Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 07.11.2011, 15:23   #1
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Hey,
erst einmal muss ich sagen, dass ich nicht wirklich viel Ahnung von Computern habe und werde aber versuchen alle Anweisungen zu verstehen und blöde Fragen zu vermeiden.
Also seit etwas mehr als einer Woche habe ich den System restore Virus auf meinem Laptop, dass bedeutet, wenn ich ihn hochfahre, öffnet sich ein Fenster, dass mir versucht klar zumachen, dass es eine Anwendung von Windows ist und bei einem Scan festgestellt hat, dass ich diverse Hardware Probleme auf meine Laptop habe und ein bestimmtes Programm kaufen muss um diese zu reparieren. Außerdem ist mein Desktop komplett schwarz und nur noch der Papierkorb ist vorhanden, alle meine anderen Dateien und Programme scheinen aber verschwunden zu sein. Wenn ich auf das Windows Start Zeichen klicke, öffnet sich zwar die Leiste, aber es ist alles leer und mir wird nichts mehr angezeigt. Auch meine Festplatten werden mir als 'leere Ordner' angezeigt, obwohl ich sehen kann, dass sie belegt sind.
Es ist nur möglich meinen Laptop überhaupt zu benutzen und aufs Internet zu greifen zu können, da sich mein Skype automatisch öffnet und ich dann über Links firefox öffnen kann.
Ich habe das alles gegoogelt aber um den Virus zu entfernen, heißt es meisten man sollte bestimmte registry einträge löschen, was mir allerdings zu riskant ist, da ich Angst habe mehr zu zerstören als zu reparieren.
Also ich hoffe ihr könnt mir helfen, ich bin nämlich etwas aufgeschmissen und sage schon mal im Voraus ganz ganz vielen Dank!!

Hier meine OTL.txt:

OTL logfile created on: 07.11.2011 08:35:10 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Theresa\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,91 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 62,96% Memory free
7,83 Gb Paging File | 5,92 Gb Available in Paging File | 75,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,23 Gb Total Space | 24,29 Gb Free Space | 20,37% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 83,84 Gb Free Space | 54,49% Space Free | Partition Type: NTFS

Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.07 08:31:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Downloads\OTL.exe
PRC - [2011.11.07 08:25:14 | 000,050,477 | ---- | M] () -- C:\Users\Theresa\Downloads\Defogger.exe
PRC - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.05 09:17:50 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.31 16:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.31 14:33:32 | 001,545,856 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.07 04:53:49 | 003,058,304 | -H-- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 13:32:28 | 000,166,528 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 12:42:12 | 000,305,792 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.10.07 16:05:14 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.17 16:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 15:26:00 | 000,370,480 | -H-- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 15:26:00 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.07.10 00:45:00 | 000,984,400 | -H-- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 17:21:26 | 000,103,720 | -H-- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 12:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 12:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 19:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 23:00:08 | 000,113,208 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2006.10.11 05:45:12 | 000,075,304 | -H-- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe


========== Modules (No Company Name) ==========

MOD - [2011.11.07 08:25:14 | 000,050,477 | ---- | M] () -- C:\Users\Theresa\Downloads\Defogger.exe
MOD - [2011.10.14 11:18:09 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011.10.14 11:17:30 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011.10.14 11:17:12 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.14 11:17:03 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.14 11:16:59 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011.10.14 11:16:46 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.14 11:16:39 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.14 11:16:34 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.14 11:16:33 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.14 11:16:24 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.31 14:33:32 | 000,208,384 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.07.28 18:09:42 | 000,096,112 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 17:23:36 | 000,013,096 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 17:20:10 | 000,619,816 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 04:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.08.04 04:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.03.03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.22 21:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 16:00:48 | 000,366,152 | -H-- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.01.12 10:50:28 | 000,332,272 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 06:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.09.18 07:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.15 22:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 16:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 03:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.26 19:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.13 06:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 16:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 13:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.03.02 11:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 15:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 19:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49434
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.01 20:08:54 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 14:16:06 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 14:16:05 | 000,000,000 | -H-D | M]

[2011.08.01 12:44:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions
[2011.11.01 20:13:42 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.01 20:13:42 | 000,000,000 | -H-D | M] (We-Care Reminder) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\wecarereminder@bryan
[2011.09.22 13:53:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.01 20:09:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.30 23:03:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.22 13:52:56 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 23:03:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 23:03:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 23:03:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 23:03:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 23:03:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 23:03:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.10.11 17:33:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {0AE8089F-A64F-4DBA-B96B-5D43F0A60445} - C:\Users\Theresa\AppData\Local\NetworkWin32.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Clients Update] rundll32 ",DllRegisterServer File not found
O4 - HKCU..\Run: [Macromedia Update] rundll32 ",DllRegisterServer File not found
O4 - HKCU..\Run: [MouseProfileVerifier] rundll32.exe ",DllRegisterServer File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D585AA05-9E9D-4165-859A-099645FB6A55}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP


MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.11.06 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\fb
[2011.11.01 17:22:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE%
[2011.11.01 16:45:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.10.29 15:00:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.10.29 15:00:36 | 000,000,000 | -H-D | C] -- C:\Program Files\CCleaner
[2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.10.28 15:40:57 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\usa
[2011.10.20 09:48:36 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\data
[2011.10.20 09:24:48 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Download Manager
[2011.10.20 08:07:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011.10.20 07:42:18 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2011.10.14 15:31:04 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0
[2011.10.14 15:28:19 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\.thumbnails
[2011.10.13 15:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\.Syncables
[2011.10.13 15:19:28 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\ping
[2011.10.12 15:49:49 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Externe Festplatte
[2011.10.12 14:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour
[2011.10.12 14:16:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.10.12 14:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime
[2011.10.12 07:12:15 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Avira
[2011.10.12 07:12:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.12 07:11:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.12 07:11:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.12 07:11:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Avira
[2011.10.11 17:38:37 | 000,000,000 | -H-D | C] -- C:\Windows\temp
[2011.10.11 17:33:10 | 000,000,000 | -H-D | C] -- C:\$RECYCLE.BIN
[2011.10.11 16:45:15 | 000,518,144 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.11 16:45:15 | 000,406,528 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.11 16:45:15 | 000,060,416 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.11 16:45:11 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT
[2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox
[2011.10.11 16:28:17 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Local\jZip
[2011.10.11 16:27:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011.10.11 16:27:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\jZip
[2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec
[2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton
[2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\NortonInstaller
[2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NortonInstaller
[1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.07 08:31:05 | 000,000,000 | ---- | M] () -- C:\Users\Theresa\defogger_reenable
[2011.11.07 08:13:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 08:13:50 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 08:10:23 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.07 08:10:23 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.07 08:10:23 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.07 08:10:23 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.07 08:10:23 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.07 08:06:13 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.11.07 08:06:07 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 08:05:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 08:05:39 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.06 23:59:00 | 000,001,124 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.02 10:13:20 | 000,203,577 | -H-- | M] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png
[2011.11.01 18:08:11 | 000,323,968 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP.exe
[2011.11.01 18:01:15 | 000,002,454 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.01 17:13:48 | 000,000,085 | -H-- | M] () -- C:\Windows\wininit.ini
[2011.11.01 16:45:42 | 000,001,256 | -H-- | M] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 16:46:15 | 000,043,198 | -H-- | M] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg
[2011.10.29 16:45:55 | 000,020,869 | -H-- | M] () -- C:\Users\Theresa\Desktop\a.jpg
[2011.10.29 14:51:59 | 000,059,776 | -H-- | M] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt
[2011.10.29 09:12:25 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRW
[2011.10.29 09:12:25 | 000,000,088 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRWr
[2011.10.29 09:12:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9lVK7dmpdonxRW
[2011.10.28 23:33:51 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.28 23:33:50 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.28 23:33:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.28 16:49:33 | 000,000,440 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk
[2011.10.20 09:45:49 | 000,364,927 | -H-- | M] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip
[2011.10.14 15:31:04 | 000,001,470 | -H-- | M] () -- C:\Users\Theresa\.recently-used.xbel
[2011.10.14 11:14:43 | 000,293,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 17:33:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.08 20:56:04 | 000,001,259 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.07 08:31:05 | 000,000,000 | ---- | C] () -- C:\Users\Theresa\defogger_reenable
[2011.11.02 10:12:59 | 000,203,577 | -H-- | C] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png
[2011.11.01 18:08:11 | 000,323,968 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP.exe
[2011.11.01 17:13:48 | 000,000,085 | -H-- | C] () -- C:\Windows\wininit.ini
[2011.11.01 16:45:42 | 000,001,256 | -H-- | C] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 16:46:02 | 000,043,198 | -H-- | C] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg
[2011.10.29 16:45:33 | 000,020,869 | -H-- | C] () -- C:\Users\Theresa\Desktop\a.jpg
[2011.10.29 14:51:56 | 000,059,776 | -H-- | C] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt
[2011.10.29 09:12:25 | 000,000,088 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRWr
[2011.10.29 09:12:24 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRW
[2011.10.29 09:12:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\9lVK7dmpdonxRW
[2011.10.28 23:33:50 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.28 23:33:50 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.28 23:33:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.28 16:46:44 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011.10.28 16:46:25 | 000,000,659 | -H-- | C] () -- C:\Users\Theresa\Desktop\System Restore.lnk
[2011.10.28 16:46:22 | 000,000,440 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011.10.20 09:45:53 | 000,055,936 | -H-- | C] () -- C:\Users\Theresa\Desktop\Setup.exe
[2011.10.20 09:25:00 | 000,364,927 | -H-- | C] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip
[2011.10.14 15:31:04 | 000,001,470 | -H-- | C] () -- C:\Users\Theresa\.recently-used.xbel
[2011.10.11 16:45:15 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe
[2011.10.11 16:45:15 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe
[2011.10.11 16:45:15 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2011.10.11 16:45:15 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2011.10.11 16:45:15 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2011.08.05 11:40:12 | 000,000,428 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2011.08.01 14:24:55 | 001,557,708 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.08 01:40:56 | 000,960,940 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.08 01:40:54 | 000,213,332 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.08 01:40:53 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009.10.25 22:38:22 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config
[2009.07.29 00:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 21:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.13 21:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage
[2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon
[2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
[2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0
[2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org
[2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client
[2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10
[2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP
[2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon
[2011.10.24 18:44:12 | 000,032,614 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*. >
[2011.11.01 20:05:37 | 000,000,000 | -H-D | M] -- C:\$RECYCLE.BIN
[2011.08.01 12:07:47 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2011.11.01 20:05:37 | 000,000,000 | -H-D | M] -- C:\AsusVibeData
[2009.07.29 01:03:34 | 000,000,000 | -H-D | M] -- C:\Boot
[2009.07.14 00:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.11.01 20:08:44 | 000,000,000 | -H-D | M] -- C:\eSupport
[2011.05.07 04:38:20 | 000,000,000 | -H-D | M] -- C:\Intel
[2009.07.13 22:20:08 | 000,000,000 | -H-D | M] -- C:\PerfLogs
[2011.11.01 20:09:16 | 000,000,000 | RH-D | M] -- C:\Program Files
[2011.11.01 20:09:14 | 000,000,000 | RH-D | M] -- C:\Program Files (x86)
[2011.11.04 12:54:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.01 20:09:30 | 000,000,000 | -H-D | M] -- C:\Qoobox
[2011.08.01 12:02:53 | 000,000,000 | -H-D | M] -- C:\Recovery
[2011.11.07 08:36:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.01 12:26:31 | 000,000,000 | -H-D | M] -- C:\temp
[2011.10.05 07:13:27 | 000,000,000 | RH-D | M] -- C:\Users
[2011.11.01 17:59:48 | 000,000,000 | -H-D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.manifest /3 >


< MD5 for: EXPLORER.EXE >
[2011.02.26 01:23:14 | 002,870,272 | -H-- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.01.12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 07:17:09 | 002,616,320 | -H-- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.01.12 09:25:40 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.01.12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.01.12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 08:24:45 | 002,872,320 | -H-- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.01.12 09:51:11 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.01.12 09:25:41 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.01.12 09:51:11 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.01.12 09:25:41 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: REGEDIT.EXE >
[2009.07.13 20:39:29 | 000,427,008 | -H-- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009.07.13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.13 20:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.13 20:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.13 20:14:30 | 000,398,336 | -H-- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

< MD5 for: USERINIT.EXE >
[2010.11.20 07:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | -H-- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 08:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WININIT.EXE >
[2009.07.13 20:39:52 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | -H-- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010.11.20 08:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | -H-- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TempFC5A2B2

< End of report >

Alt 07.11.2011, 15:24   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________

__________________

Alt 07.11.2011, 20:20   #3
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Danke für die schnelle Antwort, jetzt hab ich auch endlich wieder Hoffnung, dass es bald besser wird!
also erst mal das von Malwarebytes, davon hab ich übrigens noch circa 10 ältere logdateien vom 25.09.2011 bis heute, soll ich die auch alle hier rein posten?

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8106

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.11.2011 12:16:16
mbam-log-2011-11-07 (12-16-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Durchsuchte Objekte: 414316
Laufzeit: 39 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 6

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\1kalmig2kb7fzp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\temp\0.24309769012679938.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Theresa\AppData\Local\Temp\0.9370119253246323.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Theresa\AppData\Local\Temp\0.9815571781474048.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Users\Theresa\AppData\Local\Temp\thpm5103442861355300949.tmp (Exploit.Drop.3) -> Quarantined and deleted successfully.

und jetzt das von dem anderen:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f98c406be858c44893427ebea98158e7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-07 07:09:02
# local_time=2011-11-07 02:09:02 (-0500, Eastern Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 1344312 1344312 0 0
# compatibility_mode=5893 16776573 100 94 0 72230875 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=218005
# found=3
# cleaned=0
# scan_time=5517
C:\Qoobox\Quarantine\C\Windows\SysWOW64\drivers\RKHit.sys.vir Win32/Adware.SpywareCease application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Theresa\Downloads\Gimp_Setup.exe a variant of Win32/Adware.iBryte.A application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Theresa\Downloads\Spydig_Setup.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
__________________

Alt 07.11.2011, 20:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



mach bitte ein neues OTL-Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.11.2011, 00:46   #5
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



here we goOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.11.2011 16:48:42 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Theresa\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 40,12% Memory free
7,83 Gb Paging File | 4,81 Gb Available in Paging File | 61,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,23 Gb Total Space | 21,73 Gb Free Space | 18,23% Space Free | Partition Type: NTFS
Drive D: | 153,85 Gb Total Space | 83,84 Gb Free Space | 54,49% Space Free | Partition Type: NTFS
Drive F: | 979,70 Mb Total Space | 964,03 Mb Free Space | 98,40% Space Free | Partition Type: FAT
 
Computer Name: THERESA-PC | User Name: Theresa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.11.07 16:46:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe
PRC - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.05 09:17:50 | 000,258,512 | -H-- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.08.31 14:33:32 | 001,545,856 | -H-- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.07 04:53:49 | 003,058,304 | -H-- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.01.25 13:32:28 | 000,166,528 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.11.15 12:42:12 | 000,305,792 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2010.10.27 14:21:54 | 001,155,072 | -H-- | M] (Last.fm) -- C:\Program Files (x86)\Last.fm\LastFM.exe
PRC - [2010.10.07 16:05:14 | 000,170,624 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.17 16:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 15:26:00 | 000,370,480 | -H-- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 15:26:00 | 000,145,184 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.07.10 00:45:00 | 000,984,400 | -H-- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
PRC - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 17:21:26 | 000,103,720 | -H-- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009.06.19 12:29:42 | 000,105,016 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 12:29:26 | 002,488,888 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.12.22 19:15:34 | 000,174,648 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.08.13 23:00:08 | 000,113,208 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2006.10.11 05:45:12 | 000,075,304 | -H-- | M] (ScanSoft, Inc.) -- C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:18:09 | 000,368,128 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\5672e6b9d976feca51deb06d8dd1df0e\PresentationFramework.Aero.ni.dll
MOD - [2011.10.14 11:17:30 | 014,322,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\09e39322b47f9b4e8dd2199ff03acb2e\PresentationFramework.ni.dll
MOD - [2011.10.14 11:17:12 | 012,431,360 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb\System.Windows.Forms.ni.dll
MOD - [2011.10.14 11:17:03 | 001,586,688 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\0e245eb9c1067cabd5673fe832d28613\System.Drawing.ni.dll
MOD - [2011.10.14 11:16:59 | 012,216,320 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\d2dc021a8311197516e4fa325b292f21\PresentationCore.ni.dll
MOD - [2011.10.14 11:16:46 | 003,325,952 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\3136e12cfb8809d39813e76c766c782c\WindowsBase.ni.dll
MOD - [2011.10.14 11:16:39 | 005,452,800 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011.10.14 11:16:34 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011.10.14 11:16:33 | 007,949,312 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011.10.14 11:16:24 | 011,490,304 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | -H-- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.31 14:33:32 | 000,208,384 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
MOD - [2011.07.28 18:09:42 | 000,096,112 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.28 18:08:12 | 001,259,376 | -H-- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.10.27 14:23:04 | 000,106,496 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_rtaudioplayback.dll
MOD - [2010.10.27 14:22:08 | 000,147,456 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_madtranscode.dll
MOD - [2010.10.27 14:22:00 | 000,028,160 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\srv_httpinput.dll
MOD - [2010.10.27 14:19:28 | 000,372,736 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\LastFmFingerprint1.dll
MOD - [2010.10.27 14:19:06 | 000,025,088 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\breakpad.dll
MOD - [2010.10.27 14:18:50 | 000,180,224 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\Moose1.dll
MOD - [2010.10.27 14:18:34 | 000,540,672 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\LastFmTools1.dll
MOD - [2010.10.27 14:13:52 | 001,382,507 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\libfftw3f-3.dll
MOD - [2010.10.27 14:13:52 | 000,074,240 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\zlibwapi.dll
MOD - [2010.09.23 18:53:16 | 001,601,536 | -H-- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 17:23:36 | 000,013,096 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 17:20:10 | 000,619,816 | -H-- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 04:50:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.08.04 04:49:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.13 20:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
MOD - [2008.04.16 10:42:30 | 000,376,832 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtNetwork4.dll
MOD - [2008.04.16 10:42:16 | 000,524,288 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtSql4.dll
MOD - [2008.04.16 10:42:02 | 006,701,056 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtGui4.dll
MOD - [2008.04.16 10:36:38 | 000,376,832 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtXml4.dll
MOD - [2008.04.16 10:36:34 | 001,654,784 | -H-- | M] () -- C:\Program Files (x86)\Last.fm\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.03 18:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.09.22 21:10:10 | 000,057,184 | -H-- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.10.05 09:18:00 | 000,086,224 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.05 09:17:51 | 000,110,032 | -H-- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 05:55:28 | 000,064,952 | -H-- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.02.22 05:38:52 | 002,009,704 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.01.12 10:50:28 | 000,332,272 | -H-- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010.09.13 22:45:56 | 000,219,496 | -H-- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.13 22:45:44 | 000,508,264 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.03.18 06:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 12:39:38 | 000,096,896 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.15 19:30:42 | 000,084,536 | -H-- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.01.26 14:31:10 | 001,153,368 | -H-- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.18 07:39:27 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.09.15 22:55:03 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.03.11 01:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 01:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 03:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.26 19:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.01.13 06:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.12.13 16:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.14 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.09.21 20:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.13 22:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.13 22:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.13 22:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.13 22:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.03 13:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.03.02 11:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 04:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 15:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 06:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.05.23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.07.26 15:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.02 19:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49434
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.01 20:08:54 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.10.12 14:16:06 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.12 14:16:05 | 000,000,000 | -H-D | M]
 
[2011.08.01 12:44:41 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Extensions
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions
[2011.11.01 20:13:42 | 000,000,000 | -H-D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.11.01 20:13:42 | 000,000,000 | -H-D | M] (We-Care Reminder) -- C:\Users\Theresa\AppData\Roaming\mozilla\Firefox\Profiles\vo3088lh.default\extensions\wecarereminder@bryan
[2011.09.22 13:53:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.01 20:09:04 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.30 23:03:32 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.22 13:52:56 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.09.30 23:03:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 23:03:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.30 23:03:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.30 23:03:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.30 23:03:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.30 23:03:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.11 17:33:08 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (Reg Error: Value error.) - {0AE8089F-A64F-4DBA-B96B-5D43F0A60445} - C:\Users\Theresa\AppData\Local\NetworkWin32.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKCU..\Run: [Clients Update] rundll32 ",DllRegisterServer File not found
O4 - HKCU..\Run: [Macromedia Update] rundll32 ",DllRegisterServer File not found
O4 - HKCU..\Run: [MouseProfileVerifier] rundll32.exe ",DllRegisterServer File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - Startup: C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.250.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D585AA05-9E9D-4165-859A-099645FB6A55}: DhcpNameServer = 192.168.1.1 71.250.0.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) -C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.11.07 16:46:46 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe
[2011.11.07 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2011.11.07 16:31:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegCure
[2011.11.07 16:31:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCure
[2011.11.07 12:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.11.07 12:33:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Theresa\Desktop\esetsmartinstaller_enu.exe
[2011.11.07 09:43:11 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\Malwarebytes' Anti-Malware
[2011.11.07 08:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011.11.07 08:56:38 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\7-Zip
[2011.11.06 00:44:31 | 000,000,000 | ---D | C] -- C:\Users\Theresa\Desktop\fb
[2011.11.01 17:22:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%USERPROFILE%
[2011.11.01 16:45:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.10.29 15:00:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.10.29 15:00:36 | 000,000,000 | -H-D | C] -- C:\Program Files\CCleaner
[2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.10.28 15:40:57 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\usa
[2011.10.20 09:48:36 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\data
[2011.10.20 09:24:48 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Download Manager
[2011.10.20 08:07:43 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011.10.20 08:03:31 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\svchost.exe
[2011.10.20 07:42:18 | 000,000,000 | -H-D | C] -- C:\Windows\Sun
[2011.10.14 15:31:04 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0
[2011.10.14 15:28:19 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\.thumbnails
[2011.10.13 16:29:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.10.13 16:29:50 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.10.13 16:29:50 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.10.13 16:29:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.10.13 16:29:48 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.10.13 16:29:48 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.10.13 16:29:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.10.13 16:29:47 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.10.13 16:29:47 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.10.13 16:29:46 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.10.13 16:29:46 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.10.13 16:29:46 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.10.13 16:29:46 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.10.13 16:29:46 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.10.13 16:29:46 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.10.13 16:29:15 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.10.13 16:29:15 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.10.13 16:29:15 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.10.13 16:29:15 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.10.13 16:29:15 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.10.13 16:29:14 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.10.13 16:29:14 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011.10.13 16:29:14 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011.10.13 16:29:14 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011.10.13 16:29:13 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011.10.13 16:29:08 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.10.13 16:29:07 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.10.13 15:20:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\.Syncables
[2011.10.13 15:19:28 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Desktop\ping
[2011.10.12 15:49:49 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\Externe Festplatte
[2011.10.12 14:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes
[2011.10.12 14:24:38 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2011.10.12 14:23:24 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour
[2011.10.12 14:16:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.10.12 14:15:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime
[2011.10.12 07:12:15 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Avira
[2011.10.12 07:12:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.10.12 07:11:53 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.10.12 07:11:53 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.10.12 07:11:53 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\Avira
[2011.10.12 07:11:53 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Avira
[2011.10.11 18:37:32 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011.10.11 18:37:31 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll
[2011.10.11 17:38:37 | 000,000,000 | -H-D | C] -- C:\Windows\temp
[2011.10.11 17:33:10 | 000,000,000 | -H-D | C] -- C:\$RECYCLE.BIN
[2011.10.11 16:45:15 | 000,518,144 | -H-- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.10.11 16:45:15 | 000,406,528 | -H-- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.10.11 16:45:15 | 000,060,416 | -H-- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.10.11 16:45:11 | 000,000,000 | -H-D | C] -- C:\Windows\ERDNT
[2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox
[2011.10.11 16:28:17 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Local\jZip
[2011.10.11 16:27:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jZip
[2011.10.11 16:27:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\jZip
[2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Symantec
[2011.10.08 21:01:19 | 000,000,000 | -H-D | C] -- C:\ProgramData\Norton
[2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\NortonInstaller
[2011.10.08 21:01:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NortonInstaller
[1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.11.07 16:46:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Theresa\Desktop\OTL(1).exe
[2011.11.07 16:31:09 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2011.11.07 16:31:09 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2011.11.07 16:31:06 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2011.11.07 16:25:44 | 001,304,322 | ---- | M] () -- C:\Users\Theresa\Desktop\regsicherung.reg
[2011.11.07 15:59:01 | 000,001,124 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.07 14:31:42 | 000,229,763 | ---- | M] () -- C:\Users\Theresa\Documents\Fringe.mp3
[2011.11.07 13:19:36 | 001,531,014 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.07 13:19:36 | 000,666,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.07 13:19:36 | 000,628,098 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.07 13:19:36 | 000,134,178 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.07 13:19:36 | 000,110,560 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.07 12:33:09 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Theresa\Desktop\esetsmartinstaller_enu.exe
[2011.11.07 12:26:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 12:26:10 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.07 12:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.11.07 12:19:07 | 000,001,120 | -H-- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.07 12:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.07 12:17:10 | 3151,839,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.07 09:43:16 | 000,000,799 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.07 08:31:05 | 000,000,000 | ---- | M] () -- C:\Users\Theresa\defogger_reenable
[2011.11.02 10:13:20 | 000,203,577 | -H-- | M] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png
[2011.11.01 18:01:15 | 000,002,454 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2011.11.01 17:13:48 | 000,000,085 | -H-- | M] () -- C:\Windows\wininit.ini
[2011.11.01 16:45:42 | 000,001,256 | -H-- | M] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 16:46:15 | 000,043,198 | -H-- | M] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg
[2011.10.29 16:45:55 | 000,020,869 | -H-- | M] () -- C:\Users\Theresa\Desktop\a.jpg
[2011.10.29 14:51:59 | 000,059,776 | -H-- | M] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt
[2011.10.29 09:12:25 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRW
[2011.10.29 09:12:25 | 000,000,088 | -H-- | M] () -- C:\ProgramData\~9lVK7dmpdonxRWr
[2011.10.29 09:12:14 | 000,000,336 | -H-- | M] () -- C:\ProgramData\9lVK7dmpdonxRW
[2011.10.28 23:33:51 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.28 23:33:50 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.28 23:33:36 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.28 16:49:33 | 000,000,440 | -H-- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,224 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,112 | -H-- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk
[2011.10.20 09:45:49 | 000,364,927 | -H-- | M] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip
[2011.10.14 15:31:04 | 000,001,470 | -H-- | M] () -- C:\Users\Theresa\.recently-used.xbel
[2011.10.14 11:14:43 | 000,293,616 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.10.11 17:33:08 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.10.08 20:56:04 | 000,001,259 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[1 C:\Users\Theresa\Desktop\*.tmp files -> C:\Users\Theresa\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.11.07 16:31:09 | 000,000,418 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2011.11.07 16:31:08 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2011.11.07 16:31:06 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2011.11.07 16:25:43 | 001,304,322 | ---- | C] () -- C:\Users\Theresa\Desktop\regsicherung.reg
[2011.11.07 14:31:24 | 000,229,763 | ---- | C] () -- C:\Users\Theresa\Documents\Fringe.mp3
[2011.11.07 09:43:16 | 000,000,799 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.11.07 08:31:05 | 000,000,000 | ---- | C] () -- C:\Users\Theresa\defogger_reenable
[2011.11.02 10:12:59 | 000,203,577 | -H-- | C] () -- C:\Users\Theresa\Desktop\IMG_02112011_151244.png
[2011.11.01 17:13:48 | 000,000,085 | -H-- | C] () -- C:\Windows\wininit.ini
[2011.11.01 16:45:42 | 000,001,256 | -H-- | C] () -- C:\Users\Theresa\Desktop\Spybot - Search & Destroy.lnk
[2011.10.29 16:46:02 | 000,043,198 | -H-- | C] () -- C:\Users\Theresa\Desktop\samstag 16.juli.jpg
[2011.10.29 16:45:33 | 000,020,869 | -H-- | C] () -- C:\Users\Theresa\Desktop\a.jpg
[2011.10.29 14:51:56 | 000,059,776 | -H-- | C] () -- C:\Users\Theresa\Desktop\You will not need a program called System Recovery if there.odt
[2011.10.29 09:12:25 | 000,000,088 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRWr
[2011.10.29 09:12:24 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~9lVK7dmpdonxRW
[2011.10.29 09:12:14 | 000,000,336 | -H-- | C] () -- C:\ProgramData\9lVK7dmpdonxRW
[2011.10.28 23:33:50 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
[2011.10.28 23:33:50 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
[2011.10.28 23:33:36 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
[2011.10.28 16:46:44 | 000,000,224 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP
[2011.10.28 16:46:44 | 000,000,112 | -H-- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr
[2011.10.28 16:46:25 | 000,000,659 | -H-- | C] () -- C:\Users\Theresa\Desktop\System Restore.lnk
[2011.10.28 16:46:22 | 000,000,440 | -H-- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP
[2011.10.20 09:45:53 | 000,055,936 | -H-- | C] () -- C:\Users\Theresa\Desktop\Setup.exe
[2011.10.20 09:25:00 | 000,364,927 | -H-- | C] () -- C:\Users\Theresa\Documents\WinFlash_WIN7_32_WIN7_64_z2310.zip
[2011.10.14 15:31:04 | 000,001,470 | -H-- | C] () -- C:\Users\Theresa\.recently-used.xbel
[2011.10.11 16:45:15 | 000,256,000 | -H-- | C] () -- C:\Windows\PEV.exe
[2011.10.11 16:45:15 | 000,208,896 | -H-- | C] () -- C:\Windows\MBR.exe
[2011.10.11 16:45:15 | 000,098,816 | -H-- | C] () -- C:\Windows\sed.exe
[2011.10.11 16:45:15 | 000,080,412 | -H-- | C] () -- C:\Windows\grep.exe
[2011.10.11 16:45:15 | 000,068,096 | -H-- | C] () -- C:\Windows\zip.exe
[2011.08.05 11:40:12 | 000,000,428 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2011.08.01 14:24:55 | 001,557,708 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.08 01:40:56 | 000,960,940 | -H-- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.04.08 01:40:54 | 000,213,332 | -H-- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.04.08 01:40:53 | 000,145,804 | -H-- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2009.10.25 22:38:22 | 000,000,176 | -H-- | C] () -- C:\Windows\explorer.exe.config
[2009.07.29 00:20:40 | 000,000,010 | -H-- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009.07.14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.13 21:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.13 21:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage
[2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon
[2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
[2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0
[2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org
[2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client
[2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10
[2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP
[2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon
[2011.11.07 16:31:09 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\RegCure Program Check.job
[2011.11.07 16:31:09 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\RegCure.job
[2011.10.24 18:44:12 | 000,032,614 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.01 20:10:09 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Adobe
[2011.08.16 12:07:23 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Apple Computer
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Asus WebStorage
[2011.10.12 07:12:15 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Avira
[2011.10.10 22:20:10 | 000,000,000 | -HSD | M] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Canon
[2011.10.08 21:30:27 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DivX
[2011.10.20 09:45:49 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Download Manager
[2011.09.06 20:24:40 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoft
[2011.08.06 11:44:07 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.01 20:10:11 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\FLEXnet
[2011.11.01 20:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\gtk-2.0
[2011.08.01 12:05:48 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Identities
[2011.08.01 12:10:19 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Macromedia
[2011.09.25 18:17:24 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Malwarebytes
[2009.07.14 02:44:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Media Center Programs
[2011.11.01 20:13:41 | 000,000,000 | --SD | M] -- C:\Users\Theresa\AppData\Roaming\Microsoft
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Mozilla
[2011.08.01 12:26:26 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Nuance
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\OpenOffice.org
[2011.08.05 11:32:30 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\ScanSoft
[2011.11.07 16:48:49 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Skype
[2011.11.01 20:10:13 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\SoftGrid Client
[2011.10.04 22:16:03 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TIPP10
[2011.08.01 14:25:38 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\TP
[2011.11.01 20:10:14 | 000,000,000 | -H-D | M] -- C:\Users\Theresa\AppData\Roaming\Zeon
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.13 20:52:21 | 000,061,008 | -H-- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.13 20:52:21 | 000,024,128 | -H-- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.13 20:15:06 | 000,012,288 | -H-- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.13 20:40:20 | 000,018,944 | -H-- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.09.13 05:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\eSupport\eDriver\Software\Other\Intel\IRST\iaStor.sys
[2010.09.13 05:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 05:24:26 | 000,437,272 | -H-- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 08:33:38 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.01.12 11:20:46 | 000,410,504 | -H-- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 01:19:16 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 01:41:26 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 01:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 01:23:00 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 01:23:00 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 01:25:49 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.13 20:48:04 | 000,410,688 | -H-- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.13 20:48:04 | 000,410,688 | -H-- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.01.12 11:20:46 | 000,410,496 | -H-- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.13 20:41:52 | 000,692,736 | -H-- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 08:27:22 | 000,695,808 | -H-- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 07:20:28 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.13 20:16:02 | 000,563,712 | -H-- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.01.12 11:20:46 | 000,166,280 | -H-- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.13 20:45:45 | 000,167,488 | -H-- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.13 20:45:45 | 000,167,488 | -H-- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 01:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 01:23:06 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 01:23:06 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 01:25:53 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.01.12 11:20:46 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 01:19:21 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 01:41:34 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 08:33:48 | 000,166,272 | -H-- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.13 20:16:13 | 000,175,616 | -H-- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.13 20:41:53 | 000,232,448 | -H-- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 07:21:04 | 000,175,616 | -H-- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 08:27:25 | 000,232,960 | -H-- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 07:08:57 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.13 20:41:56 | 001,008,640 | -H-- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\ERDNT\cache64\user32.dll
[2009.07.13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.13 20:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.13 20:11:24 | 000,833,024 | -H-- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\ERDNT\cache86\user32.dll
[2009.07.13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.13 20:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 08:27:27 | 001,008,128 | -H-- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 07:17:48 | 000,026,624 | -H-- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | -H-- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 08:25:24 | 000,030,720 | -H-- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.13 20:39:52 | 000,129,024 | -H-- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.13 20:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | -H-- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 08:25:30 | 000,390,656 | -H-- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | -H-- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2011.01.12 09:51:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.13 19:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.13 20:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll
[2009.07.13 20:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.13 20:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.08.19 23:35:00 | 010,990,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
[2011.08.19 23:35:00 | 000,185,856 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\iepeers.dll
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >
         
--- --- ---


Alt 08.11.2011, 03:32   #6
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Ich hab grad beim rumstöbern hier im Forum entdeckt, dass sie hier:

http://www.trojaner-board.de/104051-...ermeldung.html

genau das Problem beschreibt, was ich auch habe. Überall heißt es ja immer man sollte aber bloß nicht einfach die Schritte befolgen, die jemand anderem empfohlen werden, weil jedes Problem individuell ist. Deshalb dachte ich, ich frag einfach mal nach, denkst du ich sollte es mal mit Combofix usw. probieren?

Alt 08.11.2011, 09:33   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Zitat:
Deshalb dachte ich, ich frag einfach mal nach, denkst du ich sollte es mal mit Combofix usw. probieren?
Witzig, du hast ja schonmal CF ausgeführt!

=> [2011.10.11 16:45:08 | 000,000,000 | -H-D | C] -- C:\Qoobox

Das Log dazu bitte nachreichen!!





Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9F 08 E8 0A 4F A6 BA 4D B9 6B 5D 43 F0 A6 04 45  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49434
FF - prefs.js..network.proxy.type: 0
[2011.10.28 16:46:25 | 000,000,000 | -H-D | C] -- C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore
[2011.10.10 22:05:06 | 000,000,000 | -HSD | C] -- C:\Users\Theresa\AppData\Roaming\C4136249
[2011.11.07 12:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011.10.28 16:46:25 | 000,000,659 | -H-- | M] () -- C:\Users\Theresa\Desktop\System Restore.lnk
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:DFC5A2B2
:Files
C:\WINDOWS\svchost.exe
C:\ProgramData\~9
C:\ProgramData\~6
C:\ProgramData\~1
C:\ProgramData\9
C:\ProgramData\6
C:\ProgramData\1
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.11.2011, 02:35   #8
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Ja stimmt ich hab schon mal combofix laufen lassen, aber das war vor einem monat, da hatte ich einen anderen virus drauf und damit ist er dann verschwunden aber ich weiß nicht wo ich die logdatei finden soll, weil ich keinen zugriff auf meine ordner und programme habe, die sind alle weg oder eben versteckt. Ich hab eben mal combofix gestartet um zu gucken ob man dort die logdateien abrufen kann, aber der hat dann nur direkt einen scan gemacht.Sschon mal was sich verändert hat...in meiner startzeile steht jetzt rechts wieder dokumente, bilder, musik, computer, systemsteuerung und hilfe und support, aber meine programme und ordner sind immer noch weg und mein desktophintergrund auch immer noch schwarz und ich kann ihn auch nicht ändern aber das system restore und die fehlermeldungen erscheinen nicht mehr beim starten
also hier dann die logdatei von OTL

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{472734EA-242A-422b-ADF8-83D1E48CC825} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{472734EA-242A-422b-ADF8-83D1E48CC825}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 49434 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Folder C:\Users\Theresa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Restore\ not found.
C:\Users\Theresa\AppData\Roaming\C4136249 folder moved successfully.
C:\Windows\SysNative\acovcnt.exe moved successfully.
C:\Users\Theresa\Desktop\System Restore.lnk moved successfully.
ADS C:\ProgramData\TempFC5A2B2 deleted successfully.
========== FILES ==========
C:\WINDOWS\svchost.exe moved successfully.
File\Folder C:\ProgramData\~9 not found.
File\Folder C:\ProgramData\~6 not found.
File\Folder C:\ProgramData\~1 not found.
File\Folder C:\ProgramData\9 not found.
File\Folder C:\ProgramData\6 not found.
File\Folder C:\ProgramData\1 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Theresa
->Temp folder emptied: 2678 bytes
->Temporary Internet Files folder emptied: 47246722 bytes
->Java cache emptied: 380974 bytes
->FireFox cache emptied: 75719685 bytes
->Flash cache emptied: 25818 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 213789475 bytes
->Flash cache emptied: 8488 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13398019 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 334,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 11082011_201048

Files\Folders moved on Reboot...
C:\Users\Theresa\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 09.11.2011, 10:04   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner Quarantine in C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.11.2011, 05:24   #10
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Hey, ich hab den Quarantäne Ordner hochgeladen. Außerdem hab ich dieses Program ausprobiert hxxp://download.bleepingcomputer.com/grinler/unhide.exe weil ich ganz dringend Dateien von mir benötigte. Ich war richtig überrascht, meine Programme und meine Dateien sind dadurch alle wieder aufgetauscht und auch meinen Desktophintergrund kann ich jetzt wieder ändern. Allerdings ist mein Laptop heute wieder einmal abgestürzt und hat mir einen blue screen angezeigt. Danke noch mal für die Hilfe, ich bin jetzt schon voll begeistert, hatte es eigentlich vorher schon aufgegeben

Alt 10.11.2011, 11:56   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.11.2011, 01:47   #12
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



okay,hier ist es...




19:37:27.0836 1304 TDSS rootkit removing tool 2.6.17.0 Nov 9 2011 16:48:26
19:37:28.0007 1304 ============================================================
19:37:28.0007 1304 Current date / time: 2011/11/10 19:37:28.0007
19:37:28.0007 1304 SystemInfo:
19:37:28.0007 1304
19:37:28.0007 1304 OS Version: 6.1.7600 ServicePack: 0.0
19:37:28.0007 1304 Product type: Workstation
19:37:28.0007 1304 ComputerName: THERESA-PC
19:37:28.0007 1304 UserName: Theresa
19:37:28.0007 1304 Windows directory: C:\Windows
19:37:28.0007 1304 System windows directory: C:\Windows
19:37:28.0007 1304 Running under WOW64
19:37:28.0007 1304 Processor architecture: Intel x64
19:37:28.0007 1304 Number of processors: 4
19:37:28.0007 1304 Page size: 0x1000
19:37:28.0007 1304 Boot type: Normal boot
19:37:28.0007 1304 ============================================================
19:37:29.0505 1304 Initialize success
19:37:39.0083 4956 ============================================================
19:37:39.0083 4956 Scan started
19:37:39.0083 4956 Mode: Manual; SigCheck; TDLFS;
19:37:39.0083 4956 ============================================================
19:37:41.0726 4956 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
19:37:42.0034 4956 1394ohci - ok
19:37:42.0487 4956 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
19:37:42.0518 4956 ACPI - ok
19:37:42.0956 4956 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
19:37:43.0548 4956 AcpiPmi - ok
19:37:44.0127 4956 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:37:44.0158 4956 adp94xx - ok
19:37:44.0283 4956 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:37:44.0314 4956 adpahci - ok
19:37:44.0392 4956 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:37:44.0407 4956 adpu320 - ok
19:37:44.0532 4956 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
19:37:44.0579 4956 AFD - ok
19:37:44.0626 4956 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
19:37:44.0657 4956 agp440 - ok
19:37:44.0782 4956 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
19:37:44.0813 4956 aliide - ok
19:37:44.0875 4956 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
19:37:44.0907 4956 amdide - ok
19:37:45.0094 4956 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:37:45.0187 4956 AmdK8 - ok
19:37:45.0343 4956 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:37:45.0437 4956 AmdPPM - ok
19:37:45.0546 4956 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
19:37:45.0577 4956 amdsata - ok
19:37:45.0624 4956 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:37:45.0655 4956 amdsbs - ok
19:37:45.0702 4956 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
19:37:45.0718 4956 amdxata - ok
19:37:45.0765 4956 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
19:37:45.0889 4956 AppID - ok
19:37:45.0967 4956 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:37:45.0999 4956 arc - ok
19:37:46.0045 4956 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:37:46.0077 4956 arcsas - ok
19:37:46.0186 4956 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
19:37:46.0295 4956 ASMMAP64 - ok
19:37:46.0326 4956 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:37:46.0404 4956 AsyncMac - ok
19:37:46.0467 4956 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
19:37:46.0498 4956 atapi - ok
19:37:46.0576 4956 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
19:37:46.0716 4956 athr - ok
19:37:46.0857 4956 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
19:37:46.0872 4956 ATKWMIACPIIO - ok
19:37:47.0028 4956 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:37:47.0059 4956 avgntflt - ok
19:37:47.0091 4956 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
19:37:47.0122 4956 avipbb - ok
19:37:47.0137 4956 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:37:47.0153 4956 avkmgr - ok
19:37:47.0247 4956 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:37:47.0340 4956 b06bdrv - ok
19:37:47.0403 4956 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:37:47.0481 4956 b57nd60a - ok
19:37:47.0543 4956 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:37:47.0621 4956 Beep - ok
19:37:47.0699 4956 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:37:47.0777 4956 blbdrive - ok
19:37:47.0886 4956 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
19:37:47.0995 4956 bowser - ok
19:37:48.0089 4956 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:37:48.0136 4956 BrFiltLo - ok
19:37:48.0151 4956 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:37:48.0167 4956 BrFiltUp - ok
19:37:48.0198 4956 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:37:48.0245 4956 Brserid - ok
19:37:48.0276 4956 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:37:48.0323 4956 BrSerWdm - ok
19:37:48.0323 4956 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:37:48.0370 4956 BrUsbMdm - ok
19:37:48.0370 4956 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:37:48.0401 4956 BrUsbSer - ok
19:37:48.0479 4956 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
19:37:48.0573 4956 BthEnum - ok
19:37:48.0604 4956 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:37:48.0682 4956 BTHMODEM - ok
19:37:48.0713 4956 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
19:37:48.0775 4956 BthPan - ok
19:37:48.0853 4956 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
19:37:48.0947 4956 BTHPORT - ok
19:37:49.0009 4956 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
19:37:49.0041 4956 BTHUSB - ok
19:37:49.0212 4956 catchme - ok
19:37:49.0275 4956 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:37:49.0384 4956 cdfs - ok
19:37:49.0431 4956 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
19:37:49.0493 4956 cdrom - ok
19:37:49.0540 4956 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:37:49.0602 4956 circlass - ok
19:37:49.0649 4956 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:37:49.0665 4956 CLFS - ok
19:37:49.0789 4956 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:37:49.0836 4956 CmBatt - ok
19:37:49.0852 4956 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
19:37:49.0867 4956 cmdide - ok
19:37:49.0899 4956 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
19:37:49.0992 4956 CNG - ok
19:37:50.0039 4956 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:37:50.0070 4956 Compbatt - ok
19:37:50.0117 4956 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:37:50.0179 4956 CompositeBus - ok
19:37:50.0211 4956 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:37:50.0242 4956 crcdisk - ok
19:37:50.0335 4956 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
19:37:50.0382 4956 DfsC - ok
19:37:50.0429 4956 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:37:50.0523 4956 discache - ok
19:37:50.0616 4956 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:37:50.0647 4956 Disk - ok
19:37:50.0710 4956 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:37:50.0757 4956 drmkaud - ok
19:37:50.0819 4956 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
19:37:50.0897 4956 DXGKrnl - ok
19:37:50.0991 4956 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:37:51.0162 4956 ebdrv - ok
19:37:51.0256 4956 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:37:51.0303 4956 elxstor - ok
19:37:51.0303 4956 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
19:37:51.0349 4956 ErrDev - ok
19:37:51.0396 4956 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
19:37:51.0427 4956 ETD - ok
19:37:51.0459 4956 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:37:51.0537 4956 exfat - ok
19:37:51.0568 4956 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:37:51.0630 4956 fastfat - ok
19:37:51.0661 4956 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:37:51.0708 4956 fdc - ok
19:37:51.0755 4956 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:37:51.0771 4956 FileInfo - ok
19:37:51.0802 4956 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:37:51.0880 4956 Filetrace - ok
19:37:51.0911 4956 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:37:51.0942 4956 flpydisk - ok
19:37:51.0973 4956 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
19:37:52.0005 4956 FltMgr - ok
19:37:52.0020 4956 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:37:52.0036 4956 FsDepends - ok
19:37:52.0098 4956 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
19:37:52.0114 4956 fssfltr - ok
19:37:52.0176 4956 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:37:52.0207 4956 Fs_Rec - ok
19:37:52.0254 4956 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:37:52.0270 4956 fvevol - ok
19:37:52.0317 4956 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:37:52.0348 4956 gagp30kx - ok
19:37:52.0395 4956 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:37:52.0426 4956 GEARAspiWDM - ok
19:37:52.0519 4956 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:37:52.0566 4956 hcw85cir - ok
19:37:52.0582 4956 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
19:37:52.0675 4956 HdAudAddService - ok
19:37:52.0785 4956 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:37:52.0847 4956 HDAudBus - ok
19:37:52.0863 4956 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:37:52.0925 4956 HidBatt - ok
19:37:52.0956 4956 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:37:53.0003 4956 HidBth - ok
19:37:53.0019 4956 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:37:53.0065 4956 HidIr - ok
19:37:53.0081 4956 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
19:37:53.0112 4956 HidUsb - ok
19:37:53.0143 4956 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:37:53.0175 4956 HpSAMD - ok
19:37:53.0237 4956 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
19:37:53.0331 4956 HTTP - ok
19:37:53.0362 4956 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
19:37:53.0362 4956 hwpolicy - ok
19:37:53.0393 4956 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
19:37:53.0409 4956 i8042prt - ok
19:37:53.0471 4956 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
19:37:53.0487 4956 iaStor - ok
19:37:53.0549 4956 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
19:37:53.0611 4956 iaStorV - ok
19:37:53.0861 4956 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
19:37:54.0298 4956 igfx - ok
19:37:54.0423 4956 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:37:54.0454 4956 iirsp - ok
19:37:54.0625 4956 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
19:37:54.0766 4956 IntcAzAudAddService - ok
19:37:54.0891 4956 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
19:37:54.0953 4956 IntcDAud - ok
19:37:55.0031 4956 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
19:37:55.0047 4956 intelide - ok
19:37:55.0093 4956 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:37:55.0125 4956 intelppm - ok
19:37:55.0140 4956 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:37:55.0203 4956 IpFilterDriver - ok
19:37:55.0234 4956 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:37:55.0265 4956 IPMIDRV - ok
19:37:55.0327 4956 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:37:55.0390 4956 IPNAT - ok
19:37:55.0437 4956 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:37:55.0483 4956 IRENUM - ok
19:37:55.0515 4956 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
19:37:55.0530 4956 isapnp - ok
19:37:55.0561 4956 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
19:37:55.0593 4956 iScsiPrt - ok
19:37:55.0639 4956 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
19:37:55.0671 4956 kbdclass - ok
19:37:55.0733 4956 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
19:37:55.0795 4956 kbdhid - ok
19:37:55.0842 4956 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
19:37:55.0873 4956 kbfiltr - ok
19:37:55.0905 4956 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
19:37:55.0936 4956 KSecDD - ok
19:37:55.0967 4956 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
19:37:55.0983 4956 KSecPkg - ok
19:37:56.0029 4956 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:37:56.0123 4956 ksthunk - ok
19:37:56.0435 4956 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:37:56.0544 4956 lltdio - ok
19:37:56.0591 4956 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:37:56.0622 4956 LSI_FC - ok
19:37:56.0638 4956 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:37:56.0653 4956 LSI_SAS - ok
19:37:56.0716 4956 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:37:56.0747 4956 LSI_SAS2 - ok
19:37:56.0763 4956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:37:56.0778 4956 LSI_SCSI - ok
19:37:56.0809 4956 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:37:56.0872 4956 luafv - ok
19:37:56.0950 4956 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
19:37:56.0981 4956 MBAMProtector - ok
19:37:57.0028 4956 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:37:57.0059 4956 megasas - ok
19:37:57.0075 4956 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:37:57.0106 4956 MegaSR - ok
19:37:57.0168 4956 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
19:37:57.0184 4956 MEIx64 - ok
19:37:57.0199 4956 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:37:57.0293 4956 Modem - ok
19:37:57.0340 4956 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:37:57.0387 4956 monitor - ok
19:37:57.0449 4956 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:37:57.0480 4956 mouclass - ok
19:37:57.0496 4956 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:37:57.0543 4956 mouhid - ok
19:37:57.0621 4956 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
19:37:57.0652 4956 mountmgr - ok
19:37:57.0667 4956 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
19:37:57.0683 4956 mpio - ok
19:37:57.0730 4956 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:37:57.0855 4956 mpsdrv - ok
19:37:57.0870 4956 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
19:37:57.0917 4956 MRxDAV - ok
19:37:57.0964 4956 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:58.0011 4956 mrxsmb - ok
19:37:58.0057 4956 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:58.0120 4956 mrxsmb10 - ok
19:37:58.0151 4956 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:58.0167 4956 mrxsmb20 - ok
19:37:58.0198 4956 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
19:37:58.0213 4956 msahci - ok
19:37:58.0245 4956 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
19:37:58.0260 4956 msdsm - ok
19:37:58.0323 4956 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:37:58.0416 4956 Msfs - ok
19:37:58.0463 4956 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:37:58.0557 4956 mshidkmdf - ok
19:37:58.0572 4956 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
19:37:58.0588 4956 msisadrv - ok
19:37:58.0635 4956 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:37:58.0697 4956 MSKSSRV - ok
19:37:58.0713 4956 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:58.0775 4956 MSPCLOCK - ok
19:37:58.0775 4956 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:37:58.0837 4956 MSPQM - ok
19:37:58.0869 4956 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
19:37:58.0884 4956 MsRPC - ok
19:37:58.0915 4956 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:58.0915 4956 mssmbios - ok
19:37:58.0931 4956 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:37:58.0962 4956 MSTEE - ok
19:37:58.0978 4956 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:37:59.0009 4956 MTConfig - ok
19:37:59.0040 4956 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:37:59.0056 4956 Mup - ok
19:37:59.0103 4956 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:37:59.0196 4956 NativeWifiP - ok
19:37:59.0274 4956 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
19:37:59.0337 4956 NDIS - ok
19:37:59.0383 4956 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:37:59.0446 4956 NdisCap - ok
19:37:59.0493 4956 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:59.0586 4956 NdisTapi - ok
19:37:59.0633 4956 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:59.0695 4956 Ndisuio - ok
19:37:59.0727 4956 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:59.0789 4956 NdisWan - ok
19:37:59.0820 4956 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
19:37:59.0867 4956 NDProxy - ok
19:37:59.0914 4956 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:37:59.0961 4956 NetBIOS - ok
19:37:59.0992 4956 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
19:38:00.0054 4956 NetBT - ok
19:38:00.0117 4956 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:38:00.0132 4956 nfrd960 - ok
19:38:00.0180 4956 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:38:00.0236 4956 Npfs - ok
19:38:00.0267 4956 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:38:00.0325 4956 nsiproxy - ok
19:38:00.0415 4956 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
19:38:00.0586 4956 Ntfs - ok
19:38:00.0609 4956 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:38:00.0680 4956 Null - ok
19:38:01.0015 4956 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:38:01.0501 4956 nvlddmkm - ok
19:38:01.0611 4956 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
19:38:01.0642 4956 nvpciflt - ok
19:38:01.0720 4956 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
19:38:01.0751 4956 nvraid - ok
19:38:01.0798 4956 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
19:38:01.0829 4956 nvstor - ok
19:38:01.0891 4956 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
19:38:01.0938 4956 nv_agp - ok
19:38:01.0938 4956 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
19:38:02.0001 4956 ohci1394 - ok
19:38:02.0063 4956 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:38:02.0110 4956 Parport - ok
19:38:02.0141 4956 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
19:38:02.0157 4956 partmgr - ok
19:38:02.0188 4956 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
19:38:02.0203 4956 pci - ok
19:38:02.0266 4956 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:38:02.0297 4956 pciide - ok
19:38:02.0328 4956 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:38:02.0344 4956 pcmcia - ok
19:38:02.0375 4956 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:38:02.0391 4956 pcw - ok
19:38:02.0422 4956 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:38:02.0515 4956 PEAUTH - ok
19:38:02.0671 4956 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
19:38:02.0812 4956 PptpMiniport - ok
19:38:02.0890 4956 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:38:02.0921 4956 Processor - ok
19:38:02.0952 4956 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
19:38:02.0999 4956 Psched - ok
19:38:03.0077 4956 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:38:03.0186 4956 ql2300 - ok
19:38:03.0202 4956 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:38:03.0217 4956 ql40xx - ok
19:38:03.0249 4956 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:38:03.0311 4956 QWAVEdrv - ok
19:38:03.0327 4956 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:38:03.0389 4956 RasAcd - ok
19:38:03.0451 4956 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:38:03.0514 4956 RasAgileVpn - ok
19:38:03.0576 4956 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:38:03.0639 4956 Rasl2tp - ok
19:38:03.0685 4956 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:38:03.0810 4956 RasPppoe - ok
19:38:03.0857 4956 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:38:03.0966 4956 RasSstp - ok
19:38:03.0997 4956 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
19:38:04.0044 4956 rdbss - ok
19:38:04.0075 4956 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:38:04.0107 4956 rdpbus - ok
19:38:04.0153 4956 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:38:04.0231 4956 RDPCDD - ok
19:38:04.0263 4956 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:38:04.0341 4956 RDPENCDD - ok
19:38:04.0372 4956 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:38:04.0450 4956 RDPREFMP - ok
19:38:04.0481 4956 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
19:38:04.0543 4956 RDPWD - ok
19:38:04.0606 4956 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
19:38:04.0637 4956 rdyboost - ok
19:38:04.0684 4956 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
19:38:04.0777 4956 RFCOMM - ok
19:38:04.0824 4956 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:38:04.0933 4956 rspndr - ok
19:38:04.0965 4956 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
19:38:04.0996 4956 RSUSBVSTOR - ok
19:38:05.0058 4956 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:38:05.0105 4956 RTL8167 - ok
19:38:05.0136 4956 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
19:38:05.0167 4956 sbp2port - ok
19:38:05.0230 4956 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
19:38:05.0323 4956 scfilter - ok
19:38:05.0370 4956 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:38:05.0417 4956 secdrv - ok
19:38:05.0464 4956 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:38:05.0526 4956 Serenum - ok
19:38:05.0526 4956 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:38:05.0557 4956 Serial - ok
19:38:05.0589 4956 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:38:05.0620 4956 sermouse - ok
19:38:05.0635 4956 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
19:38:05.0698 4956 sffdisk - ok
19:38:05.0713 4956 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:38:05.0745 4956 sffp_mmc - ok
19:38:05.0760 4956 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:38:05.0791 4956 sffp_sd - ok
19:38:05.0791 4956 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:38:05.0823 4956 sfloppy - ok
19:38:05.0901 4956 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
19:38:05.0963 4956 Sftfs - ok
19:38:06.0010 4956 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
19:38:06.0057 4956 Sftplay - ok
19:38:06.0088 4956 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
19:38:06.0103 4956 Sftredir - ok
19:38:06.0150 4956 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
19:38:06.0166 4956 Sftvol - ok
19:38:06.0244 4956 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
19:38:06.0275 4956 SiSGbeLH - ok
19:38:06.0306 4956 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:38:06.0337 4956 SiSRaid2 - ok
19:38:06.0353 4956 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:38:06.0369 4956 SiSRaid4 - ok
19:38:06.0369 4956 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:38:06.0447 4956 Smb - ok
19:38:06.0525 4956 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:38:06.0540 4956 spldr - ok
19:38:06.0634 4956 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
19:38:06.0727 4956 srv - ok
19:38:06.0774 4956 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
19:38:06.0852 4956 srv2 - ok
19:38:06.0899 4956 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
19:38:06.0961 4956 srvnet - ok
19:38:07.0039 4956 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:38:07.0055 4956 stexstor - ok
19:38:07.0133 4956 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
19:38:07.0195 4956 StillCam - ok
19:38:07.0242 4956 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
19:38:07.0258 4956 swenum - ok
19:38:07.0383 4956 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
19:38:07.0554 4956 Tcpip - ok
19:38:07.0585 4956 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
19:38:07.0632 4956 TCPIP6 - ok
19:38:07.0741 4956 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
19:38:07.0851 4956 tcpipreg - ok
19:38:07.0929 4956 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:38:08.0007 4956 TDPIPE - ok
19:38:08.0022 4956 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:38:08.0069 4956 TDTCP - ok
19:38:08.0100 4956 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
19:38:08.0163 4956 tdx - ok
19:38:08.0194 4956 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
19:38:08.0225 4956 TermDD - ok
19:38:08.0303 4956 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:38:08.0365 4956 tssecsrv - ok
19:38:08.0428 4956 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
19:38:08.0490 4956 tunnel - ok
19:38:08.0521 4956 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:38:08.0537 4956 uagp35 - ok
19:38:08.0553 4956 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
19:38:08.0615 4956 udfs - ok
19:38:08.0646 4956 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:38:08.0662 4956 uliagpkx - ok
19:38:08.0709 4956 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
19:38:08.0755 4956 umbus - ok
19:38:08.0771 4956 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:38:08.0802 4956 UmPass - ok
19:38:08.0865 4956 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
19:38:08.0927 4956 usbccgp - ok
19:38:08.0958 4956 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
19:38:09.0005 4956 usbcir - ok
19:38:09.0036 4956 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
19:38:09.0099 4956 usbehci - ok
19:38:09.0145 4956 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
19:38:09.0239 4956 usbhub - ok
19:38:09.0270 4956 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
19:38:09.0333 4956 usbohci - ok
19:38:09.0364 4956 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:38:09.0411 4956 usbprint - ok
19:38:09.0442 4956 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:38:09.0473 4956 USBSTOR - ok
19:38:09.0535 4956 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
19:38:09.0567 4956 usbuhci - ok
19:38:09.0645 4956 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
19:38:09.0691 4956 usbvideo - ok
19:38:09.0738 4956 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:38:09.0769 4956 vdrvroot - ok
19:38:09.0832 4956 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:38:09.0847 4956 vga - ok
19:38:09.0894 4956 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:38:10.0019 4956 VgaSave - ok
19:38:10.0035 4956 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
19:38:10.0050 4956 vhdmp - ok
19:38:10.0097 4956 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
19:38:10.0113 4956 viaide - ok
19:38:10.0159 4956 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
19:38:10.0175 4956 volmgr - ok
19:38:10.0222 4956 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
19:38:10.0237 4956 volmgrx - ok
19:38:10.0284 4956 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
19:38:10.0331 4956 volsnap - ok
19:38:10.0409 4956 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:38:10.0440 4956 vsmraid - ok
19:38:10.0471 4956 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:38:10.0534 4956 vwifibus - ok
19:38:10.0581 4956 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:38:10.0627 4956 vwififlt - ok
19:38:10.0705 4956 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:38:10.0752 4956 WacomPen - ok
19:38:10.0799 4956 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:10.0861 4956 WANARP - ok
19:38:10.0893 4956 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
19:38:10.0939 4956 Wanarpv6 - ok
19:38:11.0033 4956 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:38:11.0049 4956 Wd - ok
19:38:11.0173 4956 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:38:11.0236 4956 Wdf01000 - ok
19:38:11.0298 4956 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:38:11.0329 4956 WfpLwf - ok
19:38:11.0454 4956 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
19:38:11.0485 4956 WimFltr - ok
19:38:11.0501 4956 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:38:11.0517 4956 WIMMount - ok
19:38:11.0579 4956 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:38:11.0626 4956 WmiAcpi - ok
19:38:11.0673 4956 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:38:11.0719 4956 ws2ifsl - ok
19:38:11.0766 4956 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
19:38:11.0891 4956 WudfPf - ok
19:38:11.0922 4956 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:38:11.0985 4956 WUDFRd - ok
19:38:12.0031 4956 MBR (0x1B8) (950dcd2e3db597e6b62b2b7124557fec) \Device\Harddisk0\DR0
19:38:12.0031 4956 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
19:38:12.0031 4956 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
19:38:12.0125 4956 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:38:12.0125 4956 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:38:12.0156 4956 Boot (0x1200) (36f051b353f0e2e5b500817ef97c9750) \Device\Harddisk0\DR0\Partition0
19:38:12.0156 4956 \Device\Harddisk0\DR0\Partition0 - ok
19:38:12.0172 4956 Boot (0x1200) (8558885ac146a853f9aa57c214e29368) \Device\Harddisk0\DR0\Partition1
19:38:12.0172 4956 \Device\Harddisk0\DR0\Partition1 - ok
19:38:12.0172 4956 ============================================================
19:38:12.0172 4956 Scan finished
19:38:12.0172 4956 ============================================================
19:38:12.0203 5008 Detected object count: 2
19:38:12.0203 5008 Actual detected object count: 2
19:44:44.0298 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:44:44.0313 5008 \Device\Harddisk0\DR0 - ok
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Alt 11.11.2011, 13:48   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Zitat:
19:44:44.0298 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
19:44:44.0313 5008 \Device\Harddisk0\DR0 - ok
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:44:44.0313 5008 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
Bitte die Anleitungen richtig lesen!
Du solltest erstmal nur das Log erstellen aber noch nichts entfernen!
Der Hinweis dazu war extra fett und in blauer Schrift angebracht!

In deinem Fall müssen aber beide Einträge weg, Rootkit.Boot.Pihar.b sowie TDSS File System.
Beides mit dem TDSS-Killer entfernen. Windows neustarten und ein neues Log mit dem TDSS-Killer machen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.11.2011, 06:22   #14
TheresaN
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



oh..hatte ganz vergessen das log zu posten sorry wegen dem löschen, dachte bei beiden würde skip stehen und bin dann direkt auf continue und hab dann erst gesehen, dass eins gelöscht wurde...

20:59:36.0435 4248 TDSS rootkit removing tool 2.6.18.0 Nov 11 2011 15:47:15
20:59:36.0575 4248 ============================================================
20:59:36.0575 4248 Current date / time: 2011/11/12 20:59:36.0575
20:59:36.0575 4248 SystemInfo:
20:59:36.0575 4248
20:59:36.0575 4248 OS Version: 6.1.7600 ServicePack: 0.0
20:59:36.0575 4248 Product type: Workstation
20:59:36.0575 4248 ComputerName: THERESA-PC
20:59:36.0575 4248 UserName: Theresa
20:59:36.0575 4248 Windows directory: C:\Windows
20:59:36.0575 4248 System windows directory: C:\Windows
20:59:36.0575 4248 Running under WOW64
20:59:36.0575 4248 Processor architecture: Intel x64
20:59:36.0575 4248 Number of processors: 4
20:59:36.0575 4248 Page size: 0x1000
20:59:36.0575 4248 Boot type: Normal boot
20:59:36.0575 4248 ============================================================
20:59:37.0090 4248 Initialize success
21:00:23.0547 2784 ============================================================
21:00:23.0547 2784 Scan started
21:00:23.0547 2784 Mode: Manual; SigCheck; TDLFS;
21:00:23.0547 2784 ============================================================
21:00:25.0217 2784 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:00:25.0388 2784 1394ohci - ok
21:00:25.0497 2784 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:00:25.0544 2784 ACPI - ok
21:00:25.0575 2784 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:00:25.0669 2784 AcpiPmi - ok
21:00:25.0809 2784 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:00:25.0841 2784 adp94xx - ok
21:00:25.0887 2784 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:00:25.0903 2784 adpahci - ok
21:00:25.0934 2784 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:00:25.0950 2784 adpu320 - ok
21:00:26.0043 2784 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:00:26.0137 2784 AFD - ok
21:00:26.0199 2784 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:00:26.0231 2784 agp440 - ok
21:00:26.0262 2784 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:00:26.0277 2784 aliide - ok
21:00:26.0309 2784 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:00:26.0324 2784 amdide - ok
21:00:26.0340 2784 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:00:26.0371 2784 AmdK8 - ok
21:00:26.0387 2784 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:00:26.0465 2784 AmdPPM - ok
21:00:26.0511 2784 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:00:26.0527 2784 amdsata - ok
21:00:26.0558 2784 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:00:26.0574 2784 amdsbs - ok
21:00:26.0605 2784 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:00:26.0621 2784 amdxata - ok
21:00:26.0745 2784 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:00:26.0886 2784 AppID - ok
21:00:26.0964 2784 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:00:26.0979 2784 arc - ok
21:00:27.0011 2784 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:00:27.0042 2784 arcsas - ok
21:00:27.0182 2784 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:00:27.0291 2784 ASMMAP64 - ok
21:00:27.0307 2784 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:00:27.0510 2784 AsyncMac - ok
21:00:27.0541 2784 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:00:27.0557 2784 atapi - ok
21:00:27.0619 2784 athr (f8633cdd09647a64ee8db550630427ff) C:\Windows\system32\DRIVERS\athrx.sys
21:00:27.0697 2784 athr - ok
21:00:27.0853 2784 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
21:00:27.0869 2784 ATKWMIACPIIO - ok
21:00:28.0009 2784 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
21:00:28.0025 2784 avgntflt - ok
21:00:28.0056 2784 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
21:00:28.0087 2784 avipbb - ok
21:00:28.0087 2784 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:00:28.0103 2784 avkmgr - ok
21:00:28.0165 2784 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:00:28.0259 2784 b06bdrv - ok
21:00:28.0305 2784 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:00:28.0368 2784 b57nd60a - ok
21:00:28.0415 2784 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:00:28.0477 2784 Beep - ok
21:00:28.0539 2784 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:00:28.0602 2784 blbdrive - ok
21:00:28.0649 2784 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:00:28.0695 2784 bowser - ok
21:00:28.0727 2784 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:00:28.0773 2784 BrFiltLo - ok
21:00:28.0773 2784 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:00:28.0806 2784 BrFiltUp - ok
21:00:28.0852 2784 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:00:28.0921 2784 Brserid - ok
21:00:28.0936 2784 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:00:28.0983 2784 BrSerWdm - ok
21:00:28.0992 2784 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:00:29.0037 2784 BrUsbMdm - ok
21:00:29.0047 2784 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:00:29.0069 2784 BrUsbSer - ok
21:00:29.0130 2784 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:00:29.0199 2784 BthEnum - ok
21:00:29.0231 2784 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:00:29.0278 2784 BTHMODEM - ok
21:00:29.0278 2784 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:00:29.0322 2784 BthPan - ok
21:00:29.0382 2784 BTHPORT (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\System32\Drivers\BTHport.sys
21:00:29.0458 2784 BTHPORT - ok
21:00:29.0536 2784 BTHUSB (8504842634dd144c075b6b0c982ccec4) C:\Windows\System32\Drivers\BTHUSB.sys
21:00:29.0586 2784 BTHUSB - ok
21:00:29.0748 2784 catchme - ok
21:00:29.0843 2784 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:00:29.0922 2784 cdfs - ok
21:00:29.0969 2784 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:00:30.0000 2784 cdrom - ok
21:00:30.0078 2784 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:00:30.0140 2784 circlass - ok
21:00:30.0218 2784 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:00:30.0249 2784 CLFS - ok
21:00:30.0374 2784 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:00:30.0421 2784 CmBatt - ok
21:00:30.0437 2784 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:00:30.0452 2784 cmdide - ok
21:00:30.0499 2784 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:00:30.0546 2784 CNG - ok
21:00:30.0577 2784 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:00:30.0593 2784 Compbatt - ok
21:00:30.0608 2784 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:00:30.0655 2784 CompositeBus - ok
21:00:30.0702 2784 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:00:30.0717 2784 crcdisk - ok
21:00:30.0811 2784 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:00:30.0889 2784 DfsC - ok
21:00:30.0920 2784 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:00:30.0998 2784 discache - ok
21:00:31.0045 2784 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:00:31.0061 2784 Disk - ok
21:00:31.0092 2784 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:00:31.0139 2784 drmkaud - ok
21:00:31.0201 2784 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:00:31.0232 2784 DXGKrnl - ok
21:00:31.0341 2784 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:00:31.0482 2784 ebdrv - ok
21:00:31.0575 2784 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:00:31.0622 2784 elxstor - ok
21:00:31.0622 2784 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:00:31.0669 2784 ErrDev - ok
21:00:31.0716 2784 ETD (5b042aa9cebdab5b61e747ddcebff51b) C:\Windows\system32\DRIVERS\ETD.sys
21:00:31.0747 2784 ETD - ok
21:00:31.0794 2784 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:00:31.0856 2784 exfat - ok
21:00:31.0887 2784 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:00:31.0950 2784 fastfat - ok
21:00:31.0981 2784 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:00:32.0012 2784 fdc - ok
21:00:32.0043 2784 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:00:32.0059 2784 FileInfo - ok
21:00:32.0075 2784 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:00:32.0168 2784 Filetrace - ok
21:00:32.0199 2784 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:00:32.0231 2784 flpydisk - ok
21:00:32.0262 2784 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:00:32.0277 2784 FltMgr - ok
21:00:32.0293 2784 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:00:32.0309 2784 FsDepends - ok
21:00:32.0355 2784 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
21:00:32.0371 2784 fssfltr - ok
21:00:32.0418 2784 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:00:32.0449 2784 Fs_Rec - ok
21:00:32.0527 2784 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:00:32.0558 2784 fvevol - ok
21:00:32.0605 2784 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:00:32.0621 2784 gagp30kx - ok
21:00:32.0683 2784 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:00:32.0699 2784 GEARAspiWDM - ok
21:00:32.0761 2784 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:00:32.0808 2784 hcw85cir - ok
21:00:32.0839 2784 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:00:32.0901 2784 HdAudAddService - ok
21:00:32.0948 2784 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:00:33.0011 2784 HDAudBus - ok
21:00:33.0011 2784 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:00:33.0042 2784 HidBatt - ok
21:00:33.0058 2784 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:00:33.0073 2784 HidBth - ok
21:00:33.0104 2784 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:00:33.0151 2784 HidIr - ok
21:00:33.0198 2784 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:00:33.0214 2784 HidUsb - ok
21:00:33.0260 2784 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:00:33.0276 2784 HpSAMD - ok
21:00:33.0307 2784 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:00:33.0385 2784 HTTP - ok
21:00:33.0401 2784 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:00:33.0416 2784 hwpolicy - ok
21:00:33.0432 2784 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:00:33.0448 2784 i8042prt - ok
21:00:33.0494 2784 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys
21:00:33.0510 2784 iaStor - ok
21:00:33.0557 2784 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:00:33.0588 2784 iaStorV - ok
21:00:33.0869 2784 igfx (efe5a0af39a8e179624117c521f1e012) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:00:34.0259 2784 igfx - ok
21:00:34.0306 2784 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:00:34.0321 2784 iirsp - ok
21:00:34.0462 2784 IntcAzAudAddService (3e3926f4fa7c9162c5c3ec6bf1e4f349) C:\Windows\system32\drivers\RTKVHD64.sys
21:00:34.0571 2784 IntcAzAudAddService - ok
21:00:34.0633 2784 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:00:34.0680 2784 IntcDAud - ok
21:00:34.0711 2784 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:00:34.0711 2784 intelide - ok
21:00:34.0758 2784 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:00:34.0805 2784 intelppm - ok
21:00:34.0836 2784 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:00:34.0914 2784 IpFilterDriver - ok
21:00:34.0930 2784 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:00:34.0945 2784 IPMIDRV - ok
21:00:34.0961 2784 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:00:34.0992 2784 IPNAT - ok
21:00:35.0039 2784 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:00:35.0148 2784 IRENUM - ok
21:00:35.0148 2784 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:00:35.0164 2784 isapnp - ok
21:00:35.0195 2784 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:00:35.0210 2784 iScsiPrt - ok
21:00:35.0242 2784 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:00:35.0242 2784 kbdclass - ok
21:00:35.0257 2784 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:00:35.0304 2784 kbdhid - ok
21:00:35.0366 2784 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:00:35.0382 2784 kbfiltr - ok
21:00:35.0413 2784 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:00:35.0429 2784 KSecDD - ok
21:00:35.0460 2784 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:00:35.0460 2784 KSecPkg - ok
21:00:35.0491 2784 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:00:35.0554 2784 ksthunk - ok
21:00:35.0600 2784 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:00:35.0694 2784 lltdio - ok
21:00:35.0725 2784 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:00:35.0741 2784 LSI_FC - ok
21:00:35.0772 2784 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:00:35.0772 2784 LSI_SAS - ok
21:00:35.0803 2784 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:00:35.0803 2784 LSI_SAS2 - ok
21:00:35.0819 2784 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:00:35.0834 2784 LSI_SCSI - ok
21:00:35.0850 2784 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:00:35.0912 2784 luafv - ok
21:00:35.0990 2784 MBAMProtector (23a854450dab5c9b7a42ab9be6f2e4bd) C:\Windows\system32\drivers\mbam.sys
21:00:36.0022 2784 MBAMProtector - ok
21:00:36.0053 2784 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:00:36.0053 2784 megasas - ok
21:00:36.0084 2784 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:00:36.0100 2784 MegaSR - ok
21:00:36.0131 2784 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
21:00:36.0146 2784 MEIx64 - ok
21:00:36.0146 2784 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:00:36.0209 2784 Modem - ok
21:00:36.0256 2784 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:00:36.0287 2784 monitor - ok
21:00:36.0318 2784 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:00:36.0334 2784 mouclass - ok
21:00:36.0365 2784 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:00:36.0396 2784 mouhid - ok
21:00:36.0443 2784 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:00:36.0443 2784 mountmgr - ok
21:00:36.0458 2784 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:00:36.0474 2784 mpio - ok
21:00:36.0505 2784 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:00:36.0568 2784 mpsdrv - ok
21:00:36.0599 2784 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:00:36.0646 2784 MRxDAV - ok
21:00:36.0677 2784 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:00:36.0739 2784 mrxsmb - ok
21:00:36.0786 2784 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:00:36.0833 2784 mrxsmb10 - ok
21:00:36.0880 2784 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:00:36.0926 2784 mrxsmb20 - ok
21:00:36.0973 2784 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:00:36.0989 2784 msahci - ok
21:00:37.0020 2784 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:00:37.0036 2784 msdsm - ok
21:00:37.0067 2784 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:00:37.0114 2784 Msfs - ok
21:00:37.0160 2784 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:00:37.0238 2784 mshidkmdf - ok
21:00:37.0270 2784 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:00:37.0270 2784 msisadrv - ok
21:00:37.0316 2784 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:00:37.0363 2784 MSKSSRV - ok
21:00:37.0363 2784 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:00:37.0426 2784 MSPCLOCK - ok
21:00:37.0426 2784 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:00:37.0472 2784 MSPQM - ok
21:00:37.0519 2784 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:00:37.0550 2784 MsRPC - ok
21:00:37.0566 2784 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:00:37.0582 2784 mssmbios - ok
21:00:37.0582 2784 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:00:37.0628 2784 MSTEE - ok
21:00:37.0628 2784 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:00:37.0675 2784 MTConfig - ok
21:00:37.0691 2784 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:00:37.0706 2784 Mup - ok
21:00:37.0738 2784 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:00:37.0784 2784 NativeWifiP - ok
21:00:37.0847 2784 NDIS (a3151b3463eea7e47f618f115d0d142e) C:\Windows\system32\drivers\ndis.sys
21:00:37.0894 2784 NDIS - ok
21:00:37.0909 2784 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:00:37.0972 2784 NdisCap - ok
21:00:38.0003 2784 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:00:38.0065 2784 NdisTapi - ok
21:00:38.0096 2784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:00:38.0128 2784 Ndisuio - ok
21:00:38.0159 2784 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:00:38.0221 2784 NdisWan - ok
21:00:38.0268 2784 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:00:38.0346 2784 NDProxy - ok
21:00:38.0377 2784 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:00:38.0424 2784 NetBIOS - ok
21:00:38.0486 2784 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:00:38.0580 2784 NetBT - ok
21:00:38.0627 2784 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:00:38.0642 2784 nfrd960 - ok
21:00:38.0674 2784 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:00:38.0720 2784 Npfs - ok
21:00:38.0736 2784 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:00:38.0814 2784 nsiproxy - ok
21:00:38.0892 2784 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:00:38.0986 2784 Ntfs - ok
21:00:39.0001 2784 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:00:39.0064 2784 Null - ok
21:00:39.0391 2784 nvlddmkm (d5dea2c1865cab9ee6aa29cf9e79a2ce) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:00:39.0797 2784 nvlddmkm - ok
21:00:39.0828 2784 nvpciflt (5ef70f7714c664bcf50edfc141dea9b8) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:00:39.0828 2784 nvpciflt - ok
21:00:39.0859 2784 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:00:39.0875 2784 nvraid - ok
21:00:39.0906 2784 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:00:39.0906 2784 nvstor - ok
21:00:39.0984 2784 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:00:39.0984 2784 nv_agp - ok
21:00:40.0000 2784 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:00:40.0031 2784 ohci1394 - ok
21:00:40.0078 2784 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:00:40.0109 2784 Parport - ok
21:00:40.0140 2784 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:00:40.0156 2784 partmgr - ok
21:00:40.0187 2784 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:00:40.0202 2784 pci - ok
21:00:40.0218 2784 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:00:40.0234 2784 pciide - ok
21:00:40.0249 2784 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:00:40.0265 2784 pcmcia - ok
21:00:40.0296 2784 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:00:40.0296 2784 pcw - ok
21:00:40.0327 2784 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:00:40.0390 2784 PEAUTH - ok
21:00:40.0468 2784 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:00:40.0561 2784 PptpMiniport - ok
21:00:40.0577 2784 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:00:40.0624 2784 Processor - ok
21:00:40.0655 2784 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:00:40.0702 2784 Psched - ok
21:00:40.0780 2784 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:00:40.0873 2784 ql2300 - ok
21:00:40.0873 2784 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:00:40.0889 2784 ql40xx - ok
21:00:40.0904 2784 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:00:40.0982 2784 QWAVEdrv - ok
21:00:41.0014 2784 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:00:41.0060 2784 RasAcd - ok
21:00:41.0107 2784 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:00:41.0201 2784 RasAgileVpn - ok
21:00:41.0232 2784 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:00:41.0263 2784 Rasl2tp - ok
21:00:41.0294 2784 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:00:41.0372 2784 RasPppoe - ok
21:00:41.0388 2784 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:00:41.0482 2784 RasSstp - ok
21:00:41.0513 2784 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:00:41.0544 2784 rdbss - ok
21:00:41.0560 2784 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:00:41.0606 2784 rdpbus - ok
21:00:41.0638 2784 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:00:41.0716 2784 RDPCDD - ok
21:00:41.0747 2784 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:00:41.0809 2784 RDPENCDD - ok
21:00:41.0840 2784 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:00:41.0918 2784 RDPREFMP - ok
21:00:41.0934 2784 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:00:41.0981 2784 RDPWD - ok
21:00:42.0012 2784 rdyboost (e5dc9ba9e439d6dbdd79f8caacb5bf01) C:\Windows\system32\drivers\rdyboost.sys
21:00:42.0028 2784 rdyboost - ok
21:00:42.0090 2784 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:00:42.0121 2784 RFCOMM - ok
21:00:42.0152 2784 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:00:42.0230 2784 rspndr - ok
21:00:42.0293 2784 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys
21:00:42.0308 2784 RSUSBVSTOR - ok
21:00:42.0340 2784 RTL8167 (6d3c7e7d82d3dc92dc2a8b0df9f20f8a) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:00:42.0355 2784 RTL8167 - ok
21:00:42.0386 2784 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:00:42.0402 2784 sbp2port - ok
21:00:42.0449 2784 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:00:42.0542 2784 scfilter - ok
21:00:42.0574 2784 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:00:42.0667 2784 secdrv - ok
21:00:42.0714 2784 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:00:42.0745 2784 Serenum - ok
21:00:42.0776 2784 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:00:42.0808 2784 Serial - ok
21:00:42.0823 2784 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:00:42.0839 2784 sermouse - ok
21:00:42.0854 2784 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:00:42.0886 2784 sffdisk - ok
21:00:42.0901 2784 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:00:42.0932 2784 sffp_mmc - ok
21:00:42.0948 2784 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:00:42.0964 2784 sffp_sd - ok
21:00:42.0964 2784 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:00:42.0979 2784 sfloppy - ok
21:00:43.0073 2784 Sftfs (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:00:43.0120 2784 Sftfs - ok
21:00:43.0182 2784 Sftplay (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:00:43.0213 2784 Sftplay - ok
21:00:43.0229 2784 Sftredir (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:00:43.0244 2784 Sftredir - ok
21:00:43.0260 2784 Sftvol (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:00:43.0260 2784 Sftvol - ok
21:00:43.0307 2784 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys
21:00:43.0322 2784 SiSGbeLH - ok
21:00:43.0354 2784 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:00:43.0369 2784 SiSRaid2 - ok
21:00:43.0385 2784 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:00:43.0400 2784 SiSRaid4 - ok
21:00:43.0416 2784 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:00:43.0478 2784 Smb - ok
21:00:43.0510 2784 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:00:43.0525 2784 spldr - ok
21:00:43.0556 2784 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:00:43.0619 2784 srv - ok
21:00:43.0650 2784 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:00:43.0697 2784 srv2 - ok
21:00:43.0744 2784 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:00:43.0775 2784 srvnet - ok
21:00:43.0837 2784 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:00:43.0853 2784 stexstor - ok
21:00:43.0915 2784 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:00:43.0946 2784 StillCam - ok
21:00:43.0978 2784 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:00:43.0993 2784 swenum - ok
21:00:44.0102 2784 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:00:44.0212 2784 Tcpip - ok
21:00:44.0258 2784 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:00:44.0290 2784 TCPIP6 - ok
21:00:44.0321 2784 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:00:44.0368 2784 tcpipreg - ok
21:00:44.0399 2784 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:00:44.0461 2784 TDPIPE - ok
21:00:44.0477 2784 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:00:44.0508 2784 TDTCP - ok
21:00:44.0539 2784 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:00:44.0602 2784 tdx - ok
21:00:44.0633 2784 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:00:44.0633 2784 TermDD - ok
21:00:44.0664 2784 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:00:44.0726 2784 tssecsrv - ok
21:00:44.0773 2784 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:00:44.0820 2784 tunnel - ok
21:00:44.0851 2784 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:00:44.0867 2784 uagp35 - ok
21:00:44.0867 2784 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:00:44.0929 2784 udfs - ok
21:00:44.0960 2784 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:00:44.0992 2784 uliagpkx - ok
21:00:45.0007 2784 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:00:45.0054 2784 umbus - ok
21:00:45.0054 2784 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:00:45.0085 2784 UmPass - ok
21:00:45.0132 2784 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\Windows\system32\DRIVERS\usbccgp.sys
21:00:45.0194 2784 usbccgp - ok
21:00:45.0226 2784 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:00:45.0257 2784 usbcir - ok
21:00:45.0288 2784 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\Windows\system32\drivers\usbehci.sys
21:00:45.0335 2784 usbehci - ok
21:00:45.0366 2784 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\Windows\system32\DRIVERS\usbhub.sys
21:00:45.0413 2784 usbhub - ok
21:00:45.0460 2784 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\Windows\system32\drivers\usbohci.sys
21:00:45.0506 2784 usbohci - ok
21:00:45.0538 2784 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:00:45.0584 2784 usbprint - ok
21:00:45.0616 2784 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:00:45.0694 2784 USBSTOR - ok
21:00:45.0725 2784 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\Windows\system32\drivers\usbuhci.sys
21:00:45.0772 2784 usbuhci - ok
21:00:45.0803 2784 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\system32\Drivers\usbvideo.sys
21:00:45.0865 2784 usbvideo - ok
21:00:45.0896 2784 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:00:45.0912 2784 vdrvroot - ok
21:00:45.0943 2784 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:00:45.0959 2784 vga - ok
21:00:45.0990 2784 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:00:46.0052 2784 VgaSave - ok
21:00:46.0052 2784 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:00:46.0068 2784 vhdmp - ok
21:00:46.0084 2784 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:00:46.0084 2784 viaide - ok
21:00:46.0115 2784 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:00:46.0130 2784 volmgr - ok
21:00:46.0146 2784 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:00:46.0162 2784 volmgrx - ok
21:00:46.0193 2784 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:00:46.0208 2784 volsnap - ok
21:00:46.0255 2784 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:00:46.0271 2784 vsmraid - ok
21:00:46.0286 2784 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:00:46.0318 2784 vwifibus - ok
21:00:46.0349 2784 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:00:46.0380 2784 vwififlt - ok
21:00:46.0442 2784 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:00:46.0489 2784 WacomPen - ok
21:00:46.0520 2784 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:46.0583 2784 WANARP - ok
21:00:46.0598 2784 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:00:46.0630 2784 Wanarpv6 - ok
21:00:46.0692 2784 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:00:46.0692 2784 Wd - ok
21:00:46.0723 2784 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:00:46.0754 2784 Wdf01000 - ok
21:00:46.0786 2784 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:00:46.0832 2784 WfpLwf - ok
21:00:46.0895 2784 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:00:46.0910 2784 WimFltr - ok
21:00:46.0942 2784 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:00:46.0957 2784 WIMMount - ok
21:00:47.0020 2784 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:00:47.0051 2784 WmiAcpi - ok
21:00:47.0098 2784 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:00:47.0144 2784 ws2ifsl - ok
21:00:47.0176 2784 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:00:47.0254 2784 WudfPf - ok
21:00:47.0269 2784 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:00:47.0316 2784 WUDFRd - ok
21:00:47.0363 2784 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:00:47.0456 2784 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:00:47.0456 2784 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:00:47.0472 2784 Boot (0x1200) (36f051b353f0e2e5b500817ef97c9750) \Device\Harddisk0\DR0\Partition0
21:00:47.0472 2784 \Device\Harddisk0\DR0\Partition0 - ok
21:00:47.0488 2784 Boot (0x1200) (8558885ac146a853f9aa57c214e29368) \Device\Harddisk0\DR0\Partition1
21:00:47.0488 2784 \Device\Harddisk0\DR0\Partition1 - ok
21:00:47.0488 2784 ============================================================
21:00:47.0488 2784 Scan finished
21:00:47.0488 2784 ============================================================
21:00:47.0534 5288 Detected object count: 1
21:00:47.0534 5288 Actual detected object count: 1
21:01:57.0993 5288 \Device\Harddisk0\DR0\TDLFS - deleted
21:01:57.0993 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

Alt 15.11.2011, 09:31   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Standard

system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt



Zitat:
21:01:57.0993 5288 \Device\Harddisk0\DR0\TDLFS - deleted
21:01:57.0993 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
Ok, ist nun gelöscht. Mach bitte ein neues Log mit dem TDSS-Killer und poste es.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt
alternate, antivir, avira, bho, bonjour, browser, c:\windows\system32\rundll32.exe, computer, computern, converter, desktop, entfernen, error, festplatte, firefox, focus, google, helper, home, logfile, mp3, nodrives, nvpciflt.sys, plug-in, programm, realtek, registry, safer networking, scan, software, studio, system, version=2.0, virus, windows, zeon/pdf



Ähnliche Themen: system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt


  1. Windows 7: Dateien und Ordner sind halb versteckt
    Log-Analyse und Auswertung - 08.09.2015 (22)
  2. USB Virus - vsb Datei auf Stick entdeckt, alle Dateien schreibgeschützt und versteckt
    Plagegeister aller Art und deren Bekämpfung - 18.03.2015 (14)
  3. Auf USB Stick nur noch Verknüpfungen (Dateien sind versteckt)
    Log-Analyse und Auswertung - 27.02.2014 (19)
  4. Alle Dateien versteckt nach Befall mit S.M.A.R.T Verschlüsselungstrojaner
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (50)
  5. Dateien und Programme versteckt
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (1)
  6. In allen Laufwerken und alle Ordner sind geblockt - Verschlüsselt (Locked)
    Log-Analyse und Auswertung - 03.05.2012 (1)
  7. Smart HDD Virus hat alle Dateien und Programme versteckt
    Plagegeister aller Art und deren Bekämpfung - 25.04.2012 (1)
  8. System Check Virus - Versteckte Dateien bleiben versteckt
    Log-Analyse und Auswertung - 17.02.2012 (1)
  9. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt/Schreibgesch
    Plagegeister aller Art und deren Bekämpfung - 10.01.2012 (38)
  10. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt (Vista)
    Plagegeister aller Art und deren Bekämpfung - 07.01.2012 (1)
  11. Nach Virus/Trojaner-Befall sind alle WORD-Dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 28.11.2011 (10)
  12. Virus/Trojaner - kopierte Dateien auf USB-Stick sind nur Verknüpfungen, bzw Versteckt/Schreibgesch.
    Plagegeister aller Art und deren Bekämpfung - 16.11.2011 (13)
  13. Virus/Trojaner hat alle Dateien versteckt
    Log-Analyse und Auswertung - 24.10.2011 (1)
  14. MS Removal Tool / Virus - meine Dateien sind "versteckt" !
    Log-Analyse und Auswertung - 16.04.2011 (8)
  15. Virus auf dem PC, alle Programme sind weg, was nu?
    Plagegeister aller Art und deren Bekämpfung - 23.02.2007 (2)
  16. Im leeren Papierkorb sind Dateien versteckt.
    Alles rund um Windows - 15.08.2006 (5)
  17. AW: Im leeren Papierkorb sind Dateien versteckt.
    Mülltonne - 14.08.2006 (0)

Zum Thema system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt - Hey, erst einmal muss ich sagen, dass ich nicht wirklich viel Ahnung von Computern habe und werde aber versuchen alle Anweisungen zu verstehen und blöde Fragen zu vermeiden. Also seit - system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt...
Archiv
Du betrachtest: system restore virus verursacht Abstürze und alle mein Dateien & Programme sind geblockt/versteckt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.