Trojaner-Board - System der automatischen Informationskontrolle

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - System der automatischen Informationskontrolle - Computer gesperrt (https://www.trojaner-board.de/125448-system-automatischen-informationskontrolle-computer-gesperrt.html)

sooo... nun aber weg mit dem Dreck :kloppen:...

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 08:23:37 Run:2

Running from J:\
 

==============================================
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys copied successfully to C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys
 

==== End of Fixlog ====

FRST-log:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 15-10-2012 08:25:04

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

1 netbt; C:\Windows\System32\DRIVERS\netbt.sys [185856 2009-04-10] ()

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-13 12:20 - 2012-10-13 12:20 - 00000000 ____D C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

2012-10-13 00:19 - 2012-10-13 00:19 - 00000000 ____D C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2}

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-14 22:21 - 2008-09-03 06:04 - 01475577 ____A C:\Windows\WindowsUpdate.log

2012-10-14 22:21 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-14 22:21 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-14 22:21 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-14 22:21 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-14 22:11 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-14 22:06 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-14 22:03 - 2008-01-20 18:47 - 08204360 ____A C:\Windows\PFRO.log

2012-10-14 13:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 11:49 - 2012-07-29 00:47 - 00086016 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01

Restore point made on: 2012-10-14 07:40:06
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3697.84 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3781.42 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.53 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 0     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 5     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 2     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-14 22:11
 

==================== End Of Log ============================

hmmmm....

Suche mit FRST

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick. Schließe den USB Stick an das infizierte System an Du musst das System nun in die System Reparatur Option booten. Über den Boot Manager

Starte den Rechner neu auf.
Während dem Hochfahren drücke mehrmals die F8 Taste
Wähle nun Computer reparieren.
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD

Lege die Windows CD in dein Laufwerk.
Starte den Rechner neu auf und starte von der CD
Wähle die Spracheinstellungen und klicke "Weiter".
Klicke auf Computerreparaturoptionen !!
Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen Eingabeaufforderung

Gib nun bitte notepad ein und drücke Enter.
Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
Schließe Notepad wieder
Gib nun bitte folgenden Befehl ein. e:\frst.exe Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
Akzeptiere den Disclaimer mit Yes und klicke Search file(s).
Es öfnet sich ein Fenster, in dem bereits search: steht.
Füge hier folgendes hinzu:

Code:

netbt.sys

Klicke auf search - das Tool erstellt eine search.txt auf deinem Stick. Poste den Inhalt bitte hier.

Search.txt:

Code:

Farbar Recovery Scan Tool (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 09:05:06

Running from J:\
 

================== Search: "netbt.sys" ===================
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

[2009-09-16 13:19] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys

[2008-01-20 18:24] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

C:\Windows\System32\drivers\netbt.sys

[2009-09-16 13:19] - [2009-04-10 20:45] - 0185856 ____A () 12856F7F1E943F6762A5CA341BE5AC77
 

C:\FRST\Quarantine\netbt.sys

[2009-09-16 13:19] - [2008-01-20 18:24] - 0184320 ____A (Microsoft Corporation) 7C5FEE5B1C5728507CD96FB4A13E7A02
 

=== End Of Search ===

Oh, da hab ich diesmal nen kleinen Fehler gemacht!

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

replace: C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys C:\Windows\System32\drivers\netbt.sys

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Anschließend bitte einen Neustart und ein neues FRST-Log. Diesmal siehts gut aus!

Kein Problem ;)... Bin ja froh, dass ich überhaupt Hilfe bekomme!

Fixlog:

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-10-2012

Ran by SYSTEM at 2012-10-15 09:27:01 Run:3

Running from J:\
 

==============================================
 

C:\Windows\System32\drivers\netbt.sys moved successfully.

C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys copied successfully to C:\Windows\System32\drivers\netbt.sys
 

==== End of Fixlog ====

Frst-log:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-10-2012 (ATTENTION: FRST version is 8 days old)

Ran by SYSTEM at 15-10-2012 09:28:21

Running from J:\

Windows Vista (TM) Home Premium   (X86) OS Language: English(US) 

The current controlset is ControlSet001
 

==================== Registry (Whitelisted) ===================
 

HKLM\...\Run: [RtHDVCpl] RtHDVCpl.exe [x]

HKLM\...\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe [326176 2008-01-09] ()

HKLM\...\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-03-04] (Egis Incorporated)

HKLM\...\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [204908 2008-01-25] ()

HKLM\...\Run: [Apanel] C:\ACERSW\config\SetApanel.cmd [x]

HKLM\...\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe [57344 2006-11-05] (Acer Inc.)

HKLM\...\Run: [eRecoveryService]  [x]

HKLM\...\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe [196128 2007-12-07] (NVIDIA Corporation)

HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)

HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-14] (Adobe Systems Incorporated)

HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1135912 2010-03-05] ()

HKLM\...\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe [x]

HKLM\...\Run: [Skytel] Skytel.exe [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [236016 2008-06-08] (Sonic Solutions)

HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)

HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM\...\Run: [Communicator] "C:\Program Files\Microsoft Lync\communicator.exe" /fromrunkey [12099672 2012-06-11] (Microsoft Corporation)

HKU\Default\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\Default User\...\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe [31528 2007-04-19] ()

HKU\media\...\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)

HKU\media\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk

ShortcutTarget: Empowering Technology Launcher.lnk -> C:\Acer\Empowering Technology\eAPLauncher.exe (Acer Inc.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)

Startup: C:\Users\All Users\Start Menu\Programs\Startup\VPN Client.lnk

ShortcutTarget: VPN Client.lnk -> C:\Windows\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico ()
 

==================== Services (Whitelisted) ===================
 

2 Acer HomeMedia Connect Service; "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" [269448 2008-01-25] (CyberLink)

2 AcerMemUsageCheckService; C:\Acer\Empowering Technology\ePerformance\MemCheck.exe [28672 2007-10-17] ()

2 CVPND; "C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe" [1524512 2007-10-26] (Cisco Systems, Inc.)

2 eDataSecurity Service; "C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" [500784 2008-03-04] (Egis Incorporated)

2 eRecoveryService; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [57344 2007-09-10] (Acer Inc.)

2 eSettingsService; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [24576 2007-12-19] ()

2 MBAMScheduler; "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" [399432 2012-09-07] (Malwarebytes Corporation)

2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [676936 2012-09-07] (Malwarebytes Corporation)

3 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [114144 2012-09-30] (Mozilla Foundation)

3 MSSQL$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [43010392 2009-03-29] (Microsoft Corporation)

4 MSSQLServerADHelper100; "C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE" [47128 2009-03-30] (Microsoft Corporation)

2 RichVideo; "C:\Program Files\CyberLink\Shared Files\RichVideo.exe" [262247 2006-07-19] ()

4 SQLAgent$MSSMLBIZ; "C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE" -i MSSMLBIZ [366936 2009-03-29] (Microsoft Corporation)
 

==================== Drivers (Whitelisted) ====================
 

3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)

2 CVPNDRVA; \??\C:\Windows\system32\Drivers\CVPNDRVA.sys [306300 2007-10-26] (Cisco Systems, Inc.)

3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)

2 int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [15392 2007-07-02] (Acer, Inc.)

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22856 2012-09-07] (Malwarebytes Corporation)

4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-29] (Microsoft Corporation)

2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [14544 2007-11-06] (EnTech Taiwan)

3 USB_RNDIS; C:\Windows\System32\DRIVERS\usb8023.sys [15872 2009-04-10] (Microsoft Corporation)

3 catchme; \??\C:\Users\media\AppData\Local\Temp\catchme.sys [x]

3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]

3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]

3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2012-10-14 06:47 - 2012-10-14 06:47 - 00000000 ____D C:\Users\media\AppData\Local\{C6A3EB50-A185-4214-A79F-87AA08281656}

2012-10-13 12:20 - 2012-10-13 12:20 - 00000000 ____D C:\Users\media\AppData\Local\{F11C2A5C-4B5F-455F-8D58-7F64716ECDE7}

2012-10-13 00:19 - 2012-10-13 00:19 - 00000000 ____D C:\Users\media\AppData\Local\{DEC86578-265F-4226-BE11-218391A0D6E2}

2012-10-12 03:05 - 2012-10-12 03:06 - 00000000 ___SD C:\ComboFix

2012-10-12 02:52 - 2012-10-12 02:52 - 00000000 ____D C:\Users\media\AppData\Local\{BF1FA385-DC97-4B43-81DF-CD502D8D55A3}

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:30 - 2012-10-11 23:30 - 00000000 ____D C:\Program Files\7-Zip

2012-10-11 23:19 - 2012-10-11 23:29 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 23:18 - 2012-10-11 23:18 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-10-11 04:11 - 2012-10-11 04:11 - 00000000 ____D C:\FRST

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-10 22:50 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-10-10 22:50 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-10-10 22:50 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-10-10 22:50 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 22:45 - 2012-10-10 22:50 - 00000000 ____D C:\Qoobox

2012-10-10 22:44 - 2012-10-10 22:44 - 00000000 ____D C:\Windows\erdnt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:18 - 2012-10-11 06:35 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:15 - 2012-10-11 06:33 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-10 00:06 - 2012-10-10 01:02 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\media\AppData\Roaming\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-10-09 23:42 - 2012-10-09 23:42 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware

2012-10-09 23:42 - 2012-09-07 07:04 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 09:06 - 2012-10-09 09:06 - 00000000 ____D C:\Users\media\AppData\Local\{8A1B6F60-E5FB-4734-B65A-73C964158462}

2012-10-08 12:23 - 2012-10-08 12:23 - 00000000 ____D C:\Users\media\AppData\Local\{050A4F8D-AAA6-4EDC-9E78-991F1C76831A}

2012-10-08 00:23 - 2012-10-08 00:23 - 00000000 ____D C:\Users\media\AppData\Local\{A22B6BFF-F514-4E7C-BB99-08A8C7790FEF}

2012-10-07 11:46 - 2012-10-07 11:46 - 00000000 ____D C:\Users\media\AppData\Local\{C3FCA968-C8B6-41BF-AA50-7146AE98C6F4}

2012-10-06 23:46 - 2012-10-06 23:46 - 00000000 ____D C:\Users\media\AppData\Local\{8CB4BC37-FC2D-4426-A2E2-76C6B8CDD75C}

2012-10-05 23:07 - 2012-10-05 23:08 - 00000000 ____D C:\Users\media\AppData\Local\{B7B73E7F-104A-4C89-8141-B1F1D0BAEBD6}

2012-10-05 07:12 - 2012-10-05 07:12 - 00000000 ____D C:\Users\media\AppData\Local\{05DFB635-8E02-4454-8574-7231AD0CB671}

2012-10-03 22:07 - 2012-10-03 22:07 - 00000000 ____D C:\Users\media\AppData\Local\{039A3C17-1589-46C4-B4AE-EF90FB0D70B5}

2012-10-03 00:54 - 2012-10-03 00:54 - 00000000 ____D C:\Users\media\AppData\Local\{6669E752-69BA-4BF4-AAC3-52BEC09CBEDB}

2012-10-02 10:18 - 2012-10-02 10:18 - 00000000 ____D C:\Users\media\AppData\Local\{62A0FF62-1C7C-4C0A-8DAA-E1F058CF9FF9}

2012-10-01 22:12 - 2012-10-01 22:12 - 00000000 ____D C:\Users\media\AppData\Local\{898B9573-F39D-455F-88F6-0671449A0BCA}

2012-10-01 05:14 - 2012-10-01 05:14 - 00000000 ____D C:\Users\media\AppData\Local\{5E37D240-981B-44AD-ACDE-790998226FC8}

2012-09-30 12:12 - 2012-09-30 12:12 - 00000000 ____D C:\Users\media\AppData\Local\{BB0BFB56-9C8C-47FE-A8AF-F86D5B7E941F}

2012-09-30 00:11 - 2012-09-30 00:12 - 00000000 ____D C:\Users\media\AppData\Local\{1734F492-67E6-413E-AD93-B2DD7CFC3764}

2012-09-27 09:42 - 2012-09-27 09:42 - 00000000 ____D C:\Users\media\AppData\Local\{91E8E290-F49E-454A-8A90-3E1DFFFAD544}

2012-09-26 02:21 - 2012-09-26 02:21 - 00000000 ____D C:\Users\media\AppData\Local\{E1BAE48A-F153-42B0-8815-6CBFA38AA56C}

2012-09-25 06:18 - 2012-09-25 06:18 - 00000000 ____D C:\Users\media\AppData\Local\{78E25385-DE03-413C-A9EB-6544A39C5AD3}

2012-09-24 13:27 - 2012-09-24 13:27 - 00000000 ____D C:\Users\media\AppData\Local\{B20421D4-8B43-4A6C-8CD8-17A7A2037173}

2012-09-24 01:27 - 2012-09-24 01:27 - 00000000 ____D C:\Users\media\AppData\Local\{201A71B0-75AA-4F52-8A8B-C8364E8DE1FA}

2012-09-24 01:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-09-24 01:17 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-09-24 01:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-09-24 01:17 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-09-24 01:17 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-09-24 01:17 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-09-24 01:16 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-09-24 01:16 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-09-24 01:16 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-09-24 01:16 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-09-24 01:16 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-09-24 01:16 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-09-24 01:16 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-09-24 01:16 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-09-23 06:17 - 2012-09-23 06:17 - 00000000 ____D C:\Users\media\AppData\Local\{F0EFBA6E-9425-4F79-BF22-F44D821432AE}

2012-09-20 03:12 - 2012-09-20 03:12 - 00000000 ____D C:\Users\media\AppData\Local\{1AF553B1-A3F9-41EB-B6B3-4FFEE00D77BC}

2012-09-19 10:06 - 2012-09-19 10:06 - 00000000 ____D C:\Users\media\AppData\Local\{C6359C56-F04B-420F-B53F-B1BFBF518FDA}

2012-09-18 13:23 - 2012-09-18 13:23 - 00000000 ____D C:\Users\media\AppData\Local\{AEF2CC5B-39A8-436F-96AB-7BD6B832E5C7}

2012-09-18 01:22 - 2012-09-18 01:22 - 00000000 ____D C:\Users\media\AppData\Local\{ED9F5836-966E-439E-B2AC-29A9D96A7CDA}

2012-09-17 06:03 - 2012-09-17 06:03 - 00000000 ____D C:\Users\media\AppData\Local\{4C0E2FEF-678F-4900-A851-1AE659876089}

2012-09-16 12:40 - 2012-09-16 12:40 - 00000000 ____D C:\Users\media\AppData\Local\{ACCC3C8C-4F40-4EF7-9839-872CB1F4C356}

2012-09-15 05:26 - 2012-09-15 05:26 - 00000000 ____D C:\Users\media\AppData\Local\{40E8C996-8AEE-4182-9AAE-03D45DE0C39E}
 
 

==================== 3 Months Modified Files ==================
 

2012-10-14 23:25 - 2008-09-03 06:04 - 01537911 ____A C:\Windows\WindowsUpdate.log

2012-10-14 23:25 - 2006-11-02 05:01 - 00032530 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-10-14 23:25 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-10-14 23:25 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

2012-10-14 23:25 - 2006-11-02 04:47 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

2012-10-14 23:20 - 2008-01-20 23:16 - 01628252 ____A C:\Windows\System32\PerfStringBackup.INI

2012-10-14 23:15 - 2009-03-15 09:32 - 00000374 ____A C:\Windows\System32\Drivers\etc\hosts.ics

2012-10-14 23:12 - 2008-01-20 18:47 - 08204912 ____A C:\Windows\PFRO.log

2012-10-14 23:01 - 2012-07-23 08:29 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-10-13 11:49 - 2012-07-29 00:47 - 00086016 ____A C:\Users\media\Desktop\Trainings Reinhard.xls

2012-10-11 23:30 - 2012-10-11 23:30 - 01110476 ____A C:\Users\media\Downloads\7z920.exe

2012-10-11 23:30 - 2012-10-11 23:30 - 00019524 ____A C:\Users\media\Desktop\TDSSKiller.txt.7z

2012-10-11 23:29 - 2012-10-11 23:19 - 00130586 ____A C:\Users\media\Desktop\TDSSKiller.txt.txt

2012-10-11 06:35 - 2012-10-10 00:18 - 00093990 ____A C:\Users\media\Desktop\OTL.Txt

2012-10-11 06:33 - 2012-10-10 00:15 - 00093956 ____A C:\Users\media\Downloads\OTL.Txt

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____R (Swearware) C:\Users\media\Desktop\ComboFix.exe

2012-10-11 02:01 - 2012-10-11 02:01 - 04765263 ____A (Swearware) C:\Users\media\Downloads\ComboFix.exe

2012-10-11 00:32 - 2010-07-27 08:46 - 00001356 ____A C:\Users\media\AppData\Local\d3d9caps.dat

2012-10-10 22:49 - 2012-10-10 22:49 - 00000027 ____A C:\Windows\System32\MPFServiceFailureCount.txt

2012-10-10 21:54 - 2012-10-10 21:54 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\media\Desktop\tdsskiller.exe

2012-10-10 21:45 - 2012-10-10 21:45 - 04731392 ____A (AVAST Software) C:\Users\media\Downloads\aswMBR.exe

2012-10-10 01:02 - 2012-10-10 00:06 - 00078035 ____A C:\Users\media\Desktop\trojanerboard.txt

2012-10-10 00:29 - 2012-10-10 00:29 - 00134592 ____A C:\Windows\Minidump\Mini101012-01.dmp

2012-10-10 00:29 - 2010-09-13 22:44 - 239283638 ____A C:\Windows\MEMORY.DMP

2012-10-10 00:23 - 2012-10-10 00:23 - 00302592 ____A C:\Users\media\Downloads\3erhjpwb.exe

2012-10-10 00:19 - 2012-10-10 00:19 - 00060154 ____A C:\Users\media\Desktop\Extras.Txt

2012-10-10 00:17 - 2012-10-10 00:17 - 00060154 ____A C:\Users\media\Downloads\Extras.Txt

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL.exe

2012-10-10 00:05 - 2012-10-10 00:05 - 00602112 ____A (OldTimer Tools) C:\Users\media\Downloads\OTL (1).exe

2012-10-10 00:04 - 2012-10-10 00:04 - 00000472 ____A C:\Users\media\Desktop\defogger_disable.log

2012-10-10 00:04 - 2012-10-10 00:04 - 00000000 ____A C:\Users\media\defogger_reenable

2012-10-10 00:03 - 2012-10-10 00:03 - 00050477 ____A C:\Users\media\Downloads\Defogger.exe

2012-10-09 23:42 - 2012-10-09 23:42 - 00000910 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-10-09 23:41 - 2012-10-09 23:41 - 10524080 ____A (Malwarebytes Corporation                                    ) C:\Users\media\Downloads\mbam-setup-1.65.0.1400.exe

2012-10-09 23:08 - 2006-11-02 04:47 - 00429536 ____A C:\Windows\System32\FNTCACHE.DAT

2012-10-09 10:01 - 2012-07-23 08:29 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2012-10-09 10:01 - 2011-06-25 06:42 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2012-10-07 07:32 - 2006-11-02 02:23 - 00000275 ____A C:\Windows\win.ini

2012-10-05 07:13 - 2006-11-02 04:52 - 00133807 ____A C:\Windows\setupact.log

2012-09-13 10:28 - 2006-11-02 02:24 - 62164608 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe

2012-09-07 07:04 - 2012-10-09 23:42 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-23 23:27 - 2012-09-24 01:16 - 12319744 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-08-23 23:03 - 2012-09-24 01:16 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-08-23 22:59 - 2012-09-24 01:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-08-23 22:51 - 2012-09-24 01:16 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-08-23 22:51 - 2012-09-24 01:16 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-08-23 22:49 - 2012-09-24 01:16 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-08-23 22:48 - 2012-09-24 01:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2012-08-23 22:47 - 2012-09-24 01:17 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-08-23 22:47 - 2012-09-24 01:16 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-08-23 22:45 - 2012-09-24 01:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2012-08-23 22:44 - 2012-09-24 01:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-08-23 22:44 - 2012-09-24 01:16 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-08-23 22:43 - 2012-09-24 01:17 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-08-23 22:40 - 2012-09-24 01:17 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-31 01:26 - 2009-09-08 07:43 - 00000850 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-29 13:37 - 2008-09-20 02:52 - 00091136 ____A C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
 

==================== Known DLLs (Whitelisted) =================
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2012-09-01 00:01:22

Restore point made on: 2012-09-02 07:50:43

Restore point made on: 2012-09-04 10:29:58

Restore point made on: 2012-09-06 09:56:51

Restore point made on: 2012-09-07 07:57:32

Restore point made on: 2012-09-08 01:02:50

Restore point made on: 2012-09-11 04:36:25

Restore point made on: 2012-09-12 10:19:30

Restore point made on: 2012-09-13 10:26:53

Restore point made on: 2012-09-15 09:51:06

Restore point made on: 2012-09-18 09:38:55

Restore point made on: 2012-09-24 01:16:46

Restore point made on: 2012-09-26 02:56:58

Restore point made on: 2012-09-27 10:17:34

Restore point made on: 2012-09-29 00:28:15

Restore point made on: 2012-09-30 01:21:32

Restore point made on: 2012-10-01 00:18:57

Restore point made on: 2012-10-01 23:14:16

Restore point made on: 2012-10-04 07:03:22

Restore point made on: 2012-10-04 21:10:54

Restore point made on: 2012-10-06 00:45:10

Restore point made on: 2012-10-07 02:08:04

Restore point made on: 2012-10-09 09:33:17

Restore point made on: 2012-10-11 07:03:59

Restore point made on: 2012-10-12 08:31:00

Restore point made on: 2012-10-13 00:52:01

Restore point made on: 2012-10-14 07:40:06
 

==================== Memory info =========================== 
 

Percentage of memory in use: 9%

Total physical RAM: 4094.44 MB

Available physical RAM: 3697.02 MB

Total Pagefile: 3959.92 MB

Available Pagefile: 3782.31 MB

Total Virtual: 2047.88 MB

Available Virtual: 1990.33 MB
 

==================== Partitions =============================
 

1 Drive c: (ACER) (Fixed) (Total:294.33 GB) (Free:174.52 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (DATA) (Fixed) (Total:294.03 GB) (Free:275.53 GB) NTFS

8 Drive j: (BMW) (Removable) (Total:7.7 GB) (Free:7.7 GB) FAT32

9 Drive x: (PQSERVICE) (Fixed) (Total:7.81 GB) (Free:0.37 GB) NTFS
 

  Disk ###  Status      Size     Free     Dyn  Gpt

  --------  ----------  -------  -------  ---  ---

  Disk 0    Online       596 GB  1083 KB         

  Disk 1    No Media        0 B      0 B         

  Disk 2    No Media        0 B      0 B         

  Disk 3    No Media        0 B      0 B         

  Disk 4    No Media        0 B      0 B         

  Disk 5    Online      7904 MB      0 B         
 

Partitions of Disk 0:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    OEM               7993 MB    32 KB

  Partition 2    Primary            294 GB  7994 MB

  Partition 3    Primary            294 GB   302 GB
 

=========================================================
 

Disk: 0

Partition 1

Type  : 27

Hidden: Yes

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 8     X   PQSERVICE    NTFS   Partition   7993 MB  Healthy    Hidden  
 

=========================================================
 

Disk: 0

Partition 2

Type  : 06

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 0     C   ACER         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Disk: 0

Partition 3

Type  : 07

Hidden: No

Active: No
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 1     D   DATA         NTFS   Partition    294 GB  Healthy            
 

=========================================================
 

Partitions of Disk 5:

===============
 

  Partition ###  Type              Size     Offset

  -------------  ----------------  -------  -------

  Partition 1    Primary           7904 MB    32 KB
 

=========================================================
 

Disk: 5

Partition 1

Type  : 0B

Hidden: No

Active: Yes
 

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info

  ----------  ---  -----------  -----  ----------  -------  ---------  --------

* Volume 3     J   BMW          FAT32  Removable   7904 MB  Healthy            
 

=========================================================
 

Last Boot: 2012-10-14 23:20
 

==================== End Of Log ============================

Starte Windows.
Vergewissere dich, dass Combofix.exe auf dem Desktop liegt.
Drücke die Windows- und die R- Taste gleichzeitig.
Kopiere den Inhalt folgender Codebox in das sich öffnende Fenster:
Code:

combofix /nombr
Klicke OK.
Poste die logdatei hier.

Hey Marius!...

Wieder das alte Problem - Combofix dauert ewig und kommt zu keinem Ergebnis... es ist der selbe Screen zu sehen, den ich weiter vorne schon mal gepostet habe, und zwar dass es ca. 10 Minuten lang geht... und er nach infizierten Dateien sucht...

was soll ich tun?

lg

Ich halte mal Rücksprache...warte bitte.

OTLPE

Falls Du kein Brennprogramm installiert hast, lade
dir bitte ISOBurner herunter.
Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen.
Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.

Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop.
Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
Lege eine leere CD in Deinen Brenner.
ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
Du kannst nun die Fenster des Brennprogramms schließen.

Nun boote von mit der OTLPE CD.
Hinweis: Wie boote ich von CD

Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
Mache einen Doppelklick auf das OTLPE Icon.
Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
OTLpe sollte nun starten.
Drücke Run Scan, um den Scan zu starten.
Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.

Hey Marius!

Alles soweit gemacht, jedoch kommt nach dem laden des REATOGO-X-PE Desktop ein BLUESCREEN und ich kann nichts mehr machen, habe jetzt neu gestartet, um dir das zu schreiben...

lg

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Code:

12:13:32.0587 5832  TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47

12:13:32.0727 5832  ============================================================

12:13:32.0727 5832  Current date / time: 2012/10/15 12:13:32.0727

12:13:32.0727 5832  SystemInfo:

12:13:32.0727 5832  

12:13:32.0727 5832  OS Version: 6.0.6002 ServicePack: 2.0

12:13:32.0727 5832  Product type: Workstation

12:13:32.0727 5832  ComputerName: MEDIA-PC

12:13:32.0727 5832  UserName: media

12:13:32.0727 5832  Windows directory: C:\Windows

12:13:32.0727 5832  System windows directory: C:\Windows

12:13:32.0727 5832  Processor architecture: Intel x86

12:13:32.0727 5832  Number of processors: 4

12:13:32.0727 5832  Page size: 0x1000

12:13:32.0727 5832  Boot type: Normal boot

12:13:32.0727 5832  ============================================================

12:13:33.0052 5832  Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

12:13:33.0082 5832  Drive \Device\Harddisk5\DR5 - Size: 0x1EE000000 (7.72 Gb), SectorSize: 0x200, Cylinders: 0x3EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

12:13:33.0083 5832  ============================================================

12:13:33.0083 5832  \Device\Harddisk0\DR0:

12:13:33.0083 5832  MBR partitions:

12:13:33.0083 5832  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x6, StartLBA 0xF9D000, BlocksNum 0x24CAB000

12:13:33.0083 5832  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25C48000, BlocksNum 0x24C0F800

12:13:33.0083 5832  \Device\Harddisk5\DR5:

12:13:33.0084 5832  MBR partitions:

12:13:33.0084 5832  \Device\Harddisk5\DR5\Partition1: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0xF6FFC0

12:13:33.0084 5832  ============================================================

12:13:33.0122 5832  C: <-> \Device\Harddisk0\DR0\Partition1

12:13:33.0158 5832  D: <-> \Device\Harddisk0\DR0\Partition2

12:13:33.0158 5832  ============================================================

12:13:33.0159 5832  Initialize success

12:13:33.0159 5832  ============================================================

12:13:34.0022 6096  ============================================================

12:13:34.0022 6096  Scan started

12:13:34.0022 6096  Mode: Manual; 

12:13:34.0022 6096  ============================================================

12:13:34.0390 6096  ================ Scan system memory ========================

12:13:34.0390 6096  System memory - ok

12:13:34.0390 6096  ================ Scan services =============================

12:13:34.0497 6096  [ 517D30057C726C797764BFD70A55D82A ] Acer HomeMedia Connect Service C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe

12:13:34.0501 6096  Acer HomeMedia Connect Service - ok

12:13:34.0522 6096  [ E91F2444DF54E725DDBBDDB7FBCE71F5 ] AcerMemUsageCheckService C:\Acer\Empowering Technology\ePerformance\MemCheck.exe

12:13:34.0523 6096  AcerMemUsageCheckService - ok

12:13:34.0662 6096  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys

12:13:34.0665 6096  ACPI - ok

12:13:34.0696 6096  [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

12:13:34.0697 6096  AdobeFlashPlayerUpdateSvc - ok

12:13:34.0734 6096  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys

12:13:34.0740 6096  adp94xx - ok

12:13:34.0759 6096  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys

12:13:34.0764 6096  adpahci - ok

12:13:34.0779 6096  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys

12:13:34.0781 6096  adpu160m - ok

12:13:34.0795 6096  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys

12:13:34.0798 6096  adpu320 - ok

12:13:34.0822 6096  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll

12:13:34.0822 6096  AeLookupSvc - ok

12:13:34.0867 6096  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys

12:13:34.0871 6096  AFD - ok

12:13:34.0890 6096  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys

12:13:34.0891 6096  agp440 - ok

12:13:34.0906 6096  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys

12:13:34.0908 6096  aic78xx - ok

12:13:34.0925 6096  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe

12:13:34.0926 6096  ALG - ok

12:13:34.0940 6096  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys

12:13:34.0941 6096  aliide - ok

12:13:34.0955 6096  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys

12:13:34.0956 6096  amdagp - ok

12:13:34.0967 6096  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys

12:13:34.0968 6096  amdide - ok

12:13:34.0982 6096  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys

12:13:34.0982 6096  AmdK7 - ok

12:13:34.0996 6096  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\drivers\amdk8.sys

12:13:34.0997 6096  AmdK8 - ok

12:13:35.0017 6096  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll

12:13:35.0017 6096  Appinfo - ok

12:13:35.0037 6096  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys

12:13:35.0038 6096  arc - ok

12:13:35.0064 6096  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys

12:13:35.0065 6096  arcsas - ok

12:13:35.0404 6096  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys

12:13:35.0404 6096  AsyncMac - ok

12:13:35.0433 6096  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys

12:13:35.0434 6096  atapi - ok

12:13:35.0463 6096  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

12:13:35.0465 6096  AudioEndpointBuilder - ok

12:13:35.0480 6096  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll

12:13:35.0482 6096  Audiosrv - ok

12:13:35.0561 6096  [ 0D1EA7509F394D8B705B239EE71F5118 ] BBSvc           C:\Program Files\Microsoft\BingBar\BBSvc.EXE

12:13:35.0563 6096  BBSvc - ok

12:13:35.0615 6096  [ 2E552B658273B90251E0441631DE2CA3 ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

12:13:35.0616 6096  BcmSqlStartupSvc - ok

12:13:35.0622 6096  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys

12:13:35.0623 6096  Beep - ok

12:13:35.0666 6096  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll

12:13:35.0667 6096  BFE - ok

12:13:35.0715 6096  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\System32\qmgr.dll

12:13:35.0721 6096  BITS - ok

12:13:35.0755 6096  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys

12:13:35.0756 6096  blbdrive - ok

12:13:35.0782 6096  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys

12:13:35.0783 6096  bowser - ok

12:13:35.0802 6096  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys

12:13:35.0803 6096  BrFiltLo - ok

12:13:35.0816 6096  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys

12:13:35.0817 6096  BrFiltUp - ok

12:13:35.0834 6096  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll

12:13:35.0836 6096  Browser - ok

12:13:35.0855 6096  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys

12:13:35.0856 6096  Brserid - ok

12:13:35.0873 6096  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys

12:13:35.0875 6096  BrSerWdm - ok

12:13:35.0889 6096  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys

12:13:35.0889 6096  BrUsbMdm - ok

12:13:35.0906 6096  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys

12:13:35.0906 6096  BrUsbSer - ok

12:13:35.0926 6096  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys

12:13:35.0927 6096  BTHMODEM - ok

12:13:36.0109 6096  catchme - ok

12:13:36.0226 6096  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys

12:13:36.0227 6096  cdfs - ok

12:13:36.0255 6096  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys

12:13:36.0256 6096  cdrom - ok

12:13:36.0268 6096  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll

12:13:36.0269 6096  CertPropSvc - ok

12:13:36.0287 6096  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys

12:13:36.0288 6096  circlass - ok

12:13:36.0314 6096  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys

12:13:36.0318 6096  CLFS - ok

12:13:36.0368 6096  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

12:13:36.0370 6096  clr_optimization_v2.0.50727_32 - ok

12:13:36.0438 6096  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

12:13:36.0439 6096  clr_optimization_v4.0.30319_32 - ok

12:13:36.0447 6096  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys

12:13:36.0448 6096  cmdide - ok

12:13:36.0463 6096  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\drivers\compbatt.sys

12:13:36.0464 6096  Compbatt - ok

12:13:36.0468 6096  COMSysApp - ok

12:13:36.0472 6096  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys

12:13:36.0473 6096  crcdisk - ok

12:13:36.0492 6096  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys

12:13:36.0493 6096  Crusoe - ok

12:13:36.0524 6096  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll

12:13:36.0526 6096  CryptSvc - ok

12:13:36.0550 6096  [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA.sys

12:13:36.0551 6096  CVirtA - ok

12:13:36.0653 6096  [ F432260E59AAE3284ED7E795264C16D0 ] CVPND           C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

12:13:36.0678 6096  CVPND - ok

12:13:36.0721 6096  [ 8A15D7BD4CF1A8CCD7C65F7349F22E35 ] CVPNDRVA        C:\Windows\system32\Drivers\CVPNDRVA.sys

12:13:36.0725 6096  CVPNDRVA - ok

12:13:36.0761 6096  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll

12:13:36.0778 6096  DcomLaunch - ok

12:13:36.0833 6096  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys

12:13:36.0835 6096  DfsC - ok

12:13:36.0881 6096  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe

12:13:36.0894 6096  DFSR - ok

12:13:36.0937 6096  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll

12:13:36.0940 6096  Dhcp - ok

12:13:36.0963 6096  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys

12:13:36.0964 6096  disk - ok

12:13:36.0998 6096  [ 7B4FDFBE97C047175E613AA96F3DE987 ] DNE             C:\Windows\system32\DRIVERS\dne2000.sys

12:13:36.0999 6096  DNE - ok

12:13:37.0041 6096  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll

12:13:37.0042 6096  Dnscache - ok

12:13:37.0070 6096  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll

12:13:37.0127 6096  dot3svc - ok

12:13:37.0171 6096  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys

12:13:37.0173 6096  Dot4 - ok

12:13:37.0194 6096  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print       C:\Windows\system32\DRIVERS\Dot4Prt.sys

12:13:37.0195 6096  Dot4Print - ok

12:13:37.0203 6096  [ C55004CA6B419B6695970DFE849B122F ] dot4usb         C:\Windows\system32\DRIVERS\dot4usb.sys

12:13:37.0204 6096  dot4usb - ok

12:13:37.0230 6096  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll

12:13:37.0231 6096  DPS - ok

12:13:37.0250 6096  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys

12:13:37.0251 6096  drmkaud - ok

12:13:37.0287 6096  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys

12:13:37.0291 6096  DXGKrnl - ok

12:13:37.0306 6096  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys

12:13:37.0308 6096  E1G60 - ok

12:13:37.0328 6096  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll

12:13:37.0329 6096  EapHost - ok

12:13:37.0375 6096  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys

12:13:37.0378 6096  Ecache - ok

12:13:37.0406 6096  [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe

12:13:37.0412 6096  eDataSecurity Service - ok

12:13:37.0445 6096  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe

12:13:37.0449 6096  ehRecvr - ok

12:13:37.0459 6096  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe

12:13:37.0461 6096  ehSched - ok

12:13:37.0473 6096  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll

12:13:37.0473 6096  ehstart - ok

12:13:37.0490 6096  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys

12:13:37.0495 6096  elxstor - ok

12:13:37.0533 6096  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll

12:13:37.0537 6096  EMDMgmt - ok

12:13:37.0601 6096  [ 59FCCAF915BA89DD98CADF08DA91AFEE ] eRecoveryService C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe

12:13:37.0602 6096  eRecoveryService - ok

12:13:37.0636 6096  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys

12:13:37.0636 6096  ErrDev - ok

12:13:37.0673 6096  [ A9745687A57CDD71237915859ABA8DAC ] eSettingsService C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe

12:13:37.0674 6096  eSettingsService - ok

12:13:37.0705 6096  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll

12:13:37.0707 6096  EventSystem - ok

12:13:37.0752 6096  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys

12:13:37.0755 6096  exfat - ok

12:13:37.0786 6096  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys

12:13:37.0788 6096  fastfat - ok

12:13:37.0808 6096  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys

12:13:37.0808 6096  fdc - ok

12:13:37.0827 6096  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll

12:13:37.0828 6096  fdPHost - ok

12:13:37.0838 6096  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll

12:13:37.0839 6096  FDResPub - ok

12:13:37.0857 6096  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys

12:13:37.0859 6096  FileInfo - ok

12:13:37.0870 6096  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys

12:13:37.0870 6096  Filetrace - ok

12:13:37.0878 6096  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys

12:13:37.0879 6096  flpydisk - ok

12:13:37.0913 6096  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys

12:13:37.0916 6096  FltMgr - ok

12:13:37.0966 6096  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll

12:13:37.0971 6096  FontCache - ok

12:13:38.0028 6096  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

12:13:38.0029 6096  FontCache3.0.0.0 - ok

12:13:38.0054 6096  [ B0082808A6856A252F7CDD939892CE50 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys

12:13:38.0055 6096  fssfltr - ok

12:13:38.0271 6096  [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc          C:\Program Files\Windows Live\Family Safety\fsssvc.exe

12:13:38.0296 6096  fsssvc - ok

12:13:38.0326 6096  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys

12:13:38.0327 6096  Fs_Rec - ok

12:13:38.0345 6096  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys

12:13:38.0346 6096  gagp30kx - ok

12:13:38.0390 6096  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll

12:13:38.0394 6096  gpsvc - ok

12:13:38.0424 6096  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

12:13:38.0428 6096  HdAudAddService - ok

12:13:38.0468 6096  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys

12:13:38.0485 6096  HDAudBus - ok

12:13:38.0497 6096  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys

12:13:38.0497 6096  HidBth - ok

12:13:38.0510 6096  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys

12:13:38.0511 6096  HidIr - ok

12:13:38.0548 6096  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll

12:13:38.0549 6096  hidserv - ok

12:13:38.0562 6096  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys

12:13:38.0563 6096  HidUsb - ok

12:13:38.0587 6096  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll

12:13:38.0588 6096  hkmsvc - ok

12:13:38.0604 6096  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys

12:13:38.0605 6096  HpCISSs - ok

12:13:38.0713 6096  [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll

12:13:38.0715 6096  hpqcxs08 - ok

12:13:38.0722 6096  [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll

12:13:38.0723 6096  hpqddsvc - ok

12:13:38.0754 6096  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys

12:13:38.0760 6096  HTTP - ok

12:13:38.0774 6096  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys

12:13:38.0775 6096  i2omp - ok

12:13:38.0800 6096  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys

12:13:38.0802 6096  i8042prt - ok

12:13:38.0824 6096  [ 580BFEC487C55264BFE3D60C3C24EEE1 ] iaStor          C:\Windows\system32\drivers\iastor.sys

12:13:38.0827 6096  iaStor - ok

12:13:38.0844 6096  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys

12:13:38.0848 6096  iaStorV - ok

12:13:38.0927 6096  [ 6F95324909B502E2651442C1548AB12F ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

12:13:38.0928 6096  IDriverT - ok

12:13:38.0984 6096  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

12:13:39.0001 6096  idsvc - ok

12:13:39.0037 6096  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys

12:13:39.0038 6096  iirsp - ok

12:13:39.0074 6096  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll

12:13:39.0078 6096  IKEEXT - ok

12:13:39.0110 6096  [ C6E5276C00EBDEB096BB5EF4B797D1B6 ] int15           C:\Acer\Empowering Technology\eRecovery\int15.sys

12:13:39.0110 6096  int15 - ok

12:13:39.0159 6096  [ F6E17C275666A4402588A30E36565910 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys

12:13:39.0200 6096  IntcAzAudAddService - ok

12:13:39.0228 6096  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys

12:13:39.0228 6096  intelide - ok

12:13:39.0240 6096  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys

12:13:39.0241 6096  intelppm - ok

12:13:39.0260 6096  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll

12:13:39.0262 6096  IPBusEnum - ok

12:13:39.0270 6096  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys

12:13:39.0270 6096  IpFilterDriver - ok

12:13:39.0274 6096  IpInIp - ok

12:13:39.0289 6096  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys

12:13:39.0290 6096  IPMIDRV - ok

12:13:39.0311 6096  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys

12:13:39.0312 6096  IPNAT - ok

12:13:39.0320 6096  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys

12:13:39.0320 6096  IRENUM - ok

12:13:39.0335 6096  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys

12:13:39.0336 6096  isapnp - ok

12:13:39.0376 6096  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys

12:13:39.0378 6096  iScsiPrt - ok

12:13:39.0392 6096  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys

12:13:39.0393 6096  iteatapi - ok

12:13:39.0408 6096  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys

12:13:39.0409 6096  iteraid - ok

12:13:39.0422 6096  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys

12:13:39.0423 6096  kbdclass - ok

12:13:39.0449 6096  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys

12:13:39.0450 6096  kbdhid - ok

12:13:39.0466 6096  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe

12:13:39.0468 6096  KeyIso - ok

12:13:39.0491 6096  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys

12:13:39.0497 6096  KSecDD - ok

12:13:39.0536 6096  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll

12:13:39.0539 6096  KtmRm - ok

12:13:39.0567 6096  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll

12:13:39.0569 6096  LanmanServer - ok

12:13:39.0611 6096  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

12:13:39.0614 6096  LanmanWorkstation - ok

12:13:39.0641 6096  [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

12:13:39.0642 6096  LightScribeService - ok

12:13:39.0654 6096  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys

12:13:39.0655 6096  lltdio - ok

12:13:39.0677 6096  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll

12:13:39.0680 6096  lltdsvc - ok

12:13:39.0683 6096  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll

12:13:39.0685 6096  lmhosts - ok

12:13:39.0708 6096  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys

12:13:39.0709 6096  LSI_FC - ok

12:13:39.0724 6096  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys

12:13:39.0726 6096  LSI_SAS - ok

12:13:39.0751 6096  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys

12:13:39.0753 6096  LSI_SCSI - ok

12:13:39.0772 6096  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys

12:13:39.0773 6096  luafv - ok

12:13:39.0799 6096  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys

12:13:39.0805 6096  MBAMProtector - ok

12:13:39.0851 6096  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

12:13:39.0856 6096  MBAMScheduler - ok

12:13:39.0881 6096  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

12:13:39.0885 6096  MBAMService - ok

12:13:39.0908 6096  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll

12:13:39.0910 6096  Mcx2Svc - ok

12:13:39.0933 6096  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys

12:13:39.0934 6096  megasas - ok

12:13:39.0963 6096  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys

12:13:39.0968 6096  MegaSR - ok

12:13:40.0028 6096  Microsoft SharePoint Workspace Audit Service - ok

12:13:40.0047 6096  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll

12:13:40.0049 6096  MMCSS - ok

12:13:40.0060 6096  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys

12:13:40.0061 6096  Modem - ok

12:13:40.0070 6096  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys

12:13:40.0171 6096  monitor - ok

12:13:40.0180 6096  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys

12:13:40.0181 6096  mouclass - ok

12:13:40.0190 6096  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys

12:13:40.0191 6096  mouhid - ok

12:13:40.0201 6096  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys

12:13:40.0202 6096  MountMgr - ok

12:13:40.0238 6096  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

12:13:40.0239 6096  MozillaMaintenance - ok

12:13:40.0270 6096  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys

12:13:40.0271 6096  mpio - ok

12:13:40.0282 6096  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys

12:13:40.0283 6096  mpsdrv - ok

12:13:40.0306 6096  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys

12:13:40.0307 6096  Mraid35x - ok

12:13:40.0340 6096  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys

12:13:40.0342 6096  MRxDAV - ok

12:13:40.0376 6096  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys

12:13:40.0378 6096  mrxsmb - ok

12:13:40.0394 6096  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys

12:13:40.0397 6096  mrxsmb10 - ok

12:13:40.0411 6096  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys

12:13:40.0413 6096  mrxsmb20 - ok

12:13:40.0423 6096  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys

12:13:40.0424 6096  msahci - ok

12:13:40.0442 6096  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys

12:13:40.0443 6096  msdsm - ok

12:13:40.0456 6096  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe

12:13:40.0459 6096  MSDTC - ok

12:13:40.0477 6096  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys

12:13:40.0477 6096  Msfs - ok

12:13:40.0494 6096  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys

12:13:40.0495 6096  msisadrv - ok

12:13:40.0517 6096  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll

12:13:40.0519 6096  MSiSCSI - ok

12:13:40.0525 6096  msiserver - ok

12:13:40.0546 6096  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys

12:13:40.0547 6096  MSKSSRV - ok

12:13:40.0573 6096  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys

12:13:40.0573 6096  MSPCLOCK - ok

12:13:40.0582 6096  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys

12:13:40.0583 6096  MSPQM - ok

12:13:40.0613 6096  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys

12:13:40.0614 6096  MsRPC - ok

12:13:40.0628 6096  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys

12:13:40.0629 6096  mssmbios - ok

12:13:40.0662 6096  MSSQL$MSSMLBIZ - ok

12:13:40.0722 6096  [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

12:13:40.0723 6096  MSSQLServerADHelper100 - ok

12:13:40.0738 6096  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys

12:13:40.0739 6096  MSTEE - ok

12:13:40.0771 6096  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys

12:13:40.0772 6096  Mup - ok

12:13:40.0808 6096  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll

12:13:40.0814 6096  napagent - ok

12:13:40.0857 6096  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys

12:13:40.0859 6096  NativeWifiP - ok

12:13:40.0893 6096  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys

12:13:40.0901 6096  NDIS - ok

12:13:40.0922 6096  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys

12:13:40.0923 6096  NdisTapi - ok

12:13:40.0932 6096  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys

12:13:40.0933 6096  Ndisuio - ok

12:13:40.0975 6096  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys

12:13:40.0977 6096  NdisWan - ok

12:13:40.0986 6096  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys

12:13:40.0987 6096  NDProxy - ok

12:13:41.0015 6096  [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

12:13:41.0017 6096  Net Driver HPZ12 - ok

12:13:41.0027 6096  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys

12:13:41.0028 6096  NetBIOS - ok

12:13:41.0049 6096  [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys

12:13:41.0052 6096  netbt - ok

12:13:41.0055 6096  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe

12:13:41.0056 6096  Netlogon - ok

12:13:41.0073 6096  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll

12:13:41.0075 6096  Netman - ok

12:13:41.0092 6096  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll

12:13:41.0096 6096  netprofm - ok

12:13:41.0130 6096  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

12:13:41.0132 6096  NetTcpPortSharing - ok

12:13:41.0145 6096  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys

12:13:41.0147 6096  nfrd960 - ok

12:13:41.0167 6096  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll

12:13:41.0170 6096  NlaSvc - ok

12:13:41.0186 6096  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys

12:13:41.0187 6096  Npfs - ok

12:13:41.0204 6096  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll

12:13:41.0206 6096  nsi - ok

12:13:41.0212 6096  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys

12:13:41.0213 6096  nsiproxy - ok

12:13:41.0261 6096  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys

12:13:41.0268 6096  Ntfs - ok

12:13:41.0288 6096  [ 7F1C1F78D709C4A54CBB46EDE7E0B48D ] NTIDrvr         C:\Windows\system32\DRIVERS\NTIDrvr.sys

12:13:41.0289 6096  NTIDrvr - ok

12:13:41.0303 6096  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys

12:13:41.0304 6096  ntrigdigi - ok

12:13:41.0307 6096  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys

12:13:41.0308 6096  Null - ok

12:13:41.0336 6096  [ B896FB556B4DC1E1D2943559EA79C5C5 ] NVENETFD        C:\Windows\system32\DRIVERS\nvmfdx32.sys

12:13:41.0353 6096  NVENETFD - ok

12:13:41.0382 6096  [ A82534D453425F5FEE4B6A583FDCF3EB ] NVHDA           C:\Windows\system32\drivers\nvhda32v.sys

12:13:41.0384 6096  NVHDA - ok

12:13:41.0564 6096  [ 8B75F652726A2BA3197860F300514E3F ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys

12:13:41.0707 6096  nvlddmkm - ok

12:13:41.0731 6096  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys

12:13:41.0732 6096  nvraid - ok

12:13:41.0739 6096  [ 6F5BB0B40D251351A913B61BA9D64B3F ] nvrd32          C:\Windows\system32\drivers\nvrd32.sys

12:13:41.0741 6096  nvrd32 - ok

12:13:41.0744 6096  [ 7EC12A73067BACA25A8E3E2A58AE83D8 ] nvsmu           C:\Windows\system32\DRIVERS\nvsmu.sys

12:13:41.0745 6096  nvsmu - ok

12:13:41.0756 6096  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys

12:13:41.0757 6096  nvstor - ok

12:13:41.0768 6096  [ 689A2160B851F8BF88F20728FD2F30BD ] nvstor32        C:\Windows\system32\drivers\nvstor32.sys

12:13:41.0769 6096  nvstor32 - ok

12:13:41.0798 6096  [ 88426F9A9BF0AD2358C3CC4FBB1B1C62 ] nvsvc           C:\Windows\system32\nvvsvc.exe

12:13:41.0801 6096  nvsvc - ok

12:13:41.0817 6096  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys

12:13:41.0819 6096  nv_agp - ok

12:13:41.0822 6096  NwlnkFlt - ok

12:13:41.0825 6096  NwlnkFwd - ok

12:13:41.0865 6096  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys

12:13:41.0866 6096  ohci1394 - ok

12:13:41.0915 6096  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

12:13:41.0916 6096  ose - ok

12:13:42.0040 6096  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

12:13:42.0065 6096  osppsvc - ok

12:13:42.0109 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll

12:13:42.0126 6096  p2pimsvc - ok

12:13:42.0136 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll

12:13:42.0141 6096  p2psvc - ok

12:13:42.0154 6096  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys

12:13:42.0156 6096  Parport - ok

12:13:42.0187 6096  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys

12:13:42.0189 6096  partmgr - ok

12:13:42.0201 6096  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys

12:13:42.0202 6096  Parvdm - ok

12:13:42.0215 6096  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll

12:13:42.0217 6096  PcaSvc - ok

12:13:42.0246 6096  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys

12:13:42.0248 6096  pci - ok

12:13:42.0259 6096  [ 1636D43F10416AEB483BC6001097B26C ] pciide          C:\Windows\system32\drivers\pciide.sys

12:13:42.0260 6096  pciide - ok

12:13:42.0274 6096  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys

12:13:42.0277 6096  pcmcia - ok

12:13:42.0306 6096  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys

12:13:42.0323 6096  PEAUTH - ok

12:13:42.0365 6096  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll

12:13:42.0399 6096  pla - ok

12:13:42.0433 6096  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll

12:13:42.0437 6096  PlugPlay - ok

12:13:42.0464 6096  [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

12:13:42.0465 6096  Pml Driver HPZ12 - ok

12:13:42.0476 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll

12:13:42.0481 6096  PNRPAutoReg - ok

12:13:42.0491 6096  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll

12:13:42.0497 6096  PNRPsvc - ok

12:13:42.0525 6096  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll

12:13:42.0531 6096  PolicyAgent - ok

12:13:42.0547 6096  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys

12:13:42.0548 6096  PptpMiniport - ok

12:13:42.0564 6096  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys

12:13:42.0565 6096  Processor - ok

12:13:42.0593 6096  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll

12:13:42.0596 6096  ProfSvc - ok

12:13:42.0608 6096  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

12:13:42.0609 6096  ProtectedStorage - ok

12:13:42.0639 6096  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys

12:13:42.0641 6096  PSched - ok

12:13:42.0648 6096  [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter       C:\Windows\system32\DRIVERS\psdfilter.sys

12:13:42.0649 6096  PSDFilter - ok

12:13:42.0662 6096  [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ        C:\Windows\system32\DRIVERS\PSDNServ.sys

12:13:42.0663 6096  PSDNServ - ok

12:13:42.0679 6096  [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk        C:\Windows\system32\DRIVERS\PSDVdisk.sys

12:13:42.0681 6096  psdvdisk - ok

12:13:42.0697 6096  [ D86B4A68565E444D76457F14172C875A ] PxHelp20        C:\Windows\system32\Drivers\PxHelp20.sys

12:13:42.0699 6096  PxHelp20 - ok

12:13:42.0739 6096  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys

12:13:42.0749 6096  ql2300 - ok

12:13:42.0795 6096  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys

12:13:42.0798 6096  ql40xx - ok

12:13:42.0834 6096  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll

12:13:42.0838 6096  QWAVE - ok

12:13:42.0850 6096  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys

12:13:42.0851 6096  QWAVEdrv - ok

12:13:42.0911 6096  [ 70DBDAB246C18B78E2200D6401D038BE ] RapiMgr         C:\Windows\WindowsMobile\rapimgr.dll

12:13:42.0912 6096  RapiMgr - ok

12:13:42.0924 6096  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys

12:13:42.0924 6096  RasAcd - ok

12:13:42.0932 6096  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll

12:13:42.0935 6096  RasAuto - ok

12:13:42.0948 6096  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys

12:13:42.0949 6096  Rasl2tp - ok

12:13:42.0985 6096  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll

12:13:42.0990 6096  RasMan - ok

12:13:43.0018 6096  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys

12:13:43.0019 6096  RasPppoe - ok

12:13:43.0047 6096  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys

12:13:43.0049 6096  RasSstp - ok

12:13:43.0080 6096  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys

12:13:43.0084 6096  rdbss - ok

12:13:43.0087 6096  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys

12:13:43.0088 6096  RDPCDD - ok

12:13:43.0108 6096  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys

12:13:43.0112 6096  rdpdr - ok

12:13:43.0115 6096  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys

12:13:43.0116 6096  RDPENCDD - ok

12:13:43.0140 6096  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys

12:13:43.0143 6096  RDPWD - ok

12:13:43.0170 6096  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll

12:13:43.0173 6096  RemoteAccess - ok

12:13:43.0206 6096  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll

12:13:43.0209 6096  RemoteRegistry - ok

12:13:43.0247 6096  [ C1C132455200AD4704142442C89D0FA4 ] RichVideo       C:\Program Files\CyberLink\Shared Files\RichVideo.exe

12:13:43.0250 6096  RichVideo - ok

12:13:43.0290 6096  [ 0F6756EF8BDA6DFA7BE50465C83132BB ] RimUsb          C:\Windows\system32\Drivers\RimUsb.sys

12:13:43.0291 6096  RimUsb - ok

12:13:43.0318 6096  [ D9B34325EE5DF78B8F28A3DE9F577C7D ] RimVSerPort     C:\Windows\system32\DRIVERS\RimSerial.sys

12:13:43.0319 6096  RimVSerPort - ok

12:13:43.0330 6096  [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM       C:\Windows\system32\Drivers\RootMdm.sys

12:13:43.0331 6096  ROOTMODEM - ok

12:13:43.0384 6096  [ AFD61A7C48A3E15C86A6FADF0B69A2E4 ] Roxio UPnP Renderer 9 C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe

12:13:43.0386 6096  Roxio UPnP Renderer 9 - ok

12:13:43.0405 6096  [ EFBB36E2BB02169D26E9980778FC20D3 ] Roxio Upnp Server 9 C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe

12:13:43.0409 6096  Roxio Upnp Server 9 - ok

12:13:43.0441 6096  [ 6BD6D7EFEC6ECED723F186E3BFCC74E9 ] RoxLiveShare9   C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

12:13:43.0445 6096  RoxLiveShare9 - ok

12:13:43.0474 6096  [ 7F2C88BCC5EF2A896E4827F33CCCA843 ] RoxMediaDB9     C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

12:13:43.0499 6096  RoxMediaDB9 - ok

12:13:43.0522 6096  [ 26C4A8AD3E75679B66FC0A6D3BB6BE2A ] RoxWatch9       C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

12:13:43.0524 6096  RoxWatch9 - ok

12:13:43.0542 6096  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe

12:13:43.0544 6096  RpcLocator - ok

12:13:43.0578 6096  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll

12:13:43.0583 6096  RpcSs - ok

12:13:43.0617 6096  [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103        C:\Windows\system32\DRIVERS\RsFx0103.sys

12:13:43.0621 6096  RsFx0103 - ok

12:13:43.0640 6096  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys

12:13:43.0641 6096  rspndr - ok

12:13:43.0645 6096  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe

12:13:43.0646 6096  SamSs - ok

12:13:43.0661 6096  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys

12:13:43.0663 6096  sbp2port - ok

12:13:43.0692 6096  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll

12:13:43.0695 6096  SCardSvr - ok

12:13:43.0728 6096  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll

12:13:43.0734 6096  Schedule - ok

12:13:43.0772 6096  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll

12:13:43.0773 6096  SCPolicySvc - ok

12:13:43.0791 6096  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll

12:13:43.0797 6096  SDRSVC - ok

12:13:43.0874 6096  [ 78779EE07231C658B483B1F38B5088DF ] SeaPort         C:\Program Files\Microsoft\BingBar\SeaPort.EXE

12:13:43.0876 6096  SeaPort - ok

12:13:43.0893 6096  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys

12:13:43.0894 6096  secdrv - ok

12:13:43.0913 6096  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll

12:13:43.0916 6096  seclogon - ok

12:13:43.0928 6096  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll

12:13:43.0930 6096  SENS - ok

12:13:43.0948 6096  [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys

12:13:43.0949 6096  Serenum - ok

12:13:43.0958 6096  [ 6D663022DB3E7058907784AE14B69898 ] Serial          C:\Windows\system32\DRIVERS\serial.sys

12:13:43.0960 6096  Serial - ok

12:13:43.0972 6096  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys

12:13:43.0973 6096  sermouse - ok

12:13:43.0990 6096  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll

12:13:43.0992 6096  SessionEnv - ok

12:13:44.0000 6096  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys

12:13:44.0001 6096  sffdisk - ok

12:13:44.0011 6096  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys

12:13:44.0012 6096  sffp_mmc - ok

12:13:44.0018 6096  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys

12:13:44.0019 6096  sffp_sd - ok

12:13:44.0024 6096  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys

12:13:44.0025 6096  sfloppy - ok

12:13:44.0047 6096  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll

12:13:44.0052 6096  SharedAccess - ok

12:13:44.0189 6096  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

12:13:44.0195 6096  ShellHWDetection - ok

12:13:44.0211 6096  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys

12:13:44.0213 6096  sisagp - ok

12:13:44.0226 6096  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys

12:13:44.0227 6096  SiSRaid2 - ok

12:13:44.0239 6096  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys

12:13:44.0241 6096  SiSRaid4 - ok

12:13:44.0282 6096  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe

12:13:44.0284 6096  SkypeUpdate - ok

12:13:44.0375 6096  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe

12:13:44.0396 6096  slsvc - ok

12:13:44.0443 6096  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll

12:13:44.0446 6096  SLUINotify - ok

12:13:44.0473 6096  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys

12:13:44.0475 6096  Smb - ok

12:13:44.0497 6096  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe

12:13:44.0500 6096  SNMPTRAP - ok

12:13:44.0510 6096  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys

12:13:44.0511 6096  spldr - ok

12:13:44.0539 6096  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe

12:13:44.0542 6096  Spooler - ok

12:13:44.0591 6096  [ CDDDEC541BC3C96F91ECB48759673505 ] sptd            C:\Windows\system32\Drivers\sptd.sys

12:13:44.0591 6096  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505

12:13:44.0593 6096  sptd ( LockedFile.Multi.Generic ) - warning

12:13:44.0593 6096  sptd - detected LockedFile.Multi.Generic (1)

12:13:44.0642 6096  [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$MSSMLBIZ C:\Program Files\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE

12:13:44.0647 6096  SQLAgent$MSSMLBIZ - ok

12:13:44.0688 6096  [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser      C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

12:13:44.0691 6096  SQLBrowser - ok

12:13:44.0714 6096  [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

12:13:44.0715 6096  SQLWriter - ok

12:13:44.0748 6096  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys

12:13:44.0753 6096  srv - ok

12:13:44.0787 6096  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys

12:13:44.0791 6096  srv2 - ok

12:13:44.0830 6096  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys

12:13:44.0832 6096  srvnet - ok

12:13:44.0846 6096  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll

12:13:44.0848 6096  SSDPSRV - ok

12:13:44.0872 6096  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll

12:13:44.0876 6096  SstpSvc - ok

12:13:44.0917 6096  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll

12:13:44.0934 6096  stisvc - ok

12:13:44.0966 6096  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys

12:13:44.0967 6096  swenum - ok

12:13:44.0992 6096  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll

12:13:44.0996 6096  swprv - ok

12:13:45.0007 6096  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys

12:13:45.0009 6096  Symc8xx - ok

12:13:45.0020 6096  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys

12:13:45.0021 6096  Sym_hi - ok

12:13:45.0033 6096  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys

12:13:45.0034 6096  Sym_u3 - ok

12:13:45.0135 6096  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll

12:13:45.0146 6096  SysMain - ok

12:13:45.0159 6096  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

12:13:45.0163 6096  TabletInputService - ok

12:13:45.0198 6096  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll

12:13:45.0203 6096  TapiSrv - ok

12:13:45.0220 6096  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll

12:13:45.0222 6096  TBS - ok

12:13:45.0267 6096  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys

12:13:45.0282 6096  Tcpip - ok

12:13:45.0312 6096  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys

12:13:45.0318 6096  Tcpip6 - ok

12:13:45.0368 6096  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys

12:13:45.0369 6096  tcpipreg - ok

12:13:45.0385 6096  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys

12:13:45.0386 6096  TDPIPE - ok

12:13:45.0396 6096  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys

12:13:45.0397 6096  TDTCP - ok

12:13:45.0425 6096  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys

12:13:45.0427 6096  tdx - ok

12:13:45.0435 6096  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys

12:13:45.0437 6096  TermDD - ok

12:13:45.0456 6096  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll

12:13:45.0473 6096  TermService - ok

12:13:45.0487 6096  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll

12:13:45.0490 6096  Themes - ok

12:13:45.0497 6096  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll

12:13:45.0499 6096  THREADORDER - ok

12:13:45.0526 6096  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll

12:13:45.0531 6096  TrkWks - ok

12:13:45.0583 6096  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

12:13:45.0583 6096  TrustedInstaller - ok

12:13:45.0615 6096  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys

12:13:45.0616 6096  tssecsrv - ok

12:13:45.0630 6096  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys

12:13:45.0631 6096  tunmp - ok

12:13:45.0645 6096  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys

12:13:45.0646 6096  tunnel - ok

12:13:45.0676 6096  [ 97DD70FECA64FB4F63DE7BB7E66A80B1 ] tvicport        C:\Windows\system32\drivers\tvicport.sys

12:13:45.0677 6096  tvicport - ok

12:13:45.0690 6096  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys

12:13:45.0691 6096  uagp35 - ok

12:13:45.0715 6096  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys

12:13:45.0719 6096  udfs - ok

12:13:45.0736 6096  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe

12:13:45.0739 6096  UI0Detect - ok

12:13:45.0748 6096  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys

12:13:45.0749 6096  uliagpkx - ok

12:13:45.0772 6096  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys

12:13:45.0775 6096  uliahci - ok

12:13:45.0796 6096  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys

12:13:45.0798 6096  UlSata - ok

12:13:45.0807 6096  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys

12:13:45.0809 6096  ulsata2 - ok

12:13:45.0821 6096  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys

12:13:45.0822 6096  umbus - ok

12:13:45.0834 6096  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll

12:13:45.0837 6096  upnphost - ok

12:13:45.0875 6096  [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys

12:13:45.0877 6096  usbaudio - ok

12:13:45.0903 6096  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys

12:13:45.0904 6096  usbccgp - ok

12:13:45.0916 6096  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys

12:13:45.0917 6096  usbcir - ok

12:13:45.0953 6096  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys

12:13:45.0954 6096  usbehci - ok

12:13:45.0970 6096  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys

12:13:45.0972 6096  usbhub - ok

12:13:45.0976 6096  [ CE697FEE0D479290D89BEC80DFE793B7 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys

12:13:45.0977 6096  usbohci - ok

12:13:46.0023 6096  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys

12:13:46.0025 6096  usbprint - ok

12:13:46.0051 6096  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys

12:13:46.0052 6096  usbscan - ok

12:13:46.0056 6096  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS

12:13:46.0057 6096  USBSTOR - ok

12:13:46.0065 6096  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys

12:13:46.0065 6096  usbuhci - ok

12:13:46.0096 6096  [ 830D5D8456B822C1247C1E59B4C464FA ] USB_RNDIS       C:\Windows\system32\DRIVERS\usb8023.sys

12:13:46.0097 6096  USB_RNDIS - ok

12:13:46.0125 6096  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll

12:13:46.0128 6096  UxSms - ok

12:13:46.0166 6096  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe

12:13:46.0182 6096  vds - ok

12:13:46.0258 6096  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys

12:13:46.0260 6096  vga - ok

12:13:46.0269 6096  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys

12:13:46.0270 6096  VgaSave - ok

12:13:46.0287 6096  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys

12:13:46.0288 6096  viaagp - ok

12:13:46.0300 6096  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys

12:13:46.0301 6096  ViaC7 - ok

12:13:46.0309 6096  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys

12:13:46.0310 6096  viaide - ok

12:13:46.0314 6096  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys

12:13:46.0315 6096  volmgr - ok

12:13:46.0338 6096  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys

12:13:46.0342 6096  volmgrx - ok

12:13:46.0371 6096  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap         C:\Windows\system32\drivers\volsnap.sys

12:13:46.0375 6096  volsnap - ok

12:13:46.0399 6096  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys

12:13:46.0401 6096  vsmraid - ok

12:13:46.0432 6096  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe

12:13:46.0440 6096  VSS - ok

12:13:46.0458 6096  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll

12:13:46.0464 6096  W32Time - ok

12:13:46.0475 6096  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys

12:13:46.0476 6096  WacomPen - ok

12:13:46.0486 6096  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys

12:13:46.0487 6096  Wanarp - ok

12:13:46.0489 6096  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys

12:13:46.0490 6096  Wanarpv6 - ok

12:13:46.0536 6096  [ 779F9C90D3FE9C70B6FFD8EF035F3E83 ] WcesComm        C:\Windows\WindowsMobile\wcescomm.dll

12:13:46.0538 6096  WcesComm - ok

12:13:46.0569 6096  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll

12:13:46.0574 6096  wcncsvc - ok

12:13:46.0596 6096  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

12:13:46.0598 6096  WcsPlugInService - ok

12:13:46.0611 6096  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys

12:13:46.0612 6096  Wd - ok

12:13:46.0627 6096  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys

12:13:46.0634 6096  Wdf01000 - ok

12:13:46.0639 6096  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll

12:13:46.0641 6096  WdiServiceHost - ok

12:13:46.0644 6096  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll

12:13:46.0646 6096  WdiSystemHost - ok

12:13:46.0676 6096  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll

12:13:46.0679 6096  WebClient - ok

12:13:46.0711 6096  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll

12:13:46.0714 6096  Wecsvc - ok

12:13:46.0721 6096  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll

12:13:46.0723 6096  wercplsupport - ok

12:13:46.0760 6096  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll

12:13:46.0765 6096  WerSvc - ok

12:13:46.0792 6096  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll

12:13:46.0796 6096  WinDefend - ok

12:13:46.0800 6096  WinHttpAutoProxySvc - ok

12:13:46.0829 6096  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll

12:13:46.0831 6096  Winmgmt - ok

12:13:46.0871 6096  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll

12:13:46.0895 6096  WinRM - ok

12:13:46.0924 6096  [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb          C:\Windows\system32\DRIVERS\winusb.sys

12:13:46.0925 6096  winusb - ok

12:13:46.0955 6096  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll

12:13:46.0972 6096  Wlansvc - ok

12:13:47.0018 6096  [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

12:13:47.0020 6096  wlcrasvc - ok

12:13:47.0091 6096  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

12:13:47.0124 6096  wlidsvc - ok

12:13:47.0139 6096  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys

12:13:47.0140 6096  WmiAcpi - ok

12:13:47.0176 6096  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe

12:13:47.0180 6096  wmiApSrv - ok

12:13:47.0216 6096  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe

12:13:47.0222 6096  WMPNetworkSvc - ok

12:13:47.0233 6096  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll

12:13:47.0238 6096  WPCSvc - ok

12:13:47.0268 6096  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll

12:13:47.0272 6096  WPDBusEnum - ok

12:13:47.0488 6096  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

12:13:47.0497 6096  WPFFontCache_v0400 - ok

12:13:47.0520 6096  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys

12:13:47.0521 6096  ws2ifsl - ok

12:13:47.0563 6096  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll

12:13:47.0565 6096  wscsvc - ok

12:13:47.0569 6096  WSearch - ok

12:13:47.0631 6096  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll

12:13:47.0644 6096  wuauserv - ok

12:13:47.0677 6096  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys

12:13:47.0679 6096  WUDFRd - ok

12:13:47.0695 6096  [ 575A4190D989F64732119E4114045A4F ] wudfsvc         C:\Windows\System32\WUDFSvc.dll

12:13:47.0698 6096  wudfsvc - ok

12:13:47.0705 6096  [ 40AC8590CC9006DBB99FFCB37879D4C6 ] zntport         C:\Windows\system32\drivers\zntport.sys

12:13:47.0706 6096  zntport - ok

12:13:47.0720 6096  ================ Scan global ===============================

12:13:47.0735 6096  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

12:13:47.0776 6096  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:13:47.0786 6096  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

12:13:47.0834 6096  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

12:13:47.0839 6096  [Global] - ok

12:13:47.0839 6096  ================ Scan MBR ==================================

12:13:47.0852 6096  [ A863475757CC50891AA8458C415E4B25 ] \Device\Harddisk0\DR0

12:13:49.0877 6096  \Device\Harddisk0\DR0 - ok

12:13:49.0882 6096  [ E5FA06ACA0D60BA9C870D0EF3D9898C9 ] \Device\Harddisk5\DR5

12:13:54.0633 6096  \Device\Harddisk5\DR5 - ok

12:13:54.0633 6096  ================ Scan VBR ==================================

12:13:54.0640 6096  [ 2C4C92EC52FDF0487867B98B68E7EAEF ] \Device\Harddisk0\DR0\Partition1

12:13:54.0642 6096  \Device\Harddisk0\DR0\Partition1 - ok

12:13:54.0657 6096  [ CC5F5BA4D04C77A6CD8BBC7477F3ABD8 ] \Device\Harddisk0\DR0\Partition2

12:13:54.0658 6096  \Device\Harddisk0\DR0\Partition2 - ok

12:13:54.0661 6096  [ 136E14EC517523FC5F0CBE16BE278A99 ] \Device\Harddisk5\DR5\Partition1

12:13:54.0662 6096  \Device\Harddisk5\DR5\Partition1 - ok

12:13:54.0662 6096  ============================================================

12:13:54.0662 6096  Scan finished

12:13:54.0662 6096  ============================================================

12:13:54.0669 4104  Detected object count: 1

12:13:54.0669 4104  Actual detected object count: 1

12:14:07.0657 4104  sptd ( LockedFile.Multi.Generic ) - skipped by user

12:14:07.0658 4104  sptd ( LockedFile.Multi.Generic ) - User select action: Skip

Zitat:

sptd ( LockedFile.Multi.Generic )

Wann hast du den defogger-reenable button gedrückt???