned=0 # scan_time=1384 Geändert von ch0ka (10.02.2012 um 13:30 Uhr) |
10.02.2012, 14:25 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
10.02.2012, 14:48 | #5 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" OTL OTL Logfile: Code:
ATTFilter OTL logfile created on: 10.02.2012 14:33:31 - Run 2 OTL by OldTimer - Version 3.2.31.0 Folder = H:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,65% Memory free 7,99 Gb Paging File | 6,19 Gb Available in Paging File | 77,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,59 Gb Total Space | 16,91 Gb Free Space | 28,86% Space Free | Partition Type: NTFS Drive E: | 97,66 Gb Total Space | 16,71 Gb Free Space | 17,11% Space Free | Partition Type: NTFS Drive F: | 97,66 Gb Total Space | 28,21 Gb Free Space | 28,89% Space Free | Partition Type: NTFS Drive G: | 97,66 Gb Total Space | 0,12 Gb Free Space | 0,12% Space Free | Partition Type: NTFS Drive H: | 101,10 Gb Total Space | 25,63 Gb Free Space | 25,36% Space Free | Partition Type: NTFS Computer Name: DENNIS-PC | User Name: Dennis | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.09 12:58:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- H:\OTL.exe PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWService.exe PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- E:\AdAware\AAWTray.exe PRC - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.20 04:56:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- H:\PowerDVD\PowerDVD11\PDVD11Serv.exe PRC - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe PRC - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe PRC - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe PRC - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.03.28 15:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2010.11.26 03:54:12 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2011.09.26 17:16:22 | 000,147,336 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\RaMaint.exe -- (LMIMaint) SRV - [2011.09.26 17:16:16 | 000,375,176 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- E:\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc) SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- E:\AdAware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2011.06.29 13:57:55 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.20 04:56:47 | 000,083,240 | ---- | M] () [Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD) SRV - [2011.03.31 14:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service) SRV - [2011.03.31 14:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service) SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.01.11 18:04:04 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- E:\LogMeIn\x64\LogMeIn.exe -- (LogMeIn) SRV - [2011.01.03 01:48:49 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2010.10.25 13:18:19 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.09.14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010.09.14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.06.29 13:57:56 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.06.29 13:57:56 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.06.08 12:06:32 | 000,087,456 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP) DRV:64bit: - [2011.04.29 11:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.11 18:04:04 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver) DRV:64bit: - [2011.01.11 18:04:00 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr) DRV:64bit: - [2010.12.25 20:11:09 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.12.25 16:16:09 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.11.26 05:20:20 | 008,120,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.11.26 03:16:46 | 000,289,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.16 16:24:16 | 000,015,672 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV:64bit: - [2010.09.14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010.09.14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010.09.14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010.09.14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010.07.21 16:58:50 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2010.07.12 19:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2010.05.11 11:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.26 16:54:22 | 000,032,768 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64) DRV:64bit: - [2009.08.23 10:55:32 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2011.08.22 22:18:31 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- E:\AdAware\kernexplorer64.sys -- (Lavasoft Kernexplorer) DRV - [2011.04.20 04:56:48 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys -- (ntk_PowerDVD) DRV - [2011.04.12 10:16:53 | 000,148,976 | ---- | M] (CyberLink Corp.) [2012/02/09 09:44:33] [Kernel | Auto | Running] -- H:\PowerDVD\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) DRV - [2011.01.11 18:04:04 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- E:\LogMeIn\x64\rainfo.sys -- (LMIInfo) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.7 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.2b FF - prefs.js..extensions.enabledItems: {6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3}:1.4.14 FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: E:\DivXWebPlayer\DivX Content Uploader\npUpload.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: E:\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: E:\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.25 16:34:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: E:\Firefox\components [2012.02.10 13:27:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: E:\Firefox\plugins [2011.10.19 18:08:41 | 000,000,000 | ---D | M] [2010.12.24 19:24:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Extensions [2012.01.26 09:07:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions [2011.03.16 23:36:45 | 000,000,000 | ---D | M] (Fire.fm) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{6F0976E6-26F3-4AFE-BBEC-9E99E27E4DF3} [2011.12.24 15:56:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.26 09:07:33 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.10.21 13:02:03 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Users\Dennis\AppData\Roaming\mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\SECURELOGIN@BLUEIMP.NET.XPI () (No name found) -- C:\USERS\DENNIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WEF4PQ6T.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI Hosts file not found O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [LogMeIn GUI] E:\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [RemoteControl11] H:\PowerDVD\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] E:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - E:\ICQ\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{32EBF9C2-18F3-4502-8B1D-5DC6412F6EDE}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3A2E9BA4-4171-4983-B472-E525B029C54D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{435C03AB-BF0C-4DFB-9C9D-C282B4ED729A}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C19A40CF-B54E-41CD-808E-C2E68611E58C}: DhcpNameServer = 10.44.37.100 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (lsdelete) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivX Download Manager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - E:\ICQ\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig:64bit - StartUpReg: VideoWebCamera - hkey= - key= - C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited) SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Lavasoft Ad-Aware Service - E:\AdAware\AAWService.exe (Lavasoft Limited) SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.10 12:19:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.02.09 13:43:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview [2012.02.09 13:41:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders [2012.02.09 09:44:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 11 [2012.02.08 16:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2012.02.08 16:35:29 | 000,015,672 | ---- | C] (InterVideo) -- C:\Windows\SysNative\drivers\regi.sys [2012.02.07 15:32:20 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaShow [2012.02.07 15:31:29 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Documents\CyberLink [2012.02.07 15:27:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink [2012.02.07 15:27:02 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\MediaServer [2012.02.07 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD [2012.02.07 15:26:44 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\CyberLink [2012.02.07 15:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.02.07 15:13:12 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2012.02.07 15:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap [2012.02.02 14:32:28 | 000,000,000 | ---D | C] -- C:\Users\Dennis\Desktop\Data [2012.01.30 00:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ [2012.01.29 19:25:25 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Avira [2012.01.29 11:24:18 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache [2012.01.29 11:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker [2012.01.26 13:19:15 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Local\FullTiltPoker [2012.01.26 13:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MMI PHARMINDEX [2012.01.19 23:47:32 | 000,000,000 | ---D | C] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2012.01.19 19:14:13 | 000,000,000 | ---D | C] -- C:\med7net [2012.01.16 15:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PassMark [2012.01.16 15:30:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyboardTest [2012.01.12 11:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.08.13 21:33:20 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Dennis\AppData\Roaming\pcouffin.sys [2010.10.25 13:11:10 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe ========== Files - Modified Within 30 Days ========== [2012.02.10 14:22:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.10 09:22:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 09:15:22 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.10 09:13:23 | 001,501,272 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.10 09:13:23 | 000,653,986 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.10 09:13:23 | 000,615,918 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.10 09:13:23 | 000,131,652 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.10 09:13:23 | 000,107,642 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.10 09:07:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.10 09:07:17 | 3217,211,392 | -HS- | M] () -- C:\hiberfil.sys [2012.02.09 14:20:59 | 000,299,936 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.08 16:36:05 | 000,000,040 | -H-- | M] () -- C:\Windows\SysNative\ivireg.ivr [2012.02.07 16:42:24 | 000,006,144 | ---- | M] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.07 12:22:36 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat [2012.02.07 12:22:36 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat [2012.01.30 09:33:30 | 000,001,494 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.01.15 16:26:47 | 000,280,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.01.15 16:25:33 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 ========== Files Created - No Company Name ========== [2012.02.08 16:35:58 | 000,000,040 | -H-- | C] () -- C:\Windows\SysNative\ivireg.ivr [2011.12.20 20:50:18 | 000,000,534 | ---- | C] () -- C:\Windows\eReg.dat [2011.09.04 16:36:28 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat [2011.09.04 16:36:28 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat [2011.08.22 21:05:21 | 000,000,008 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe [2011.08.13 21:33:20 | 000,099,384 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\inst.exe [2011.08.13 21:33:20 | 000,007,859 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.cat [2011.08.13 21:33:20 | 000,001,167 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\pcouffin.inf [2011.06.06 19:43:06 | 000,000,343 | ---- | C] () -- C:\Windows\ATB_Prec.Ini [2011.04.14 11:27:50 | 000,006,144 | ---- | C] () -- C:\Users\Dennis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.14 11:26:09 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2011.02.23 13:12:57 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2011.02.16 20:02:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.02.11 15:07:04 | 000,001,057 | ---- | C] () -- C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml [2011.01.29 20:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\LiveBilliardsDemo.INI [2011.01.14 11:04:40 | 001,528,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.01.05 14:21:21 | 000,007,605 | ---- | C] () -- C:\Users\Dennis\AppData\Local\Resmon.ResmonCfg [2011.01.03 01:10:37 | 000,280,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.01.03 01:10:33 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.01.03 01:10:33 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.12.24 23:39:49 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010.12.24 19:24:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.25 13:11:10 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.10.25 13:11:10 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.10.25 13:11:10 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.10.25 13:06:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.09.17 20:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2005.07.14 15:22:22 | 000,159,744 | ---- | C] () -- C:\Windows\SysWow64\ssleay32.dll [2005.07.14 15:22:21 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\libeay32.dll ========== LOP Check ========== [2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon [2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC [2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software [2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize [2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client [2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject [2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3 [2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca [2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX [2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP [2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt [2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso [2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net [2011.05.26 21:21:10 | 000,032,620 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.06.01 12:00:05 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\AccurateRip [2011.10.19 18:11:46 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Adobe [2010.12.25 20:28:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Atari [2010.12.24 18:50:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ATI [2012.01.29 19:25:25 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Avira [2011.06.05 02:14:07 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Babylon [2012.02.07 15:31:56 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\CyberLink [2010.12.25 21:35:47 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DAEMON Tools Lite [2012.02.04 22:02:31 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\DivX [2011.06.01 11:09:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\EAC [2010.12.25 02:58:36 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Foxit Software [2012.01.20 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex [2011.12.15 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\GetFoldersize [2012.02.01 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\ICQ [2010.12.24 18:48:33 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Identities [2010.12.25 20:25:39 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Leadertech [2010.12.24 18:48:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Macromedia [2011.08.22 22:18:59 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Malwarebytes [2009.07.14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Media Center Programs [2012.01.19 19:13:50 | 000,000,000 | --SD | M] -- C:\Users\Dennis\AppData\Roaming\Microsoft [2010.12.24 19:24:52 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla [2012.01.29 11:24:18 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache [2011.12.03 11:32:22 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Nero [2011.04.14 10:31:19 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\OpenOffice.org [2011.01.03 01:34:23 | 000,000,000 | RH-D | M] -- C:\Users\Dennis\AppData\Roaming\SecuROM [2012.01.12 12:57:42 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Skype [2012.01.12 11:55:09 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\skypePM [2012.01.26 14:52:17 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SoftGrid Client [2012.01.09 10:50:10 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\SpeedProject [2011.09.04 16:58:11 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Stand O'Food 3 [2011.02.23 13:09:32 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Teleca [2011.06.18 23:38:30 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\thriXXX [2011.01.14 11:05:54 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TP [2011.07.06 22:41:45 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TrueCrypt [2011.10.12 09:52:57 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\TuneUp Software [2011.08.14 13:13:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\vlc [2011.08.13 21:33:21 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Vso [2011.08.06 22:28:41 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\wargaming.net [2011.01.28 13:27:48 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\Winamp [2010.12.25 21:49:55 | 000,000,000 | ---D | M] -- C:\Users\Dennis\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.08.13 21:33:20 | 000,099,384 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\inst.exe [2011.08.22 21:05:21 | 000,000,008 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe [2011.08.22 21:12:43 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe [2012.01.30 18:33:15 | 005,185,536 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe [2012.01.30 18:33:15 | 000,028,672 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe [2010.12.27 08:24:04 | 000,010,134 | R--- | M] () -- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe [2011.05.19 10:06:56 | 000,374,160 | ---- | M] (LogMeIn, Inc.) -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe [2011.05.16 12:31:42 | 000,070,984 | ---- | M] () -- C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\wef4pq6t.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2010.07.17 20:26:04 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956 < End of report > |
10.02.2012, 16:38 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://packardbell.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://packardbell.msn.com O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found O4 - HKCU..\Run: [SpybotSD TeaTimer] E:\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Dennis\Desktop\PartyPoker.lnk File not found @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:BC359956 :Files C:\Users\Dennis\AppData\Roaming\*.exe C:\Users\Dennis\AppData\Roaming\Babylon :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" |
12.02.2012, 10:48 | #7 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Hier die OTL-Logfile nach dem Fix: Code:
ATTFilter All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully. 64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. 64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully. E:\Spybot - Search & Destroy\TeaTimer.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found. ADS C:\ProgramData\Temp:BC359956 deleted successfully. ========== FILES ========== C:\Users\Dennis\AppData\Roaming\inst.exe moved successfully. C:\Users\Dennis\AppData\Roaming\Me gone wild nude JPEG.exe moved successfully. C:\Users\Dennis\AppData\Roaming\Babylon folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: cHk ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 1660502 bytes ->FireFox cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Dennis ->Temp folder emptied: 17678844 bytes ->Temporary Internet Files folder emptied: 3921171 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 644459455 bytes ->Flash cache emptied: 4327 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 256377 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 637,00 mb HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 02122012_103717 Files\Folders moved on Reboot... C:\Users\Dennis\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Dennis\AppData\Local\Temp\~PI46E4.tmp moved successfully. File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot. File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. Registry entries deleted on Reboot... |
12.02.2012, 14:43 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 16:53 | #9 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus"Code:
ATTFilter 16:53:08.0824 1160 TDSS rootkit removing tool 2.7.11.0 Feb 9 2012 10:12:57 16:53:08.0906 1160 ============================================================ 16:53:08.0906 1160 Current date / time: 2012/02/12 16:53:08.0906 16:53:08.0906 1160 SystemInfo: 16:53:08.0907 1160 16:53:08.0907 1160 OS Version: 6.1.7601 ServicePack: 1.0 16:53:08.0907 1160 Product type: Workstation 16:53:08.0907 1160 ComputerName: DENNIS-PC 16:53:08.0907 1160 UserName: Dennis 16:53:08.0907 1160 Windows directory: C:\Windows 16:53:08.0907 1160 System windows directory: C:\Windows 16:53:08.0907 1160 Running under WOW64 16:53:08.0907 1160 Processor architecture: Intel x64 16:53:08.0907 1160 Number of processors: 2 16:53:08.0907 1160 Page size: 0x1000 16:53:08.0907 1160 Boot type: Normal boot 16:53:08.0907 1160 ============================================================ 16:53:10.0110 1160 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:53:10.0115 1160 \Device\Harddisk0\DR0: 16:53:10.0115 1160 MBR used 16:53:10.0115 1160 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000 16:53:10.0115 1160 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x7530000 16:53:10.0136 1160 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x8F63000, BlocksNum 0xC350000 16:53:10.0155 1160 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x152B3800, BlocksNum 0xC350000 16:53:10.0176 1160 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21604000, BlocksNum 0xC350000 16:53:10.0194 1160 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x2D954800, BlocksNum 0xCA31000 16:53:10.0425 1160 Initialize success 16:53:10.0425 1160 ============================================================ 16:53:14.0221 1972 ============================================================ 16:53:14.0221 1972 Scan started 16:53:14.0221 1972 Mode: Manual; SigCheck; TDLFS; 16:53:14.0221 1972 ============================================================ 16:53:15.0662 1972 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 16:53:15.0719 1972 1394ohci - ok 16:53:15.0777 1972 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 16:53:15.0793 1972 ACPI - ok 16:53:15.0857 1972 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 16:53:15.0873 1972 AcpiPmi - ok 16:53:16.0054 1972 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 16:53:16.0072 1972 adp94xx - ok 16:53:16.0132 1972 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 16:53:16.0147 1972 adpahci - ok 16:53:16.0272 1972 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 16:53:16.0284 1972 adpu320 - ok 16:53:16.0417 1972 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys 16:53:16.0436 1972 AFD - ok 16:53:16.0549 1972 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 16:53:16.0560 1972 agp440 - ok 16:53:16.0663 1972 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 16:53:16.0677 1972 aliide - ok 16:53:16.0816 1972 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 16:53:16.0825 1972 amdide - ok 16:53:16.0877 1972 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 16:53:16.0915 1972 amdiox64 - ok 16:53:17.0027 1972 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 16:53:17.0041 1972 AmdK8 - ok 16:53:17.0313 1972 amdkmdag (9e3b4946f7e1bca0b763e19d81edbf2c) C:\Windows\system32\DRIVERS\atikmdag.sys 16:53:17.0481 1972 amdkmdag - ok 16:53:17.0576 1972 amdkmdap (b9e1c7b7f1865f99b16ff2e1bb94edb6) C:\Windows\system32\DRIVERS\atikmpag.sys 16:53:17.0616 1972 amdkmdap - ok 16:53:17.0694 1972 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 16:53:17.0708 1972 AmdPPM - ok 16:53:17.0765 1972 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 16:53:17.0776 1972 amdsata - ok 16:53:17.0828 1972 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 16:53:17.0845 1972 amdsbs - ok 16:53:17.0926 1972 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 16:53:17.0936 1972 amdxata - ok 16:53:18.0054 1972 AODDriver4.01 (f312fad7dbd49ed21a194ac71b497832) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 16:53:18.0064 1972 AODDriver4.01 - ok 16:53:18.0175 1972 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 16:53:18.0211 1972 AppID - ok 16:53:18.0326 1972 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 16:53:18.0337 1972 arc - ok 16:53:18.0384 1972 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 16:53:18.0395 1972 arcsas - ok 16:53:18.0515 1972 ArcSec (36661a0497d8ed2d07b82524df932ea3) C:\Windows\system32\drivers\ArcSec.sys 16:53:18.0528 1972 ArcSec - ok 16:53:18.0631 1972 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 16:53:18.0674 1972 AsyncMac - ok 16:53:18.0705 1972 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 16:53:18.0716 1972 atapi - ok 16:53:18.0851 1972 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys 16:53:18.0900 1972 athr - ok 16:53:19.0034 1972 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys 16:53:19.0044 1972 AtiHDAudioService - ok 16:53:19.0098 1972 AtiPcie (c07a040d6b5a42dd41ee386cf90974c8) C:\Windows\system32\DRIVERS\AtiPcie.sys 16:53:19.0106 1972 AtiPcie - ok 16:53:19.0174 1972 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys 16:53:19.0183 1972 avgntflt - ok 16:53:19.0219 1972 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys 16:53:19.0229 1972 avipbb - ok 16:53:19.0317 1972 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 16:53:19.0336 1972 b06bdrv - ok 16:53:19.0389 1972 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 16:53:19.0405 1972 b57nd60a - ok 16:53:19.0511 1972 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 16:53:19.0549 1972 Beep - ok 16:53:19.0604 1972 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 16:53:19.0618 1972 blbdrive - ok 16:53:19.0664 1972 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 16:53:19.0677 1972 bowser - ok 16:53:19.0753 1972 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:53:19.0769 1972 BrFiltLo - ok 16:53:19.0921 1972 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:53:19.0937 1972 BrFiltUp - ok 16:53:20.0099 1972 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 16:53:20.0116 1972 Brserid - ok 16:53:20.0154 1972 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 16:53:20.0170 1972 BrSerWdm - ok 16:53:20.0249 1972 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 16:53:20.0268 1972 BrUsbMdm - ok 16:53:20.0280 1972 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 16:53:20.0294 1972 BrUsbSer - ok 16:53:20.0384 1972 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 16:53:20.0401 1972 BTHMODEM - ok 16:53:20.0512 1972 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 16:53:20.0551 1972 cdfs - ok 16:53:20.0657 1972 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 16:53:20.0672 1972 cdrom - ok 16:53:20.0726 1972 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 16:53:20.0742 1972 circlass - ok 16:53:20.0786 1972 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 16:53:20.0803 1972 CLFS - ok 16:53:20.0960 1972 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 16:53:20.0973 1972 CmBatt - ok 16:53:21.0001 1972 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 16:53:21.0011 1972 cmdide - ok 16:53:21.0097 1972 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 16:53:21.0120 1972 CNG - ok 16:53:21.0164 1972 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 16:53:21.0173 1972 Compbatt - ok 16:53:21.0209 1972 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 16:53:21.0234 1972 CompositeBus - ok 16:53:21.0344 1972 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 16:53:21.0354 1972 crcdisk - ok 16:53:21.0504 1972 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 16:53:21.0544 1972 DfsC - ok 16:53:21.0597 1972 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 16:53:21.0637 1972 discache - ok 16:53:21.0666 1972 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 16:53:21.0680 1972 Disk - ok 16:53:21.0813 1972 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 16:53:21.0828 1972 drmkaud - ok 16:53:21.0926 1972 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 16:53:21.0951 1972 DXGKrnl - ok 16:53:22.0066 1972 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 16:53:22.0116 1972 ebdrv - ok 16:53:22.0211 1972 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 16:53:22.0229 1972 elxstor - ok 16:53:22.0283 1972 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 16:53:22.0296 1972 ErrDev - ok 16:53:22.0379 1972 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 16:53:22.0419 1972 exfat - ok 16:53:22.0439 1972 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 16:53:22.0483 1972 fastfat - ok 16:53:22.0563 1972 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 16:53:22.0576 1972 fdc - ok 16:53:22.0606 1972 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 16:53:22.0618 1972 FileInfo - ok 16:53:22.0628 1972 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 16:53:22.0666 1972 Filetrace - ok 16:53:22.0752 1972 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 16:53:22.0768 1972 flpydisk - ok 16:53:22.0825 1972 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 16:53:22.0839 1972 FltMgr - ok 16:53:22.0876 1972 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 16:53:22.0886 1972 FsDepends - ok 16:53:22.0897 1972 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 16:53:22.0907 1972 Fs_Rec - ok 16:53:22.0965 1972 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 16:53:22.0981 1972 fvevol - ok 16:53:23.0010 1972 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 16:53:23.0021 1972 gagp30kx - ok 16:53:23.0146 1972 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 16:53:23.0163 1972 hcw85cir - ok 16:53:23.0219 1972 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 16:53:23.0238 1972 HdAudAddService - ok 16:53:23.0329 1972 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 16:53:23.0346 1972 HDAudBus - ok 16:53:23.0385 1972 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 16:53:23.0400 1972 HidBatt - ok 16:53:23.0419 1972 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 16:53:23.0437 1972 HidBth - ok 16:53:23.0458 1972 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 16:53:23.0476 1972 HidIr - ok 16:53:23.0578 1972 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 16:53:23.0592 1972 HidUsb - ok 16:53:23.0649 1972 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 16:53:23.0660 1972 HpSAMD - ok 16:53:23.0754 1972 HTCAND64 (cf44b25ae808765d7308f412ad492ddb) C:\Windows\system32\Drivers\ANDROIDUSB.sys 16:53:23.0767 1972 HTCAND64 - ok 16:53:23.0815 1972 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 16:53:23.0862 1972 HTTP - ok 16:53:23.0891 1972 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 16:53:23.0901 1972 hwpolicy - ok 16:53:23.0970 1972 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 16:53:23.0984 1972 i8042prt - ok 16:53:24.0049 1972 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 16:53:24.0065 1972 iaStorV - ok 16:53:24.0188 1972 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 16:53:24.0199 1972 iirsp - ok 16:53:24.0295 1972 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys 16:53:24.0345 1972 IntcAzAudAddService - ok 16:53:24.0376 1972 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 16:53:24.0386 1972 intelide - ok 16:53:24.0472 1972 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 16:53:24.0486 1972 intelppm - ok 16:53:24.0541 1972 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:53:24.0579 1972 IpFilterDriver - ok 16:53:24.0618 1972 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 16:53:24.0632 1972 IPMIDRV - ok 16:53:24.0673 1972 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 16:53:24.0716 1972 IPNAT - ok 16:53:24.0776 1972 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 16:53:24.0796 1972 IRENUM - ok 16:53:24.0841 1972 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 16:53:24.0851 1972 isapnp - ok 16:53:24.0903 1972 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 16:53:24.0917 1972 iScsiPrt - ok 16:53:24.0980 1972 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys 16:53:24.0994 1972 k57nd60a - ok 16:53:25.0060 1972 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 16:53:25.0070 1972 kbdclass - ok 16:53:25.0189 1972 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 16:53:25.0203 1972 kbdhid - ok 16:53:25.0241 1972 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 16:53:25.0252 1972 KSecDD - ok 16:53:25.0298 1972 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 16:53:25.0310 1972 KSecPkg - ok 16:53:25.0388 1972 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 16:53:25.0429 1972 ksthunk - ok 16:53:25.0542 1972 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) E:\AdAware\KernExplorer64.sys 16:53:25.0551 1972 Lavasoft Kernexplorer - ok 16:53:25.0686 1972 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys 16:53:25.0695 1972 Lbd - ok 16:53:25.0763 1972 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 16:53:25.0804 1972 lltdio - ok 16:53:25.0900 1972 LMIInfo (0317335b15ff3bda8e10197e3434cfc0) E:\LogMeIn\x64\RaInfo.sys 16:53:25.0908 1972 LMIInfo - ok 16:53:26.0012 1972 lmimirr (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys 16:53:26.0021 1972 lmimirr - ok 16:53:26.0085 1972 LMIRfsClientNP - ok 16:53:26.0140 1972 LMIRfsDriver (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys 16:53:26.0149 1972 LMIRfsDriver - ok 16:53:26.0253 1972 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 16:53:26.0265 1972 LSI_FC - ok 16:53:26.0295 1972 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 16:53:26.0306 1972 LSI_SAS - ok 16:53:26.0334 1972 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:53:26.0344 1972 LSI_SAS2 - ok 16:53:26.0369 1972 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:53:26.0381 1972 LSI_SCSI - ok 16:53:26.0480 1972 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 16:53:26.0521 1972 luafv - ok 16:53:26.0568 1972 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 16:53:26.0580 1972 megasas - ok 16:53:26.0601 1972 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 16:53:26.0616 1972 MegaSR - ok 16:53:26.0647 1972 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 16:53:26.0688 1972 Modem - ok 16:53:26.0724 1972 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 16:53:26.0740 1972 monitor - ok 16:53:26.0786 1972 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 16:53:26.0796 1972 mouclass - ok 16:53:26.0845 1972 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 16:53:26.0858 1972 mouhid - ok 16:53:26.0918 1972 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 16:53:26.0929 1972 mountmgr - ok 16:53:26.0985 1972 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 16:53:26.0997 1972 mpio - ok 16:53:27.0022 1972 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 16:53:27.0063 1972 mpsdrv - ok 16:53:27.0128 1972 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 16:53:27.0148 1972 MRxDAV - ok 16:53:27.0185 1972 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 16:53:27.0200 1972 mrxsmb - ok 16:53:27.0236 1972 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:53:27.0251 1972 mrxsmb10 - ok 16:53:27.0281 1972 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:53:27.0295 1972 mrxsmb20 - ok 16:53:27.0337 1972 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 16:53:27.0347 1972 msahci - ok 16:53:27.0384 1972 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 16:53:27.0396 1972 msdsm - ok 16:53:27.0492 1972 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 16:53:27.0530 1972 Msfs - ok 16:53:27.0542 1972 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 16:53:27.0579 1972 mshidkmdf - ok 16:53:27.0608 1972 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 16:53:27.0618 1972 msisadrv - ok 16:53:27.0722 1972 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 16:53:27.0760 1972 MSKSSRV - ok 16:53:27.0793 1972 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 16:53:27.0830 1972 MSPCLOCK - ok 16:53:27.0884 1972 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 16:53:27.0923 1972 MSPQM - ok 16:53:27.0978 1972 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 16:53:27.0993 1972 MsRPC - ok 16:53:28.0029 1972 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 16:53:28.0041 1972 mssmbios - ok 16:53:28.0129 1972 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 16:53:28.0166 1972 MSTEE - ok 16:53:28.0180 1972 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 16:53:28.0194 1972 MTConfig - ok 16:53:28.0224 1972 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 16:53:28.0234 1972 Mup - ok 16:53:28.0296 1972 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 16:53:28.0317 1972 NativeWifiP - ok 16:53:28.0398 1972 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 16:53:28.0423 1972 NDIS - ok 16:53:28.0464 1972 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 16:53:28.0502 1972 NdisCap - ok 16:53:28.0587 1972 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 16:53:28.0626 1972 NdisTapi - ok 16:53:28.0666 1972 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 16:53:28.0702 1972 Ndisuio - ok 16:53:28.0735 1972 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 16:53:28.0773 1972 NdisWan - ok 16:53:28.0825 1972 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 16:53:28.0862 1972 NDProxy - ok 16:53:28.0965 1972 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 16:53:29.0003 1972 NetBIOS - ok 16:53:29.0042 1972 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 16:53:29.0082 1972 NetBT - ok 16:53:29.0190 1972 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 16:53:29.0200 1972 nfrd960 - ok 16:53:29.0238 1972 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 16:53:29.0279 1972 Npfs - ok 16:53:29.0447 1972 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 16:53:29.0487 1972 nsiproxy - ok 16:53:29.0579 1972 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 16:53:29.0616 1972 Ntfs - ok 16:53:29.0835 1972 ntk_PowerDVD12 (eaac965642ef5f818aed508cadf83e4b) E:\PowerDVD 12\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys 16:53:29.0844 1972 ntk_PowerDVD12 - ok 16:53:29.0931 1972 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 16:53:29.0969 1972 Null - ok 16:53:30.0009 1972 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 16:53:30.0021 1972 nvraid - ok 16:53:30.0062 1972 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 16:53:30.0076 1972 nvstor - ok 16:53:30.0119 1972 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 16:53:30.0131 1972 nv_agp - ok 16:53:30.0167 1972 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 16:53:30.0182 1972 ohci1394 - ok 16:53:30.0476 1972 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 16:53:30.0490 1972 Parport - ok 16:53:30.0524 1972 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys 16:53:30.0534 1972 partmgr - ok 16:53:30.0575 1972 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 16:53:30.0588 1972 pci - ok 16:53:30.0612 1972 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 16:53:30.0622 1972 pciide - ok 16:53:30.0659 1972 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 16:53:30.0673 1972 pcmcia - ok 16:53:30.0701 1972 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 16:53:30.0711 1972 pcw - ok 16:53:30.0729 1972 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 16:53:30.0776 1972 PEAUTH - ok 16:53:30.0872 1972 Point64 (b8d8ec78b0f9ed8e220506181274f3d3) C:\Windows\system32\DRIVERS\point64.sys 16:53:30.0881 1972 Point64 - ok 16:53:30.0985 1972 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 16:53:31.0023 1972 PptpMiniport - ok 16:53:31.0050 1972 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 16:53:31.0064 1972 Processor - ok 16:53:31.0179 1972 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 16:53:31.0217 1972 Psched - ok 16:53:31.0248 1972 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 16:53:31.0257 1972 PxHlpa64 - ok 16:53:31.0319 1972 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 16:53:31.0353 1972 ql2300 - ok 16:53:31.0375 1972 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 16:53:31.0387 1972 ql40xx - ok 16:53:31.0416 1972 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 16:53:31.0434 1972 QWAVEdrv - ok 16:53:31.0463 1972 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 16:53:31.0501 1972 RasAcd - ok 16:53:31.0613 1972 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 16:53:31.0652 1972 RasAgileVpn - ok 16:53:31.0787 1972 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 16:53:31.0825 1972 Rasl2tp - ok 16:53:31.0859 1972 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 16:53:31.0900 1972 RasPppoe - ok 16:53:31.0912 1972 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 16:53:31.0952 1972 RasSstp - ok 16:53:31.0996 1972 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 16:53:32.0037 1972 rdbss - ok 16:53:32.0065 1972 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 16:53:32.0081 1972 rdpbus - ok 16:53:32.0106 1972 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 16:53:32.0144 1972 RDPCDD - ok 16:53:32.0228 1972 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 16:53:32.0266 1972 RDPENCDD - ok 16:53:32.0291 1972 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 16:53:32.0331 1972 RDPREFMP - ok 16:53:32.0367 1972 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys 16:53:32.0407 1972 RDPWD - ok 16:53:32.0504 1972 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 16:53:32.0517 1972 rdyboost - ok 16:53:32.0590 1972 regi (84c83c7577407c4ff6ab1379ee944610) C:\Windows\system32\drivers\regi.sys 16:53:32.0600 1972 regi - ok 16:53:32.0727 1972 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 16:53:32.0767 1972 rspndr - ok 16:53:32.0866 1972 RSUSBSTOR (763ae0c6d9df4c24b7e2c26036a8188a) C:\Windows\system32\Drivers\RtsUStor.sys 16:53:32.0886 1972 RSUSBSTOR - ok 16:53:32.0923 1972 RTHDMIAzAudService (d6d381b76056c668679723938f06f16c) C:\Windows\system32\drivers\RtHDMIVX.sys 16:53:32.0934 1972 RTHDMIAzAudService - ok 16:53:33.0011 1972 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 16:53:33.0023 1972 sbp2port - ok 16:53:33.0099 1972 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 16:53:33.0137 1972 scfilter - ok 16:53:33.0200 1972 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 16:53:33.0241 1972 secdrv - ok 16:53:33.0304 1972 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 16:53:33.0316 1972 Serenum - ok 16:53:33.0352 1972 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 16:53:33.0366 1972 Serial - ok 16:53:33.0456 1972 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 16:53:33.0469 1972 sermouse - ok 16:53:33.0518 1972 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 16:53:33.0531 1972 sffdisk - ok 16:53:33.0552 1972 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 16:53:33.0566 1972 sffp_mmc - ok 16:53:33.0611 1972 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 16:53:33.0626 1972 sffp_sd - ok 16:53:33.0651 1972 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 16:53:33.0665 1972 sfloppy - ok 16:53:33.0792 1972 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys 16:53:33.0813 1972 Sftfs - ok 16:53:33.0865 1972 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys 16:53:33.0877 1972 Sftplay - ok 16:53:33.0906 1972 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys 16:53:33.0914 1972 Sftredir - ok 16:53:34.0018 1972 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys 16:53:34.0026 1972 Sftvol - ok 16:53:34.0141 1972 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:53:34.0152 1972 SiSRaid2 - ok 16:53:34.0194 1972 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 16:53:34.0206 1972 SiSRaid4 - ok 16:53:34.0256 1972 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 16:53:34.0307 1972 Smb - ok 16:53:34.0411 1972 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 16:53:34.0421 1972 spldr - ok 16:53:34.0496 1972 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 16:53:34.0497 1972 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 16:53:34.0519 1972 sptd ( LockedFile.Multi.Generic ) - warning 16:53:34.0519 1972 sptd - detected LockedFile.Multi.Generic (1) 16:53:34.0565 1972 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 16:53:34.0597 1972 srv - ok 16:53:34.0672 1972 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 16:53:34.0692 1972 srv2 - ok 16:53:34.0732 1972 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 16:53:34.0748 1972 srvnet - ok 16:53:34.0895 1972 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 16:53:34.0905 1972 stexstor - ok 16:53:34.0953 1972 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 16:53:34.0963 1972 swenum - ok 16:53:35.0152 1972 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys 16:53:35.0166 1972 SynTP - ok 16:53:35.0253 1972 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys 16:53:35.0298 1972 Tcpip - ok 16:53:35.0375 1972 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys 16:53:35.0417 1972 TCPIP6 - ok 16:53:35.0498 1972 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 16:53:35.0536 1972 tcpipreg - ok 16:53:35.0592 1972 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 16:53:35.0629 1972 TDPIPE - ok 16:53:35.0648 1972 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 16:53:35.0687 1972 TDTCP - ok 16:53:35.0750 1972 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 16:53:35.0791 1972 tdx - ok 16:53:35.0826 1972 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 16:53:35.0836 1972 TermDD - ok 16:53:35.0949 1972 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys 16:53:35.0962 1972 truecrypt - ok 16:53:36.0007 1972 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 16:53:36.0044 1972 tssecsrv - ok 16:53:36.0076 1972 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 16:53:36.0089 1972 TsUsbFlt - ok 16:53:36.0190 1972 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 16:53:36.0228 1972 tunnel - ok 16:53:36.0263 1972 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 16:53:36.0273 1972 uagp35 - ok 16:53:36.0322 1972 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 16:53:36.0361 1972 udfs - ok 16:53:36.0457 1972 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 16:53:36.0467 1972 uliagpkx - ok 16:53:36.0508 1972 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 16:53:36.0521 1972 umbus - ok 16:53:36.0560 1972 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 16:53:36.0573 1972 UmPass - ok 16:53:36.0610 1972 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 16:53:36.0624 1972 usbccgp - ok 16:53:36.0689 1972 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 16:53:36.0706 1972 usbcir - ok 16:53:36.0741 1972 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 16:53:36.0754 1972 usbehci - ok 16:53:36.0864 1972 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 16:53:36.0881 1972 usbhub - ok 16:53:36.0927 1972 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 16:53:36.0940 1972 usbohci - ok 16:53:37.0039 1972 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 16:53:37.0055 1972 usbprint - ok 16:53:37.0091 1972 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS 16:53:37.0104 1972 USBSTOR - ok 16:53:37.0123 1972 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 16:53:37.0136 1972 usbuhci - ok 16:53:37.0231 1972 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 16:53:37.0249 1972 usbvideo - ok 16:53:37.0300 1972 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys 16:53:37.0316 1972 usb_rndisx - ok 16:53:37.0441 1972 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 16:53:37.0452 1972 vdrvroot - ok 16:53:37.0528 1972 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 16:53:37.0545 1972 vga - ok 16:53:37.0565 1972 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 16:53:37.0607 1972 VgaSave - ok 16:53:37.0663 1972 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 16:53:37.0677 1972 vhdmp - ok 16:53:37.0707 1972 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 16:53:37.0717 1972 viaide - ok 16:53:37.0785 1972 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 16:53:37.0796 1972 volmgr - ok 16:53:37.0859 1972 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 16:53:37.0875 1972 volmgrx - ok 16:53:37.0966 1972 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 16:53:37.0980 1972 volsnap - ok 16:53:38.0026 1972 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 16:53:38.0038 1972 vsmraid - ok 16:53:38.0059 1972 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 16:53:38.0075 1972 vwifibus - ok 16:53:38.0156 1972 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 16:53:38.0174 1972 vwififlt - ok 16:53:38.0269 1972 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 16:53:38.0286 1972 vwifimp - ok 16:53:38.0328 1972 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 16:53:38.0341 1972 WacomPen - ok 16:53:38.0435 1972 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:53:38.0472 1972 WANARP - ok 16:53:38.0491 1972 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 16:53:38.0529 1972 Wanarpv6 - ok 16:53:38.0601 1972 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 16:53:38.0612 1972 Wd - ok 16:53:38.0645 1972 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 16:53:38.0668 1972 Wdf01000 - ok 16:53:38.0796 1972 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 16:53:38.0836 1972 WfpLwf - ok 16:53:38.0858 1972 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 16:53:38.0868 1972 WIMMount - ok 16:53:39.0013 1972 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 16:53:39.0030 1972 WinUSB - ok 16:53:39.0087 1972 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 16:53:39.0102 1972 WmiAcpi - ok 16:53:39.0160 1972 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 16:53:39.0200 1972 ws2ifsl - ok 16:53:39.0297 1972 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 16:53:39.0335 1972 WudfPf - ok 16:53:39.0386 1972 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 16:53:39.0429 1972 WUDFRd - ok 16:53:39.0615 1972 {329F96B6-DF1E-4328-BFDA-39EA953C1312} (74983addca2d9618512c088d856d6615) E:\PowerDVD 12\PowerDVD12\Common\NavFilter\000.fcl 16:53:39.0626 1972 {329F96B6-DF1E-4328-BFDA-39EA953C1312} - ok 16:53:39.0688 1972 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:53:39.0912 1972 \Device\Harddisk0\DR0 - ok 16:53:39.0919 1972 Boot (0x1200) (4e3aef28cafcf33c4d429cfcec665d08) \Device\Harddisk0\DR0\Partition0 16:53:39.0920 1972 \Device\Harddisk0\DR0\Partition0 - ok 16:53:39.0936 1972 Boot (0x1200) (f25242f33a915291ecdacca4a033b879) \Device\Harddisk0\DR0\Partition1 16:53:39.0939 1972 \Device\Harddisk0\DR0\Partition1 - ok 16:53:39.0980 1972 Boot (0x1200) (d09cd79c54ec9eab0ae37d102cd56401) \Device\Harddisk0\DR0\Partition2 16:53:39.0982 1972 \Device\Harddisk0\DR0\Partition2 - ok 16:53:40.0000 1972 Boot (0x1200) (f11e41c889f093fad6929d60c432bb0d) \Device\Harddisk0\DR0\Partition3 16:53:40.0002 1972 \Device\Harddisk0\DR0\Partition3 - ok 16:53:40.0021 1972 Boot (0x1200) (9d4d2898fbe398f697f4e6bc6e83608a) \Device\Harddisk0\DR0\Partition4 16:53:40.0023 1972 \Device\Harddisk0\DR0\Partition4 - ok 16:53:40.0042 1972 Boot (0x1200) (0d82256b5134d65ab8b52e3271cb2972) \Device\Harddisk0\DR0\Partition5 16:53:40.0044 1972 \Device\Harddisk0\DR0\Partition5 - ok 16:53:40.0044 1972 ============================================================ 16:53:40.0044 1972 Scan finished 16:53:40.0045 1972 ============================================================ 16:53:40.0063 4900 Detected object count: 1 16:53:40.0063 4900 Actual detected object count: 1 16:53:42.0802 4900 sptd ( LockedFile.Multi.Generic ) - skipped by user 16:53:42.0802 4900 sptd ( LockedFile.Multi.Generic ) - User select action: Skip Geändert von ch0ka (12.02.2012 um 17:40 Uhr) |
12.02.2012, 18:04 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 20:18 | #11 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" War nach dem ComboFix schon ganz verzweifelt, als die von dir genannte Fehlermeldung erschien Aber hier nun der Log (welcher sich übrigens nicht unter "C:\ComboFix.txt" sondern unter "C:\ComboFix/ComboFix.txt" befand Code:
ATTFilter ComboFix 12-02-12.01 - Dennis 12.02.2012 19:14:51.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4091.2616 [GMT 1:00] ausgeführt von:: C:\Users\Dennis\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\Users\Dennis\AppData\Roaming\vso_ts_preview.xml ((((((((((((((((((((((( Dateien erstellt von 2012-01-12 bis 2012-02-12 )))))))))))))))))))))))))))))) 2012-02-12 18:24:58 . 2012-02-12 18:24:58 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-02-12 18:24:58 . 2012-02-12 18:24:58 -------- d-----w- C:\Users\cHk\AppData\Local\temp 2012-02-12 17:13:14 . 2011-05-20 12:49:22 34624 ----a-w- C:\Windows\system32\TURegOpt.exe 2012-02-12 17:13:06 . 2011-05-20 12:43:32 25920 ----a-w- C:\Windows\system32\authuitu.dll 2012-02-12 17:13:06 . 2011-05-20 12:43:26 36160 ----a-w- C:\Windows\system32\uxtuneup.dll 2012-02-12 17:13:06 . 2011-05-20 12:43:18 29504 ----a-w- C:\Windows\SysWow64\uxtuneup.dll 2012-02-12 17:13:02 . 2011-05-20 12:43:30 21312 ----a-w- C:\Windows\SysWow64\authuitu.dll 2012-02-12 15:47:29 . 2012-02-12 15:47:29 -------- d-----w- C:\Users\Dennis\AppData\Roaming\ArcSoft 2012-02-12 15:46:57 . 2012-02-12 15:46:58 -------- d-----w- C:\Users\Dennis\AppData\Local\ArcSoft 2012-02-12 15:46:56 . 2012-02-12 15:46:58 -------- d-----w- C:\ProgramData\ArcSoft 2012-02-12 15:46:56 . 2012-02-12 15:46:56 -------- d-----w- C:\Program Files (x86)\Common Files\ArcSoft 2012-02-12 15:46:52 . 2011-11-10 10:14:14 311872 ----a-w- C:\Windows\system32\drivers\ArcSec.sys 2012-02-12 15:46:52 . 2010-12-30 16:29:20 80448 ----a-w- C:\Windows\system32\MMCEDT5.exe 2012-02-12 15:44:20 . 2012-02-12 15:44:20 -------- d-----w- C:\Users\Dennis\AppData\Local\Downloaded Installations 2012-02-12 15:22:11 . 2012-02-12 15:22:11 -------- d-----w- C:\Users\Dennis\AppData\Local\AMD 2012-02-12 15:21:28 . 2012-02-12 15:21:28 -------- d-----w- C:\ProgramData\ATI 2012-02-12 15:13:42 . 2012-02-12 15:13:42 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-02-12 15:12:35 . 2012-02-12 15:12:35 -------- d-----w- C:\ProgramData\AMD 2012-02-12 15:12:33 . 2010-02-18 08:18:24 46136 ----a-w- C:\Windows\system32\drivers\amdiox64.sys 2012-02-12 09:40:45 . 2012-02-12 09:40:45 -------- d-----w- C:\Windows\system32\%LOCALAPPDATA% 2012-02-10 11:19:13 . 2012-02-10 11:19:13 -------- d-----w- C:\Program Files (x86)\ESET 2012-02-10 08:20:00 . 2012-01-06 05:15:20 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{73B97690-9A8A-484B-9F5A-D364843EC570}\mpengine.dll 2012-02-09 12:43:16 . 2012-02-09 12:43:16 -------- d-----w- C:\Windows\system32\SPReview 2012-02-09 12:41:57 . 2012-02-09 12:41:58 -------- d-----w- C:\Windows\system32\EventProviders 2012-02-09 11:55:02 . 2012-02-09 11:55:02 -------- d-----w- C:\Users\cHk\AppData\Local\LogMeIn 2012-02-08 15:37:38 . 2012-02-08 15:39:35 -------- d-----w- C:\ProgramData\Protexis 2012-02-08 15:35:29 . 2010-11-16 15:24:16 15672 ----a-w- C:\Windows\system32\drivers\regi.sys 2012-02-07 14:32:20 . 2012-02-07 14:32:20 -------- d-----w- C:\Users\Dennis\AppData\Local\MediaShow 2012-02-07 14:27:02 . 2012-02-07 14:27:02 -------- d-----w- C:\Users\Dennis\AppData\Local\MediaServer 2012-02-07 14:26:59 . 2012-02-08 15:05:39 -------- d-----w- C:\ProgramData\PDVD 2012-02-07 14:26:44 . 2012-02-12 16:25:31 -------- d-----w- C:\Users\Public\CyberLink 2012-02-07 14:26:44 . 2012-02-12 16:25:31 -------- d-----w- C:\Users\Dennis\AppData\Local\CyberLink 2012-02-07 14:13:13 . 2012-02-12 16:26:53 -------- d-----w- C:\ProgramData\CyberLink 2012-02-07 14:13:12 . 2012-02-07 14:31:56 -------- d-----w- C:\Users\Dennis\AppData\Roaming\CyberLink 2012-02-07 14:07:03 . 2012-02-07 14:23:05 -------- d-----w- C:\ProgramData\install_clap 2012-01-30 17:33:15 . 2012-01-30 17:33:15 5185536 ----a-r- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\RapeLay.exe 2012-01-30 17:33:15 . 2012-01-30 17:33:15 28672 ----a-r- C:\Users\Dennis\AppData\Roaming\Microsoft\Installer\{D1E1F028-1953-43A3-BFD8-D2A00EC06E36}\_EB52FE80E75B_486E_9850_195DAB8E8D59.exe 2012-01-29 18:25:25 . 2012-01-29 18:25:25 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Avira 2012-01-29 10:24:18 . 2012-01-29 10:24:18 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Mozilla-Cache 2012-01-26 12:19:15 . 2012-01-26 12:20:22 -------- d-----w- C:\Users\Dennis\AppData\Local\FullTiltPoker 2012-01-19 22:47:32 . 2012-01-19 23:10:34 -------- d-----w- C:\Users\Dennis\AppData\Roaming\Gelbe Liste Pharmindex 2012-01-19 18:14:13 . 2012-01-19 18:15:13 -------- d-----w- C:\med7net 2012-01-19 18:13:51 . 2004-12-13 20:16:44 53248 ----a-w- C:\Windows\SysWow64\foxtools.fll 2012-01-16 14:30:36 . 2012-01-16 14:30:36 -------- d-----w- C:\ProgramData\PassMark . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-02-09 12:59:29 . 2009-07-14 02:36:51 175616 ----a-w- C:\Windows\system32\msclmd.dll 2012-02-09 12:59:29 . 2009-07-14 02:36:51 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-01-26 23:52:58 . 2011-02-24 15:18:26 279656 ------w- C:\Windows\system32\MpSigStub.exe 2012-01-15 15:26:47 . 2011-01-03 00:34:46 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-01-15 15:26:47 . 2011-01-03 00:10:37 280736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-01-15 15:25:33 . 2011-01-03 00:10:37 215128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2011-12-10 14:24:08 . 2011-08-22 21:18:46 23152 ----a-w- C:\Windows\system32\drivers\mbam.sys 2011-12-06 03:45:40 . 2011-12-06 03:45:40 10720256 ----a-w- C:\Windows\system32\drivers\atikmdag.sys 2011-12-06 03:18:38 . 2011-12-06 03:18:38 25371136 ----a-w- C:\Windows\system32\atio6axx.dll 2011-12-06 03:17:50 . 2011-12-06 03:17:50 159744 ----a-w- C:\Windows\system32\atiapfxx.exe 2011-12-06 03:17:36 . 2011-12-06 03:17:36 778752 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2011-12-06 03:16:00 . 2011-12-06 03:16:00 933888 ----a-w- C:\Windows\system32\aticfx64.dll 2011-12-06 03:12:52 . 2011-12-06 03:12:52 466944 ----a-w- C:\Windows\system32\ATIDEMGX.dll 2011-12-06 03:12:36 . 2011-12-06 03:12:36 494080 ----a-w- C:\Windows\system32\atieclxx.exe 2011-12-06 03:11:56 . 2011-12-06 03:11:56 235520 ----a-w- C:\Windows\system32\atiesrxx.exe 2011-12-06 03:10:38 . 2011-12-06 03:10:38 120320 ----a-w- C:\Windows\system32\atitmm64.dll 2011-12-06 03:10:20 . 2011-12-06 03:10:20 423424 ----a-w- C:\Windows\system32\atipdl64.dll 2011-12-06 03:10:12 . 2011-12-06 03:10:12 360448 ----a-w- C:\Windows\SysWow64\atipdlxx.dll 2011-12-06 03:10:00 . 2011-12-06 03:10:00 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll 2011-12-06 03:09:56 . 2011-12-06 03:09:56 21504 ----a-w- C:\Windows\system32\atimuixx.dll 2011-12-06 03:09:50 . 2011-12-06 03:09:50 59392 ----a-w- C:\Windows\system32\atiedu64.dll 2011-12-06 03:09:44 . 2011-12-06 03:09:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2011-12-06 03:06:38 . 2011-12-06 03:06:38 6159872 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2011-12-06 02:56:40 . 2011-12-06 02:56:40 19125760 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2011-12-06 02:51:22 . 2011-12-06 02:51:22 7520768 ----a-w- C:\Windows\system32\atidxx64.dll 2011-12-06 02:39:58 . 2011-12-06 02:39:58 1113088 ----a-w- C:\Windows\system32\atiumd6v.dll 2011-12-06 02:39:24 . 2011-12-06 02:39:24 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll 2011-12-06 02:39:12 . 2011-12-06 02:39:12 4072960 ----a-w- C:\Windows\system32\atiumd6a.dll 2011-12-06 02:34:28 . 2011-12-06 02:34:28 51200 ----a-w- C:\Windows\system32\aticalrt64.dll 2011-12-06 02:34:24 . 2011-12-06 02:34:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2011-12-06 02:34:16 . 2011-12-06 02:34:16 44544 ----a-w- C:\Windows\system32\aticalcl64.dll 2011-12-06 02:34:14 . 2011-12-06 02:34:14 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2011-12-06 02:34:00 . 2011-12-06 02:34:00 13738496 ----a-w- C:\Windows\system32\aticaldd64.dll 2011-12-06 02:33:36 . 2011-12-06 02:33:36 5919232 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2011-12-06 02:29:30 . 2011-12-06 02:29:30 11484672 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2011-12-06 02:28:50 . 2011-12-06 02:28:50 4206592 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2011-12-06 02:24:02 . 2011-12-06 02:24:02 7511040 ----a-w- C:\Windows\system32\atiumd64.dll 2011-12-06 02:18:46 . 2011-12-06 02:18:46 58880 ----a-w- C:\Windows\system32\coinst.dll 2011-12-06 02:13:02 . 2010-09-16 10:55:56 509952 ----a-w- C:\Windows\system32\atiadlxx.dll 2011-12-06 02:12:52 . 2011-12-06 02:12:52 356352 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2011-12-06 02:12:38 . 2011-12-06 02:12:38 17408 ----a-w- C:\Windows\system32\atig6pxx.dll 2011-12-06 02:12:34 . 2011-12-06 02:12:34 14336 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2011-12-06 02:12:34 . 2011-12-06 02:12:34 14336 ----a-w- C:\Windows\system32\atiglpxx.dll 2011-12-06 02:12:30 . 2011-12-06 02:12:30 39936 ----a-w- C:\Windows\system32\atig6txx.dll 2011-12-06 02:12:22 . 2011-12-06 02:12:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2011-12-06 02:12:14 . 2011-12-06 02:12:14 327168 ----a-w- C:\Windows\system32\drivers\atikmpag.sys 2011-12-06 02:11:24 . 2010-11-26 02:16:04 42496 ----a-w- C:\Windows\system32\atiuxp64.dll 2011-12-06 02:11:16 . 2011-12-06 02:11:16 33280 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2011-12-06 02:11:10 . 2011-12-06 02:11:10 39936 ----a-w- C:\Windows\system32\atiu9p64.dll 2011-12-06 02:11:02 . 2011-12-06 02:11:02 29696 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2011-12-06 02:10:48 . 2011-12-06 02:10:48 54784 ----a-w- C:\Windows\system32\atimpc64.dll 2011-12-06 02:10:48 . 2011-12-06 02:10:48 54784 ----a-w- C:\Windows\system32\amdpcom64.dll 2011-12-06 02:10:42 . 2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2011-12-06 02:10:42 . 2011-12-06 02:10:42 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2011-12-06 02:10:24 . 2011-12-06 02:10:24 53248 ----a-w- C:\Windows\system32\drivers\ati2erec.dll 2011-12-05 21:04:06 . 2011-12-05 21:04:06 69632 ----a-w- C:\Windows\system32\OpenVideo64.dll 2011-12-05 21:04:00 . 2011-12-05 21:04:00 59904 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2011-12-05 21:03:54 . 2011-12-05 21:03:54 61952 ----a-w- C:\Windows\system32\OVDecode64.dll 2011-12-05 21:03:52 . 2011-12-05 21:03:52 54784 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2011-12-05 21:03:42 . 2011-12-05 21:03:42 17580544 ----a-w- C:\Windows\system32\amdocl64.dll 2011-12-05 21:03:04 . 2011-12-05 21:03:04 14499328 ----a-w- C:\Windows\SysWow64\amdocl.dll 2011-12-05 21:02:20 . 2011-12-05 21:02:20 51200 ----a-w- C:\Windows\system32\OpenCL.dll 2011-12-05 21:02:16 . 2011-12-05 21:02:16 44032 ----a-w- C:\Windows\SysWow64\OpenCL.dll 2011-12-05 19:47:30 . 2011-12-05 19:47:30 95248 ----a-w- C:\Windows\system32\drivers\AtihdW76.sys 2011-11-24 04:52:09 . 2011-12-14 13:48:44 3145216 ----a-w- C:\Windows\system32\win32k.sys 2011-11-19 14:58:00 . 2012-01-11 13:51:23 77312 ----a-w- C:\Windows\system32\packager.dll 2011-11-19 14:01:00 . 2012-01-11 13:51:23 67072 ----a-w- C:\Windows\SysWow64\packager.dll 2011-11-17 06:41:18 . 2012-01-11 13:51:24 1731920 ----a-w- C:\Windows\system32\ntdll.dll 2011-11-17 05:38:39 . 2012-01-11 13:51:24 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll 2011-11-15 16:58:56 . 2011-11-15 16:58:56 146432 ----a-w- C:\Windows\system32\SlotMaximizerAg.dll 2011-11-15 16:58:54 . 2011-11-15 16:58:54 3507712 ----a-w- C:\Windows\system32\SlotMaximizerBe.dll 2011-11-15 16:57:06 . 2011-11-15 16:57:06 2463744 ----a-w- C:\Windows\SysWow64\SlotMaximizerBe.dll 2011-11-15 16:57:02 . 2011-11-15 16:57:02 122880 ----a-w- C:\Windows\SysWow64\SlotMaximizerAg.dll 2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll |
12.02.2012, 20:50 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Log ist leider unvollständig
__________________ Logfiles bitte immer in CODE-Tags posten |
12.02.2012, 20:53 | #13 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Mehr ist in der Datei leider nicht zu finden... Soll ich ComboFix noch einmal neu durchlaufen lassen, oder hätte dies negative Auswirkungen ? |
13.02.2012, 10:13 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
13.02.2012, 17:54 | #15 |
| Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" Erfolgreich hochgeladen |
Themen zu Unsicherer Zustand nach OTL-Anwendung bei "50€-Virus" |
andere, anderen, anhang, befinden, bekannte, benutzte, dienst, erneut, erstell, erstellt, hijack, hijackthis, konto, minute, minuten, mitglieder, nicht sicher, personen, problem, ratlos, schei, sicherer, starte, systems, systemstart, troja, unsicherer |