Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.01.2012, 01:07   #1
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Servus und danke vorab für Eure arbeit hier!

Heute komme ich leider nicht mehr alleine weiter, ein Freund von mir hat sich was eingefangen, womit ich auch nicht weiter weis.
1. Seine Systemsteuerung ist im Startmenü weg, bzw. läßt sich auch nicht durch diverse Befehle oder Startmenü anpassen aufrufen. Meldung in etwa "Sie haben keine Berechtigung, wenden Sie sich an den Admin, welches er aber ist!
2. Windows schreit nach den updates, willst Du es ausführen, Meldung siehe oben, keine Berechtigung!
Meine Vermutung lag bei einem Trojaner/Rootkit, er hat mittlerweile eset als Internetsecurity-Programm laufen, welches auch einiges entfernt hat, aber nicht alles.
Habe heute mal (war nix anderes zur Hand), die Notfall-CD con CB gestartet und dort das Virenprogramm drüber laufen lassen, mit folgendem Ergebniss, das wohl ein Rootkit und div. andere Trojaner auf dem PC sind.
Leider keine LOG-Datei aber ein Bildschirmfoto gemacht und unten angehängt.

Nun habe ich vorher gegooglet etc. und sehe das ich die iastor.sys wohl nicht so einfach löschen darf, diese aber nunmal betroffen ist. Jetzt bin ich mit meinem Latein am Ende und hoffe es kann mir / meinem Freund hier jemand weiterhelfen. Vorab schonmal VIELEN DANK!
Angehängte Grafiken
Dateityp: jpg Bildschirmfoto.jpg (44,4 KB, 421x aufgerufen)
__________________
Don´t Panic!

Alt 06.01.2012, 23:48   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Und wie bitte soll man den text auf diesem Screenshot erkennen?
Warum kann man Text nicht einfach als Text transportieren via Copy&Paste?
__________________

__________________

Alt 07.01.2012, 14:35   #3
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Servus,
Sorry bei mir auf dem PC lies sich das Bild so vergrößern das man es lesen konnte. Habe leider nur den Screenshot gemacht und vergessen die Textpassage zu kopieren bevor ich neu gestartet habe. Mea Culpa!
Ich fahr gleich nochmal hin und mach die ersten Schritte wie hier beschrieben mit defogger etc. Und poste es dann hier OK?! Und bringe den Text vom Screenshot auch noch zum lesen!
__________________
__________________

Alt 07.01.2012, 16:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Den Text kann man doch markieren und kopieren! Einfach hier dann in den Beitrag einfügen!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.01.2012, 16:59   #5
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Hallo,

so habe eben defogger und OTL durchlaufen lassen. Hier die Log von OTL:
Code:
ATTFilter
OTL logfile created on: 1/7/2012 4:25:48 PM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eltern\Desktop\TrojanTools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.70 Gb Available Physical Memory | 67.62% Memory free
8.00 Gb Paging File | 6.50 Gb Available in Paging File | 81.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 606.84 Gb Total Space | 523.98 Gb Free Space | 86.35% Space Free | Partition Type: NTFS
Drive D: | 13.29 Gb Total Space | 1.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive F: | 78.40 Gb Total Space | 78.31 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 38.43 Gb Free Space | 39.35% Space Free | Partition Type: NTFS
Drive H: | 135.22 Gb Total Space | 123.11 Gb Free Space | 91.04% Space Free | Partition Type: NTFS
 
Computer Name: ELTERN-HP | User Name: Eltern | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/06 22:16:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eltern\Desktop\TrojanTools\OTL.exe
PRC - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/12/19 09:06:53 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/14 00:15:34 | 002,559,888 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\ccsync.exe
PRC - [2009/07/14 00:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/19 09:06:53 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2010/12/06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 01:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 01:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/23 15:51:35 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/01/23 15:51:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/01/23 15:51:28 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/01/23 15:51:24 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/09/21 12:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG                         ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/11/08 21:25:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/06/10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110608
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb49f690e-aa79-4055-9f1c-f067e5ad9520%7D&mid=8efc22c0075147d1b29da138fa8b9963-1d1dc49f60bf337cd3b057ffe75c21b824a1b47b&ds=tt015&v=8.0.0.40&lang=de&pr=sa&d=2011-11-17%2020%3A28%3A44&sap=ku&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Eltern\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 16:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 10:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/20 19:46:54 | 000,000,000 | ---D | M]
 
[2010/10/29 16:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Extensions
[2012/01/07 16:24:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions
[2011/07/30 12:22:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/23 13:08:55 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\2020Player@2020Technologies.com
[2012/01/07 16:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ELTERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YHHRYH7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 16:23:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/06 08:22:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/19 09:06:53 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/06 08:22:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/06 08:22:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/06 08:22:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/06 08:22:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/06 08:22:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 17:03:21 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFADFBD-564F-4624-8BBE-034BB1748FF2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DT ACR - hkey= - key= - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: NapsterShell - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/07 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Eltern\Desktop\TrojanTools
[2012/01/02 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/19 09:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/10 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/10 12:56:58 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/12/10 12:56:57 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/07 16:29:21 | 000,859,940 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err
[2012/01/07 16:24:29 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 16:24:29 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/07 16:22:37 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/07 16:22:37 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/07 16:22:37 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/07 16:22:37 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/07 16:22:37 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/07 16:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Eltern\defogger_reenable
[2012/01/07 16:16:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/07 16:16:56 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 18:42:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001UA.job
[2012/01/04 20:28:13 | 000,000,680 | RHS- | M] () -- C:\Users\Eltern\ntuser.pol
[2012/01/03 12:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001Core.job
[2011/12/27 16:51:07 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEltern.job
[2011/12/20 19:37:40 | 003,775,065 | ---- | M] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf
[2011/12/14 12:23:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/12/14 12:23:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/12/14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/12/14 11:51:30 | 000,687,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/11 13:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
 
========== Files Created - No Company Name ==========
 
[2012/01/07 16:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Eltern\defogger_reenable
[2011/12/20 19:37:40 | 003,775,065 | ---- | C] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf
[2011/08/10 18:29:52 | 000,002,528 | ---- | C] () -- C:\Users\Eltern\AppData\Roaming\$_hpcst$.hpc
[2011/04/29 18:27:03 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2011/04/29 18:27:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2011/02/18 15:09:55 | 000,000,142 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2011/02/18 15:09:55 | 000,000,123 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2011/02/18 15:09:49 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2011/02/02 19:18:54 | 000,005,632 | ---- | C] () -- C:\Users\Eltern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 14:32:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2010/12/26 14:48:22 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/22 19:50:23 | 000,000,022 | ---- | C] () -- C:\Windows\emgtech.ini
[2010/12/22 19:45:59 | 000,381,952 | ---- | C] () -- C:\Windows\c4dll.dll
[2010/12/22 19:45:59 | 000,002,430 | ---- | C] () -- C:\Windows\Xfiler32.ini
[2010/12/22 19:45:59 | 000,000,069 | ---- | C] () -- C:\Windows\Avintray.ini
[2010/12/17 09:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI
[2010/12/17 09:44:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2010/10/31 18:17:41 | 000,003,315 | ---- | C] () -- C:\Windows\uninstall_sca1.ini
[2010/10/31 18:13:03 | 000,000,485 | ---- | C] () -- C:\Windows\uninstall_USAirports.ini
[2010/10/29 17:15:13 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat
[2010/10/29 17:15:13 | 000,059,681 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat
[2010/10/29 17:15:13 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat
[2010/10/29 17:15:07 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys
[2010/10/29 17:15:07 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2010/10/29 17:15:07 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat
[2010/10/29 17:15:06 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2010/10/29 16:42:46 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/29 15:02:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/09 18:28:12 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/09 18:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/10/09 17:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5
[2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis
[2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo
[2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint
[2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune
[2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft
[2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular
[2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames
[2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron
[2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn
[2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView
[2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst
[2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung
[2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client
[2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer
[2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP
[2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software
[2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent
[2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch
[2011/11/14 19:01:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011/02/02 19:19:36 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011/01/23 22:31:58 | 000,000,000 | ---D | M] -- C:\7d0688f19e5bdf2f042bb70a7d5b
[2010/10/30 16:34:00 | 000,000,000 | ---D | M] -- C:\AdobePhotoIso
[2011/04/29 18:33:00 | 000,000,000 | ---D | M] -- C:\Auerswald
[2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011/08/03 16:45:53 | 000,000,000 | ---D | M] -- C:\Download
[2010/11/27 14:51:58 | 000,000,000 | RHSD | M] -- C:\hp
[2010/11/26 19:26:34 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011/05/24 18:17:18 | 000,000,000 | ---D | M] -- C:\PaperCom32
[2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011/12/20 19:46:47 | 000,000,000 | R--D | M] -- C:\Program Files
[2012/01/02 10:52:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012/01/02 10:52:39 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009/07/24 19:32:39 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011/01/22 14:11:42 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2011/01/30 14:56:29 | 000,000,000 | ---D | M] -- C:\swsetup
[2011/07/24 16:36:54 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010/10/29 15:10:44 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV
[2011/07/29 11:00:11 | 000,000,000 | ---D | M] -- C:\TEMP
[2010/11/02 19:50:11 | 000,000,000 | ---D | M] -- C:\Unsere Daten
[2010/10/29 20:41:04 | 000,000,000 | R--D | M] -- C:\Users
[2010/10/31 19:45:19 | 000,000,000 | ---D | M] -- C:\VistaMare
[2011/06/05 14:49:37 | 000,000,000 | ---D | M] -- C:\VueScan
[2012/01/02 11:48:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011/04/25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009/07/14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010/11/20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011/04/25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011/04/25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011/04/25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2010/10/09 18:16:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/10/09 18:19:02 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/10/09 18:16:40 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe
[2010/10/09 18:14:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/10/09 18:19:02 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/10/09 18:14:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/10/09 18:19:02 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/10/09 18:14:39 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/10/09 18:19:02 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/10/09 18:16:40 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/10/09 18:14:39 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
[2010/10/09 18:16:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009/07/14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009/07/14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >
         
In der 7z Datei befindet sich der extra.txt von otl sowie die log von defogger und der Log von dem ursprünglichen Scan der Notfall-CD! Hierzu sei noch gesagt das /media/sdb1 die 2.Festplatte mit Windows XP ist welches als 2. System hier noch auf dem PC ist für Games die nicht unter Windows7 laufen! Falls ich diese Scans unter WinXP nochmal machen soll, sagt Bescheid! Danke vorab!

__________________
Don´t Panic!

Alt 07.01.2012, 17:06   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________
--> Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert

Alt 07.01.2012, 18:53   #7
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Hallo hier schon mal der Log von Malwarebytes:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Eltern :: ELTERN-HP [Administrator]

Schutz: Aktiviert

07.01.2012 17:16:16
mbam-log-2012-01-07 (17-16-16).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 606527
Laufzeit: 1 Stunde(n), 22 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Policies\Microsoft\Windows\System|DisableCMD (PUM.Hijack.CMDPrompt) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore|DisableConfig (Windows.Tool.Disabled) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
G:\Dokumente und Einstellungen\Holger\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für olba.zip\lebor_lc_cst\CoastlineLandclassFS2004.exe (Adware.Onlinegames) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
eset läuft jetzt als nächstes!
__________________
Don´t Panic!

Alt 07.01.2012, 21:03   #8
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Hier jetzt der Log von eset:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c429b184af129e4d8589ac507fe0f7d6
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-07 06:33:37
# local_time=2012-01-07 07:33:37 (+0100, Mitteleurop�ische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=768 16777215 100 0 32315086 32315086 0 0
# compatibility_mode=5893 16776573 100 94 4307 77589582 0 0
# compatibility_mode=8204 39157181 100 74 6621 9270496 0 0
# scanned=129854
# found=0
# cleaned=0
# scan_time=1506
# nod_component=V3 Build:0x30000000
         
Hoffe jetzt alles da was Ihr braucht! Danke!
__________________
Don´t Panic!

Alt 07.01.2012, 21:06   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 11:59   #10
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Hallo Arne,

hier der OTL Log:
Code:
ATTFilter
OTL logfile created on: 1/8/2012 11:41:38 AM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Eltern\Desktop\TrojanTools
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.65 Gb Available Physical Memory | 66.17% Memory free
8.00 Gb Paging File | 6.48 Gb Available in Paging File | 81.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 606.84 Gb Total Space | 523.89 Gb Free Space | 86.33% Space Free | Partition Type: NTFS
Drive D: | 13.29 Gb Total Space | 1.63 Gb Free Space | 12.29% Space Free | Partition Type: NTFS
Drive F: | 78.40 Gb Total Space | 78.31 Gb Free Space | 99.88% Space Free | Partition Type: NTFS
Drive G: | 97.65 Gb Total Space | 38.43 Gb Free Space | 39.35% Space Free | Partition Type: NTFS
Drive H: | 135.22 Gb Total Space | 134.75 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
 
Computer Name: ELTERN-HP | User Name: Eltern | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/06 22:16:10 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Eltern\Desktop\TrojanTools\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010/12/06 06:55:34 | 000,391,240 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010/12/06 06:55:02 | 005,578,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2010/11/16 04:33:40 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2010/04/23 20:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
PRC - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2009/07/14 00:15:34 | 002,250,640 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010/12/06 06:54:46 | 011,187,168 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/05/17 14:03:54 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/03/05 01:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 01:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM))
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/19 09:06:54 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011/12/14 12:23:34 | 002,123,584 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/23 15:51:34 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/12/06 06:55:50 | 001,112,744 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010/09/30 22:44:46 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/09/06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010/08/25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/08/24 16:17:34 | 000,114,688 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe -- (Asset Management Daemon)
SRV - [2009/08/24 16:14:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2009/07/15 13:43:46 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/09 14:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/23 15:51:35 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011/01/23 15:51:31 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273)
DRV:64bit: - [2011/01/23 15:51:28 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011/01/23 15:51:24 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/05/17 14:35:30 | 006,853,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/17 13:30:28 | 000,263,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/04/27 03:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010/04/27 03:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010/04/27 03:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010/04/08 00:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/03/04 12:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/09/21 12:24:58 | 000,206,896 | ---- | M] (Auerswald GmbH & Co.KG                         ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\auusb.sys -- (auusb)
DRV:64bit: - [2009/07/15 13:43:30 | 000,020,592 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PdiPorts.sys -- (PdiPorts)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/11/08 21:25:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/06/14 08:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010/06/10 12:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\sysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Download
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.gmx.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:4.5.4.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1203
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.4
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20110608
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7Bb49f690e-aa79-4055-9f1c-f067e5ad9520%7D&mid=8efc22c0075147d1b29da138fa8b9963-1d1dc49f60bf337cd3b057ffe75c21b824a1b47b&ds=tt015&v=8.0.0.40&lang=de&pr=sa&d=2011-11-17%2020%3A28%3A44&sap=ku&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\Eltern\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Eltern\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/07 16:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/19 10:40:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011/12/20 19:46:54 | 000,000,000 | ---D | M]
 
[2010/10/29 16:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Extensions
[2012/01/07 18:45:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions
[2011/07/30 12:22:39 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/01/23 13:08:55 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Eltern\AppData\Roaming\mozilla\Firefox\Profiles\3yhhryh7.default\extensions\2020Player@2020Technologies.com
[2012/01/07 16:23:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
() (No name found) -- C:\USERS\ELTERN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3YHHRYH7.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/01/07 16:23:39 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/06 08:22:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/12/19 09:06:53 | 000,003,768 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/06 08:22:35 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/06 08:22:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/06 08:22:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/06 08:22:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/06 08:22:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 17:03:21 | 000,001,298 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_07)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CFADFBD-564F-4624-8BBE-034BB1748FF2}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\aquacade-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled3-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweledtwist-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bejeweled-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\big kahuna reef 2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\big kahuna reef-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\bookwormadventures-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\chuzzle deluxe-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\deathonthenile-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\diner dash 2 restaurant rescue-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\drivegreen1-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dthtml.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\fate-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gameconsole-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\gemshop-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\hptcs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\insaniquarium-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewel of atlantis-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewelquest2-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jewelquestwt_ger-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\jqsolitaire-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lightscribecontrolpanel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\lslauncher.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\maze-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nobuclient.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\npsguide.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onplay.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\pdfvista.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\peggle-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\penguins-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\plants vs. zombies-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\polar-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\provider.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\slingo-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\smartmenu.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\trijinx-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\virtual villagers - the secret city-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\wedding dash-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winap-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\zumasrevenge-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\zuma-wt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: AutoStartNPSAgent - hkey= - key= - C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DT ACR - hkey= - key= - C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe ()
MsConfig:64bit - StartUpReg: Easybits Recovery - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Eltern\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig:64bit - StartUpReg: NapsterShell - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Norton Online Backup - hkey= - key= - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
MsConfig:64bit - StartUpReg: PDF Complete - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: PivotSoftware - hkey= - key= - C:\Program Files (x86)\Portrait Displays\Pivot Software\wpctrl.exe ()
MsConfig:64bit - StartUpReg: vProt - hkey= - key= - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: ksupmgr - C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/07 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/07 17:11:34 | 000,000,000 | ---D | C] -- C:\Users\Eltern\AppData\Roaming\Malwarebytes
[2012/01/07 17:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/07 17:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/07 17:11:27 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/07 17:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/01/07 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Eltern\Desktop\TrojanTools
[2012/01/02 11:48:08 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2011/12/20 19:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/19 09:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2011/12/10 12:57:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2011/12/10 12:56:58 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/12/10 12:56:57 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/08 11:43:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 11:43:13 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/08 11:42:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001UA.job
[2012/01/08 11:40:27 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/08 11:40:27 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/08 11:40:27 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/08 11:40:27 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/08 11:40:27 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 11:36:17 | 000,964,753 | ---- | M] () -- C:\Windows\SysWow64\ccsync.err
[2012/01/08 11:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/08 11:35:39 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/07 18:54:42 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForEltern.job
[2012/01/07 17:11:30 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/07 16:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Eltern\defogger_reenable
[2012/01/04 20:28:13 | 000,000,680 | RHS- | M] () -- C:\Users\Eltern\ntuser.pol
[2012/01/03 12:42:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2804660517-4218686042-1560667919-1001Core.job
[2011/12/20 19:37:40 | 003,775,065 | ---- | M] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf
[2011/12/14 12:23:40 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011/12/14 12:23:22 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011/12/14 12:23:22 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011/12/14 12:23:22 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011/12/14 12:23:22 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011/12/14 11:51:30 | 000,687,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/11 13:28:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012/01/07 17:11:30 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/07 16:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Eltern\defogger_reenable
[2011/12/20 19:37:40 | 003,775,065 | ---- | C] () -- C:\Users\Eltern\Documents\eset_eav_5_userguide_deu.pdf
[2011/08/10 18:29:52 | 000,002,528 | ---- | C] () -- C:\Users\Eltern\AppData\Roaming\$_hpcst$.hpc
[2011/04/29 18:27:03 | 000,315,444 | ---- | C] () -- C:\Windows\SysWow64\isdnapi32.dll
[2011/04/29 18:27:03 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\AuerCapiJNINative.dll
[2011/02/18 15:09:55 | 000,000,142 | -H-- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2011/02/18 15:09:55 | 000,000,123 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2011/02/18 15:09:49 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2011/02/02 19:18:54 | 000,005,632 | ---- | C] () -- C:\Users\Eltern\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/08 14:32:15 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2010/12/26 14:48:22 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\Machnm32.sys
[2010/12/22 19:50:23 | 000,000,022 | ---- | C] () -- C:\Windows\emgtech.ini
[2010/12/22 19:45:59 | 000,381,952 | ---- | C] () -- C:\Windows\c4dll.dll
[2010/12/22 19:45:59 | 000,002,430 | ---- | C] () -- C:\Windows\Xfiler32.ini
[2010/12/22 19:45:59 | 000,000,069 | ---- | C] () -- C:\Windows\Avintray.ini
[2010/12/17 09:51:31 | 000,000,000 | ---- | C] () -- C:\Windows\Bootus.INI
[2010/12/17 09:44:07 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2010/10/31 18:17:41 | 000,003,315 | ---- | C] () -- C:\Windows\uninstall_sca1.ini
[2010/10/31 18:13:03 | 000,000,485 | ---- | C] () -- C:\Windows\uninstall_USAirports.ini
[2010/10/29 17:15:13 | 007,035,645 | ---- | C] () -- C:\Windows\SysWow64\httpsurl.dat
[2010/10/29 17:15:13 | 000,059,681 | ---- | C] () -- C:\Windows\SysWow64\httpuurl.dat
[2010/10/29 17:15:13 | 000,001,548 | ---- | C] () -- C:\Windows\SysWow64\nogoapp.dat
[2010/10/29 17:15:07 | 000,041,912 | ---- | C] () -- C:\Windows\SysWow64\drivers\ccinj64.sys
[2010/10/29 17:15:07 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2010/10/29 17:15:07 | 000,000,063 | ---- | C] () -- C:\Windows\SysWow64\ccwt64.dat
[2010/10/29 17:15:06 | 000,000,600 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2010/10/29 16:42:46 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/29 15:02:54 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/10/09 18:28:12 | 000,002,137 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010/10/09 18:04:07 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/10/09 17:31:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007/10/25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
 
========== LOP Check ==========
 
[2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5
[2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis
[2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo
[2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint
[2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune
[2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft
[2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular
[2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames
[2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron
[2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn
[2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView
[2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst
[2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung
[2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client
[2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer
[2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP
[2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software
[2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent
[2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch
[2011/11/14 19:01:58 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/01/23 15:51:35 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\173DD3F0-B91F-44D2-90B9-D8A6BD2B4ED5
[2011/01/14 23:45:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Acronis
[2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Adobe
[2011/09/16 19:59:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Ashampoo
[2010/10/29 15:12:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ATI
[2010/11/07 20:42:22 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CD-LabelPrint
[2011/08/21 17:20:10 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/07/22 11:20:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\CyberLink
[2010/12/26 14:50:59 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DisplayTune
[2011/07/30 12:22:46 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoft
[2011/07/30 12:22:39 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/30 15:06:14 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\elsterformular
[2011/08/13 12:03:28 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\FloodLightGames
[2011/08/05 19:24:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\funkitron
[2011/01/30 14:48:56 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Hewlett-Packard
[2012/01/07 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\HP Support Assistant
[2011/01/30 15:03:09 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\hpqLog
[2012/01/07 16:30:26 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\HpUpdate
[2010/10/29 15:10:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Identities
[2011/06/13 19:07:08 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\ImgBurn
[2010/11/02 19:43:50 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\IrfanView
[2010/10/29 16:50:55 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Macromedia
[2012/01/07 17:11:34 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Media Center Programs
[2011/08/21 17:09:28 | 000,000,000 | --SD | M] -- C:\Users\Eltern\AppData\Roaming\Microsoft
[2010/10/29 16:18:43 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Mozilla
[2011/08/11 16:14:18 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PlayFirst
[2010/10/30 16:39:55 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\PSpad
[2010/12/22 20:23:47 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Roxio
[2011/08/10 20:05:20 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Samsung
[2012/01/05 15:06:40 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\SoftGrid Client
[2011/11/20 16:57:25 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\Software Informer
[2010/10/29 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TP
[2012/01/02 10:55:13 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\TuneUp Software
[2011/07/30 12:37:53 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\vlc
[2011/08/02 10:32:52 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WildTangent
[2010/11/27 14:41:23 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinBatch
[2011/04/29 21:37:31 | 000,000,000 | ---D | M] -- C:\Users\Eltern\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010/10/30 16:48:33 | 000,038,784 | ---- | M] () -- C:\Users\Eltern\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/10/09 18:26:47 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/10/09 18:26:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/10/09 18:26:47 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/10/09 18:26:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/10/09 18:19:02 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
Bitte schön / Danke schön!
__________________
Don´t Panic!

Alt 08.01.2012, 20:12   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 08.01.2012, 22:01   #12
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



TDSS-Killer durchgelaufen bei Win7, aber ohne Befund?!

Zur Sicherheit hier der Log von Win7:
Code:
ATTFilter
21:34:53.0996 4508	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:34:54.0168 4508	============================================================
21:34:54.0168 4508	Current date / time: 2012/01/08 21:34:54.0168
21:34:54.0168 4508	SystemInfo:
21:34:54.0168 4508	
21:34:54.0168 4508	OS Version: 6.1.7601 ServicePack: 1.0
21:34:54.0168 4508	Product type: Workstation
21:34:54.0168 4508	ComputerName: ELTERN-HP
21:34:54.0168 4508	UserName: Eltern
21:34:54.0168 4508	Windows directory: C:\Windows
21:34:54.0168 4508	System windows directory: C:\Windows
21:34:54.0168 4508	Running under WOW64
21:34:54.0168 4508	Processor architecture: Intel x64
21:34:54.0168 4508	Number of processors: 4
21:34:54.0168 4508	Page size: 0x1000
21:34:54.0168 4508	Boot type: Normal boot
21:34:54.0168 4508	============================================================
21:34:54.0995 4508	Initialize success
21:35:45.0851 4152	============================================================
21:35:45.0851 4152	Scan started
21:35:45.0851 4152	Mode: Manual; SigCheck; TDLFS; 
21:35:45.0851 4152	============================================================
21:35:46.0085 4152	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:35:46.0147 4152	1394ohci - ok
21:35:46.0178 4152	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:35:46.0194 4152	ACPI - ok
21:35:46.0209 4152	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:35:46.0241 4152	AcpiPmi - ok
21:35:46.0287 4152	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:35:46.0303 4152	adp94xx - ok
21:35:46.0319 4152	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:35:46.0319 4152	adpahci - ok
21:35:46.0334 4152	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:35:46.0350 4152	adpu320 - ok
21:35:46.0397 4152	afcdp           (ae1fce2cd1e99bea89183ba8cd320872) C:\Windows\system32\DRIVERS\afcdp.sys
21:35:46.0412 4152	afcdp - ok
21:35:46.0459 4152	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:35:46.0490 4152	AFD - ok
21:35:46.0506 4152	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:35:46.0521 4152	agp440 - ok
21:35:46.0537 4152	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:35:46.0537 4152	aliide - ok
21:35:46.0553 4152	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:35:46.0568 4152	amdide - ok
21:35:46.0584 4152	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:35:46.0584 4152	AmdK8 - ok
21:35:46.0709 4152	amdkmdag        (cf3db4d8b2ce0b282ab39c9d846eca74) C:\Windows\system32\DRIVERS\atikmdag.sys
21:35:46.0865 4152	amdkmdag - ok
21:35:46.0880 4152	amdkmdap        (7d07db26f6d3a16a6c8d34ce6c09fd01) C:\Windows\system32\DRIVERS\atikmpag.sys
21:35:46.0896 4152	amdkmdap - ok
21:35:46.0896 4152	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:35:46.0927 4152	AmdPPM - ok
21:35:46.0958 4152	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:35:46.0974 4152	amdsata - ok
21:35:46.0974 4152	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:35:46.0989 4152	amdsbs - ok
21:35:47.0005 4152	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:35:47.0005 4152	amdxata - ok
21:35:47.0036 4152	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:35:47.0067 4152	AppID - ok
21:35:47.0099 4152	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:35:47.0099 4152	arc - ok
21:35:47.0114 4152	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:35:47.0130 4152	arcsas - ok
21:35:47.0145 4152	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:35:47.0177 4152	AsyncMac - ok
21:35:47.0192 4152	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:35:47.0208 4152	atapi - ok
21:35:47.0239 4152	AtiHdmiService  (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
21:35:47.0255 4152	AtiHdmiService - ok
21:35:47.0270 4152	auusb           (f8a87be34ecd676e22d4178042bf8fd5) C:\Windows\system32\DRIVERS\auusb.sys
21:35:47.0286 4152	auusb - ok
21:35:47.0301 4152	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:35:47.0364 4152	b06bdrv - ok
21:35:47.0395 4152	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:35:47.0411 4152	b57nd60a - ok
21:35:47.0442 4152	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:35:47.0473 4152	Beep - ok
21:35:47.0504 4152	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:35:47.0520 4152	blbdrive - ok
21:35:47.0535 4152	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:35:47.0551 4152	bowser - ok
21:35:47.0551 4152	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:35:47.0567 4152	BrFiltLo - ok
21:35:47.0582 4152	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:35:47.0598 4152	BrFiltUp - ok
21:35:47.0629 4152	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:35:47.0660 4152	Brserid - ok
21:35:47.0676 4152	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:35:47.0676 4152	BrSerWdm - ok
21:35:47.0691 4152	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:35:47.0707 4152	BrUsbMdm - ok
21:35:47.0738 4152	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:35:47.0754 4152	BrUsbSer - ok
21:35:47.0769 4152	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:35:47.0769 4152	BTHMODEM - ok
21:35:47.0816 4152	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:35:47.0832 4152	cdfs - ok
21:35:47.0863 4152	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:35:47.0879 4152	cdrom - ok
21:35:47.0894 4152	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:35:47.0910 4152	circlass - ok
21:35:47.0957 4152	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:35:47.0957 4152	CLFS - ok
21:35:47.0972 4152	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:35:48.0003 4152	CmBatt - ok
21:35:48.0019 4152	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:35:48.0019 4152	cmdide - ok
21:35:48.0050 4152	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:35:48.0066 4152	CNG - ok
21:35:48.0081 4152	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:35:48.0097 4152	Compbatt - ok
21:35:48.0113 4152	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:35:48.0144 4152	CompositeBus - ok
21:35:48.0159 4152	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:35:48.0159 4152	crcdisk - ok
21:35:48.0206 4152	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:35:48.0253 4152	DfsC - ok
21:35:48.0269 4152	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:35:48.0300 4152	discache - ok
21:35:48.0300 4152	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:35:48.0315 4152	Disk - ok
21:35:48.0347 4152	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:35:48.0362 4152	drmkaud - ok
21:35:48.0409 4152	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:35:48.0425 4152	DXGKrnl - ok
21:35:48.0456 4152	eamonm          (13533557d01b88c83110d5cf749f14d7) C:\Windows\system32\DRIVERS\eamonm.sys
21:35:48.0456 4152	eamonm - ok
21:35:48.0518 4152	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:35:48.0627 4152	ebdrv - ok
21:35:48.0690 4152	ehdrv           (e097728129e7b79bf1089d7aef42332b) C:\Windows\system32\DRIVERS\ehdrv.sys
21:35:48.0690 4152	ehdrv - ok
21:35:48.0721 4152	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:35:48.0737 4152	elxstor - ok
21:35:48.0768 4152	epfwwfpr        (2380976cf8a4a56611f35633acd2a74f) C:\Windows\system32\DRIVERS\epfwwfpr.sys
21:35:48.0768 4152	epfwwfpr - ok
21:35:48.0799 4152	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:35:48.0815 4152	ErrDev - ok
21:35:48.0846 4152	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:35:48.0877 4152	exfat - ok
21:35:48.0893 4152	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:35:48.0939 4152	fastfat - ok
21:35:48.0955 4152	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:35:48.0971 4152	fdc - ok
21:35:49.0002 4152	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:35:49.0002 4152	FileInfo - ok
21:35:49.0017 4152	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:35:49.0064 4152	Filetrace - ok
21:35:49.0064 4152	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:35:49.0080 4152	flpydisk - ok
21:35:49.0095 4152	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:35:49.0111 4152	FltMgr - ok
21:35:49.0142 4152	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:35:49.0142 4152	FsDepends - ok
21:35:49.0158 4152	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:35:49.0173 4152	Fs_Rec - ok
21:35:49.0189 4152	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:35:49.0189 4152	fvevol - ok
21:35:49.0205 4152	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:35:49.0220 4152	gagp30kx - ok
21:35:49.0236 4152	GMSIPCI - ok
21:35:49.0267 4152	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:35:49.0298 4152	hcw85cir - ok
21:35:49.0329 4152	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:35:49.0345 4152	HdAudAddService - ok
21:35:49.0376 4152	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:35:49.0392 4152	HDAudBus - ok
21:35:49.0407 4152	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:35:49.0439 4152	HidBatt - ok
21:35:49.0454 4152	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:35:49.0470 4152	HidBth - ok
21:35:49.0485 4152	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:35:49.0501 4152	HidIr - ok
21:35:49.0532 4152	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:35:49.0548 4152	HidUsb - ok
21:35:49.0595 4152	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:35:49.0595 4152	HpSAMD - ok
21:35:49.0626 4152	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:35:49.0673 4152	HTTP - ok
21:35:49.0688 4152	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:35:49.0688 4152	hwpolicy - ok
21:35:49.0704 4152	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:35:49.0719 4152	i8042prt - ok
21:35:49.0751 4152	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:35:49.0766 4152	iaStorV - ok
21:35:49.0782 4152	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:35:49.0797 4152	iirsp - ok
21:35:49.0844 4152	IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
21:35:49.0891 4152	IntcAzAudAddService - ok
21:35:49.0907 4152	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:35:49.0907 4152	intelide - ok
21:35:49.0938 4152	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:35:49.0953 4152	intelppm - ok
21:35:49.0985 4152	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:35:50.0016 4152	IpFilterDriver - ok
21:35:50.0016 4152	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:35:50.0031 4152	IPMIDRV - ok
21:35:50.0047 4152	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:35:50.0094 4152	IPNAT - ok
21:35:50.0109 4152	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:35:50.0125 4152	IRENUM - ok
21:35:50.0156 4152	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:35:50.0156 4152	isapnp - ok
21:35:50.0172 4152	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:35:50.0187 4152	iScsiPrt - ok
21:35:50.0203 4152	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:35:50.0203 4152	kbdclass - ok
21:35:50.0219 4152	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:35:50.0250 4152	kbdhid - ok
21:35:50.0281 4152	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:35:50.0281 4152	KSecDD - ok
21:35:50.0312 4152	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:35:50.0328 4152	KSecPkg - ok
21:35:50.0328 4152	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:35:50.0359 4152	ksthunk - ok
21:35:50.0406 4152	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:35:50.0453 4152	lltdio - ok
21:35:50.0468 4152	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:35:50.0484 4152	LSI_FC - ok
21:35:50.0499 4152	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:35:50.0515 4152	LSI_SAS - ok
21:35:50.0531 4152	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:35:50.0531 4152	LSI_SAS2 - ok
21:35:50.0546 4152	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:35:50.0562 4152	LSI_SCSI - ok
21:35:50.0577 4152	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:35:50.0593 4152	luafv - ok
21:35:50.0640 4152	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:35:50.0640 4152	MBAMProtector - ok
21:35:50.0655 4152	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:35:50.0671 4152	megasas - ok
21:35:50.0671 4152	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:35:50.0687 4152	MegaSR - ok
21:35:50.0702 4152	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:35:50.0733 4152	Modem - ok
21:35:50.0749 4152	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:35:50.0765 4152	monitor - ok
21:35:50.0780 4152	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:35:50.0780 4152	mouclass - ok
21:35:50.0796 4152	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:35:50.0811 4152	mouhid - ok
21:35:50.0811 4152	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:35:50.0827 4152	mountmgr - ok
21:35:50.0843 4152	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:35:50.0843 4152	mpio - ok
21:35:50.0858 4152	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:35:50.0889 4152	mpsdrv - ok
21:35:50.0921 4152	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:35:50.0967 4152	MRxDAV - ok
21:35:50.0983 4152	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:35:50.0999 4152	mrxsmb - ok
21:35:51.0030 4152	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:35:51.0045 4152	mrxsmb10 - ok
21:35:51.0061 4152	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:35:51.0061 4152	mrxsmb20 - ok
21:35:51.0077 4152	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:35:51.0092 4152	msahci - ok
21:35:51.0108 4152	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:35:51.0108 4152	msdsm - ok
21:35:51.0139 4152	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:35:51.0155 4152	Msfs - ok
21:35:51.0186 4152	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:35:51.0217 4152	mshidkmdf - ok
21:35:51.0233 4152	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:35:51.0233 4152	msisadrv - ok
21:35:51.0264 4152	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:35:51.0295 4152	MSKSSRV - ok
21:35:51.0311 4152	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:35:51.0342 4152	MSPCLOCK - ok
21:35:51.0342 4152	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:35:51.0389 4152	MSPQM - ok
21:35:51.0435 4152	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:35:51.0451 4152	MsRPC - ok
21:35:51.0467 4152	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:35:51.0467 4152	mssmbios - ok
21:35:51.0482 4152	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:35:51.0513 4152	MSTEE - ok
21:35:51.0529 4152	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:35:51.0545 4152	MTConfig - ok
21:35:51.0560 4152	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:35:51.0560 4152	Mup - ok
21:35:51.0591 4152	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:35:51.0623 4152	NativeWifiP - ok
21:35:51.0669 4152	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:35:51.0685 4152	NDIS - ok
21:35:51.0716 4152	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:35:51.0732 4152	NdisCap - ok
21:35:51.0763 4152	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:35:51.0779 4152	NdisTapi - ok
21:35:51.0810 4152	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:35:51.0825 4152	Ndisuio - ok
21:35:51.0857 4152	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:35:51.0888 4152	NdisWan - ok
21:35:51.0919 4152	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:35:51.0950 4152	NDProxy - ok
21:35:51.0966 4152	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:35:51.0997 4152	NetBIOS - ok
21:35:51.0997 4152	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:35:52.0028 4152	NetBT - ok
21:35:52.0059 4152	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:35:52.0059 4152	nfrd960 - ok
21:35:52.0075 4152	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:35:52.0106 4152	Npfs - ok
21:35:52.0153 4152	NPF_devolo      (49697c2c761acb5c0de99cc8fe93e95b) C:\Windows\sysWOW64\drivers\npf_devolo.sys
21:35:52.0153 4152	NPF_devolo - ok
21:35:52.0200 4152	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:35:52.0247 4152	nsiproxy - ok
21:35:52.0293 4152	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:35:52.0340 4152	Ntfs - ok
21:35:52.0340 4152	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:35:52.0387 4152	Null - ok
21:35:52.0418 4152	NVNET           (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:35:52.0418 4152	NVNET - ok
21:35:52.0449 4152	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:35:52.0465 4152	nvraid - ok
21:35:52.0481 4152	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:35:52.0481 4152	nvstor - ok
21:35:52.0512 4152	nvstor64        (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys
21:35:52.0512 4152	nvstor64 - ok
21:35:52.0527 4152	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:35:52.0543 4152	nv_agp - ok
21:35:52.0559 4152	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:35:52.0574 4152	ohci1394 - ok
21:35:52.0605 4152	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:35:52.0621 4152	Parport - ok
21:35:52.0637 4152	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:35:52.0652 4152	partmgr - ok
21:35:52.0652 4152	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:35:52.0668 4152	pci - ok
21:35:52.0683 4152	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:35:52.0683 4152	pciide - ok
21:35:52.0699 4152	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:35:52.0715 4152	pcmcia - ok
21:35:52.0730 4152	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:35:52.0730 4152	pcw - ok
21:35:52.0777 4152	PdiPorts        (25fd4d8109114266a610fd1088bfd522) C:\Windows\system32\DRIVERS\PdiPorts.sys
21:35:52.0777 4152	PdiPorts - ok
21:35:52.0808 4152	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:35:52.0855 4152	PEAUTH - ok
21:35:52.0902 4152	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:35:52.0933 4152	PptpMiniport - ok
21:35:52.0949 4152	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:35:52.0964 4152	Processor - ok
21:35:52.0995 4152	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:35:53.0027 4152	Psched - ok
21:35:53.0058 4152	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:35:53.0058 4152	PxHlpa64 - ok
21:35:53.0105 4152	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:35:53.0151 4152	ql2300 - ok
21:35:53.0151 4152	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:35:53.0167 4152	ql40xx - ok
21:35:53.0183 4152	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:35:53.0214 4152	QWAVEdrv - ok
21:35:53.0229 4152	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:35:53.0261 4152	RasAcd - ok
21:35:53.0292 4152	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:35:53.0307 4152	RasAgileVpn - ok
21:35:53.0339 4152	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:35:53.0370 4152	Rasl2tp - ok
21:35:53.0370 4152	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:35:53.0401 4152	RasPppoe - ok
21:35:53.0417 4152	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:35:53.0448 4152	RasSstp - ok
21:35:53.0479 4152	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:35:53.0510 4152	rdbss - ok
21:35:53.0541 4152	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:35:53.0541 4152	rdpbus - ok
21:35:53.0573 4152	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:35:53.0588 4152	RDPCDD - ok
21:35:53.0604 4152	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:35:53.0635 4152	RDPENCDD - ok
21:35:53.0651 4152	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:35:53.0682 4152	RDPREFMP - ok
21:35:53.0713 4152	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:35:53.0729 4152	RDPWD - ok
21:35:53.0760 4152	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:35:53.0775 4152	rdyboost - ok
21:35:53.0791 4152	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:35:53.0838 4152	rspndr - ok
21:35:53.0869 4152	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:35:53.0869 4152	sbp2port - ok
21:35:53.0900 4152	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:35:53.0931 4152	scfilter - ok
21:35:53.0947 4152	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:35:53.0978 4152	secdrv - ok
21:35:53.0994 4152	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:35:54.0009 4152	Serenum - ok
21:35:54.0025 4152	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:35:54.0041 4152	Serial - ok
21:35:54.0072 4152	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:35:54.0087 4152	sermouse - ok
21:35:54.0119 4152	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:35:54.0150 4152	sffdisk - ok
21:35:54.0165 4152	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:35:54.0181 4152	sffp_mmc - ok
21:35:54.0197 4152	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:35:54.0212 4152	sffp_sd - ok
21:35:54.0228 4152	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:35:54.0243 4152	sfloppy - ok
21:35:54.0290 4152	Sftfs           (a40abfdcb75f835fdf3ce0cc64e4250d) C:\Windows\system32\DRIVERS\Sftfslh.sys
21:35:54.0290 4152	Sftfs - ok
21:35:54.0337 4152	Sftplay         (411769ed1cb12d2b44217734347bdb7a) C:\Windows\system32\DRIVERS\Sftplaylh.sys
21:35:54.0353 4152	Sftplay - ok
21:35:54.0368 4152	Sftredir        (a14d0df34bbb00ea94da16193d0c7957) C:\Windows\system32\DRIVERS\Sftredirlh.sys
21:35:54.0368 4152	Sftredir - ok
21:35:54.0384 4152	Sftvol          (393b22addd89979eb1c60898f51c3648) C:\Windows\system32\DRIVERS\Sftvollh.sys
21:35:54.0384 4152	Sftvol - ok
21:35:54.0446 4152	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:35:54.0446 4152	SiSRaid2 - ok
21:35:54.0477 4152	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:35:54.0493 4152	SiSRaid4 - ok
21:35:54.0509 4152	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:35:54.0540 4152	Smb - ok
21:35:54.0571 4152	snapman         (10450f432811d7fda60a97fcc674d7b2) C:\Windows\system32\DRIVERS\snapman.sys
21:35:54.0571 4152	snapman - ok
21:35:54.0587 4152	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:35:54.0587 4152	spldr - ok
21:35:54.0618 4152	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:35:54.0633 4152	srv - ok
21:35:54.0649 4152	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:35:54.0680 4152	srv2 - ok
21:35:54.0696 4152	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:35:54.0727 4152	srvnet - ok
21:35:54.0758 4152	ss_bbus         (ef806d212d34b0e173baeb3564d53e37) C:\Windows\system32\DRIVERS\ss_bbus.sys
21:35:54.0774 4152	ss_bbus - ok
21:35:54.0789 4152	ss_bmdfl        (08b1b34abebeb6ac2dea06900c56411e) C:\Windows\system32\DRIVERS\ss_bmdfl.sys
21:35:54.0789 4152	ss_bmdfl - ok
21:35:54.0805 4152	ss_bmdm         (71a9da6beaa4cb54dfb827fb78600a5d) C:\Windows\system32\DRIVERS\ss_bmdm.sys
21:35:54.0821 4152	ss_bmdm - ok
21:35:54.0836 4152	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:35:54.0836 4152	stexstor - ok
21:35:54.0867 4152	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:35:54.0883 4152	swenum - ok
21:35:54.0945 4152	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:35:54.0992 4152	Tcpip - ok
21:35:55.0039 4152	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:35:55.0070 4152	TCPIP6 - ok
21:35:55.0086 4152	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:35:55.0133 4152	tcpipreg - ok
21:35:55.0148 4152	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:35:55.0179 4152	TDPIPE - ok
21:35:55.0226 4152	tdrpman273      (99527d49ee0a96fc25537c61b270a372) C:\Windows\system32\DRIVERS\tdrpm273.sys
21:35:55.0257 4152	tdrpman273 - ok
21:35:55.0257 4152	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:35:55.0289 4152	TDTCP - ok
21:35:55.0320 4152	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:35:55.0351 4152	tdx - ok
21:35:55.0382 4152	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:35:55.0382 4152	TermDD - ok
21:35:55.0398 4152	TFsExDisk       (48d9d00c2e0e72c3d4f52772c80355f6) C:\Windows\System32\Drivers\TFsExDisk.sys
21:35:55.0413 4152	TFsExDisk - ok
21:35:55.0445 4152	timounter       (ebbaea02f0095a798000c7e06b16d41b) C:\Windows\system32\DRIVERS\timntr.sys
21:35:55.0460 4152	timounter - ok
21:35:55.0491 4152	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:35:55.0538 4152	tssecsrv - ok
21:35:55.0554 4152	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:35:55.0569 4152	TsUsbFlt - ok
21:35:55.0616 4152	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
21:35:55.0616 4152	TuneUpUtilitiesDrv - ok
21:35:55.0647 4152	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:35:55.0679 4152	tunnel - ok
21:35:55.0694 4152	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:35:55.0710 4152	uagp35 - ok
21:35:55.0741 4152	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:35:55.0772 4152	udfs - ok
21:35:55.0788 4152	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:35:55.0803 4152	uliagpkx - ok
21:35:55.0819 4152	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:35:55.0835 4152	umbus - ok
21:35:55.0835 4152	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:35:55.0866 4152	UmPass - ok
21:35:55.0881 4152	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:35:55.0897 4152	usbccgp - ok
21:35:55.0928 4152	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:35:55.0944 4152	usbcir - ok
21:35:55.0959 4152	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:35:55.0959 4152	usbehci - ok
21:35:55.0991 4152	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:35:56.0006 4152	usbhub - ok
21:35:56.0022 4152	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
21:35:56.0037 4152	usbohci - ok
21:35:56.0053 4152	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:35:56.0069 4152	usbprint - ok
21:35:56.0084 4152	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:35:56.0131 4152	USBSTOR - ok
21:35:56.0131 4152	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:35:56.0147 4152	usbuhci - ok
21:35:56.0193 4152	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:35:56.0193 4152	vdrvroot - ok
21:35:56.0209 4152	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:35:56.0225 4152	vga - ok
21:35:56.0240 4152	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:35:56.0271 4152	VgaSave - ok
21:35:56.0287 4152	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:35:56.0303 4152	vhdmp - ok
21:35:56.0318 4152	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:35:56.0318 4152	viaide - ok
21:35:56.0334 4152	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:35:56.0334 4152	volmgr - ok
21:35:56.0365 4152	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:35:56.0365 4152	volmgrx - ok
21:35:56.0381 4152	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:35:56.0396 4152	volsnap - ok
21:35:56.0427 4152	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:35:56.0443 4152	vsmraid - ok
21:35:56.0459 4152	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:35:56.0459 4152	vwifibus - ok
21:35:56.0474 4152	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:35:56.0505 4152	WacomPen - ok
21:35:56.0537 4152	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:56.0568 4152	WANARP - ok
21:35:56.0568 4152	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:35:56.0583 4152	Wanarpv6 - ok
21:35:56.0599 4152	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:35:56.0615 4152	Wd - ok
21:35:56.0630 4152	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:35:56.0646 4152	Wdf01000 - ok
21:35:56.0677 4152	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:35:56.0693 4152	WfpLwf - ok
21:35:56.0708 4152	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:35:56.0724 4152	WIMMount - ok
21:35:56.0755 4152	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:35:56.0771 4152	WmiAcpi - ok
21:35:56.0817 4152	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:35:56.0849 4152	ws2ifsl - ok
21:35:56.0880 4152	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:35:56.0911 4152	WudfPf - ok
21:35:56.0927 4152	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:35:56.0958 4152	WUDFRd - ok
21:35:56.0973 4152	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:35:57.0083 4152	\Device\Harddisk0\DR0 - ok
21:35:57.0083 4152	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
21:35:57.0317 4152	\Device\Harddisk1\DR1 - ok
21:35:57.0332 4152	Boot (0x1200)   (ca7eb2cd50a82d6a5a6d989057010092) \Device\Harddisk0\DR0\Partition0
21:35:57.0332 4152	\Device\Harddisk0\DR0\Partition0 - ok
21:35:57.0348 4152	Boot (0x1200)   (7d423beeb74d136e1fd7970cb7c512b2) \Device\Harddisk0\DR0\Partition1
21:35:57.0348 4152	\Device\Harddisk0\DR0\Partition1 - ok
21:35:57.0379 4152	Boot (0x1200)   (d9f6c977189804591ac3bd0a13d0ebc4) \Device\Harddisk0\DR0\Partition2
21:35:57.0379 4152	\Device\Harddisk0\DR0\Partition2 - ok
21:35:57.0395 4152	Boot (0x1200)   (ff55e34dd0b0386560d6f09d36e81b71) \Device\Harddisk0\DR0\Partition3
21:35:57.0395 4152	\Device\Harddisk0\DR0\Partition3 - ok
21:35:57.0395 4152	Boot (0x1200)   (bb77d96d69d4486575c43feca92f8020) \Device\Harddisk1\DR1\Partition0
21:35:57.0410 4152	\Device\Harddisk1\DR1\Partition0 - ok
21:35:57.0410 4152	Boot (0x1200)   (0b26dbc4dae260870ab7714eef214aa3) \Device\Harddisk1\DR1\Partition1
21:35:57.0410 4152	\Device\Harddisk1\DR1\Partition1 - ok
21:35:57.0410 4152	============================================================
21:35:57.0410 4152	Scan finished
21:35:57.0410 4152	============================================================
21:35:57.0410 4324	Detected object count: 0
21:35:57.0410 4324	Actual detected object count: 0
         
haben den TDSS-Killer unter XP laufen lassen (andere Festplatte wie vor geschrieben) mit dem Ergeniss 4 files found:
Code:
ATTFilter
21:54:02.0921 2744	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:54:02.0953 2744	============================================================
21:54:02.0953 2744	Current date / time: 2012/01/08 21:54:02.0953
21:54:02.0953 2744	SystemInfo:
21:54:02.0953 2744	
21:54:02.0953 2744	OS Version: 5.1.2600 ServicePack: 3.0
21:54:02.0953 2744	Product type: Workstation
21:54:02.0953 2744	ComputerName: FLUGSIMULATOR
21:54:02.0953 2744	UserName: Holger
21:54:02.0953 2744	Windows directory: D:\windows
21:54:02.0953 2744	System windows directory: D:\windows
21:54:02.0953 2744	Processor architecture: Intel x86
21:54:02.0953 2744	Number of processors: 4
21:54:02.0953 2744	Page size: 0x1000
21:54:02.0953 2744	Boot type: Normal boot
21:54:02.0953 2744	============================================================
21:54:03.0406 2744	Initialize success
21:54:09.0500 2772	============================================================
21:54:09.0500 2772	Scan started
21:54:09.0500 2772	Mode: Manual; SigCheck; TDLFS; 
21:54:09.0500 2772	============================================================
21:54:09.0593 2772	Abiosdsk - ok
21:54:09.0593 2772	abp480n5 - ok
21:54:09.0640 2772	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) D:\windows\system32\DRIVERS\ACPI.sys
21:54:10.0671 2772	ACPI - ok
21:54:10.0718 2772	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) D:\windows\system32\drivers\ACPIEC.sys
21:54:10.0859 2772	ACPIEC - ok
21:54:10.0859 2772	adpu160m - ok
21:54:10.0906 2772	aec             (8bed39e3c35d6a489438b8141717a557) D:\windows\system32\drivers\aec.sys
21:54:10.0984 2772	aec - ok
21:54:11.0015 2772	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) D:\windows\System32\drivers\afd.sys
21:54:11.0109 2772	AFD - ok
21:54:11.0109 2772	Aha154x - ok
21:54:11.0125 2772	aic78u2 - ok
21:54:11.0125 2772	aic78xx - ok
21:54:11.0140 2772	AliIde - ok
21:54:11.0140 2772	amsint - ok
21:54:11.0156 2772	asc - ok
21:54:11.0156 2772	asc3350p - ok
21:54:11.0171 2772	asc3550 - ok
21:54:11.0187 2772	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) D:\windows\system32\DRIVERS\asyncmac.sys
21:54:11.0281 2772	AsyncMac - ok
21:54:11.0312 2772	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) D:\windows\system32\DRIVERS\atapi.sys
21:54:11.0390 2772	atapi - ok
21:54:11.0406 2772	Atdisk - ok
21:54:11.0515 2772	ati2mtag        (3fff73a29663eda8ec7169a7cfde29f4) D:\windows\system32\DRIVERS\ati2mtag.sys
21:54:11.0703 2772	ati2mtag - ok
21:54:11.0781 2772	Atmarpc         (9916c1225104ba14794209cfa8012159) D:\windows\system32\DRIVERS\atmarpc.sys
21:54:11.0875 2772	Atmarpc - ok
21:54:11.0906 2772	audstub         (d9f724aa26c010a217c97606b160ed68) D:\windows\system32\DRIVERS\audstub.sys
21:54:11.0984 2772	audstub - ok
21:54:12.0046 2772	Beep            (da1f27d85e0d1525f6621372e7b685e9) D:\windows\system32\drivers\Beep.sys
21:54:12.0156 2772	Beep - ok
21:54:12.0203 2772	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) D:\windows\system32\drivers\cbidf2k.sys
21:54:12.0328 2772	cbidf2k - ok
21:54:12.0484 2772	cd20xrnt - ok
21:54:12.0625 2772	Cdaudio         (c1b486a7658353d33a10cc15211a873b) D:\windows\system32\drivers\Cdaudio.sys
21:54:12.0734 2772	Cdaudio - ok
21:54:12.0796 2772	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) D:\windows\system32\drivers\Cdfs.sys
21:54:12.0921 2772	Cdfs - ok
21:54:13.0031 2772	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) D:\windows\system32\DRIVERS\cdrom.sys
21:54:13.0109 2772	Cdrom - ok
21:54:13.0187 2772	cercsr6         (84853b3fd012251690570e9e7e43343f) D:\windows\system32\drivers\cercsr6.sys
21:54:13.0234 2772	cercsr6 ( UnsignedFile.Multi.Generic ) - warning
21:54:13.0234 2772	cercsr6 - detected UnsignedFile.Multi.Generic (1)
21:54:13.0281 2772	Changer - ok
21:54:13.0312 2772	CmdIde - ok
21:54:13.0375 2772	Cpqarray - ok
21:54:13.0437 2772	dac2w2k - ok
21:54:13.0500 2772	dac960nt - ok
21:54:13.0562 2772	Disk            (044452051f3e02e7963599fc8f4f3e25) D:\windows\system32\DRIVERS\disk.sys
21:54:13.0656 2772	Disk - ok
21:54:13.0765 2772	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) D:\windows\system32\drivers\dmboot.sys
21:54:13.0968 2772	dmboot - ok
21:54:14.0046 2772	dmio            (53720ab12b48719d00e327da470a619a) D:\windows\system32\drivers\dmio.sys
21:54:14.0203 2772	dmio - ok
21:54:14.0250 2772	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) D:\windows\system32\drivers\dmload.sys
21:54:14.0375 2772	dmload - ok
21:54:14.0453 2772	DMusic          (8a208dfcf89792a484e76c40e5f50b45) D:\windows\system32\drivers\DMusic.sys
21:54:14.0546 2772	DMusic - ok
21:54:14.0578 2772	dpti2o - ok
21:54:14.0593 2772	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) D:\windows\system32\drivers\drmkaud.sys
21:54:14.0671 2772	drmkaud - ok
21:54:14.0718 2772	eamon           (9309c5c9831203436e64cf2ae605c5d7) D:\windows\system32\DRIVERS\eamon.sys
21:54:14.0734 2772	eamon - ok
21:54:14.0781 2772	ehdrv           (deff87f04ab5f6dd5edf2b80853bbe10) D:\windows\system32\DRIVERS\ehdrv.sys
21:54:14.0812 2772	ehdrv - ok
21:54:14.0843 2772	epfwtdir        (06c65ac0a703cf8eea4f284d901a1550) D:\windows\system32\DRIVERS\epfwtdir.sys
21:54:14.0859 2772	epfwtdir - ok
21:54:14.0906 2772	Fastfat         (38d332a6d56af32635675f132548343e) D:\windows\system32\drivers\Fastfat.sys
21:54:15.0000 2772	Fastfat - ok
21:54:15.0000 2772	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) D:\windows\system32\drivers\Fdc.sys
21:54:15.0078 2772	Fdc - ok
21:54:15.0093 2772	Fips            (b0678a548587c5f1967b0d70bacad6c1) D:\windows\system32\drivers\Fips.sys
21:54:15.0171 2772	Fips - ok
21:54:15.0171 2772	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) D:\windows\system32\drivers\Flpydisk.sys
21:54:15.0250 2772	Flpydisk - ok
21:54:15.0281 2772	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) D:\windows\system32\drivers\fltmgr.sys
21:54:15.0375 2772	FltMgr - ok
21:54:15.0390 2772	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) D:\windows\system32\drivers\Fs_Rec.sys
21:54:15.0468 2772	Fs_Rec - ok
21:54:15.0468 2772	Ftdisk          (8f1955ce42e1484714b542f341647778) D:\windows\system32\DRIVERS\ftdisk.sys
21:54:15.0546 2772	Ftdisk - ok
21:54:15.0562 2772	GMSIPCI - ok
21:54:15.0562 2772	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) D:\windows\system32\DRIVERS\msgpc.sys
21:54:15.0656 2772	Gpc - ok
21:54:15.0671 2772	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) D:\windows\system32\DRIVERS\HDAudBus.sys
21:54:15.0765 2772	HDAudBus - ok
21:54:15.0781 2772	hidusb          (ccf82c5ec8a7326c3066de870c06daf1) D:\windows\system32\DRIVERS\hidusb.sys
21:54:15.0859 2772	hidusb - ok
21:54:15.0890 2772	hpn - ok
21:54:15.0921 2772	HTTP            (f80a415ef82cd06ffaf0d971528ead38) D:\windows\system32\Drivers\HTTP.sys
21:54:15.0984 2772	HTTP - ok
21:54:16.0000 2772	i2omgmt - ok
21:54:16.0000 2772	i2omp - ok
21:54:16.0015 2772	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) D:\windows\system32\drivers\i8042prt.sys
21:54:16.0093 2772	i8042prt - ok
21:54:16.0109 2772	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) D:\windows\system32\DRIVERS\imapi.sys
21:54:16.0203 2772	Imapi - ok
21:54:16.0218 2772	ini910u - ok
21:54:16.0359 2772	IntcAzAudAddService (ed90e04f7a1e385e2ea956cad83f8070) D:\windows\system32\drivers\RtkHDAud.sys
21:54:16.0515 2772	IntcAzAudAddService - ok
21:54:16.0562 2772	IntelIde - ok
21:54:16.0593 2772	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) D:\windows\system32\drivers\ip6fw.sys
21:54:16.0671 2772	Ip6Fw - ok
21:54:16.0703 2772	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) D:\windows\system32\DRIVERS\ipfltdrv.sys
21:54:16.0781 2772	IpFilterDriver - ok
21:54:16.0796 2772	IpInIp          (b87ab476dcf76e72010632b5550955f5) D:\windows\system32\DRIVERS\ipinip.sys
21:54:16.0890 2772	IpInIp - ok
21:54:16.0906 2772	IpNat           (cc748ea12c6effde940ee98098bf96bb) D:\windows\system32\DRIVERS\ipnat.sys
21:54:16.0984 2772	IpNat - ok
21:54:17.0000 2772	IPSec           (23c74d75e36e7158768dd63d92789a91) D:\windows\system32\DRIVERS\ipsec.sys
21:54:17.0109 2772	IPSec - ok
21:54:17.0125 2772	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) D:\windows\system32\DRIVERS\irenum.sys
21:54:17.0171 2772	IRENUM - ok
21:54:17.0187 2772	isapnp          (6dfb88f64135c525433e87648bda30de) D:\windows\system32\DRIVERS\isapnp.sys
21:54:17.0250 2772	isapnp - ok
21:54:17.0265 2772	Kbdclass        (1704d8c4c8807b889e43c649b478a452) D:\windows\system32\DRIVERS\kbdclass.sys
21:54:17.0359 2772	Kbdclass - ok
21:54:17.0359 2772	kbdhid          (b6d6c117d771c98130497265f26d1882) D:\windows\system32\DRIVERS\kbdhid.sys
21:54:17.0453 2772	kbdhid - ok
21:54:17.0468 2772	kmixer          (692bcf44383d056aed41b045a323d378) D:\windows\system32\drivers\kmixer.sys
21:54:17.0562 2772	kmixer - ok
21:54:17.0593 2772	KSecDD          (b467646c54cc746128904e1654c750c1) D:\windows\system32\drivers\KSecDD.sys
21:54:17.0640 2772	KSecDD - ok
21:54:17.0656 2772	lbrtfdc - ok
21:54:17.0687 2772	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) D:\windows\system32\drivers\mnmdd.sys
21:54:17.0796 2772	mnmdd - ok
21:54:17.0812 2772	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) D:\windows\system32\drivers\Modem.sys
21:54:17.0890 2772	Modem - ok
21:54:17.0906 2772	Mouclass        (b24ce8005deab254c0251e15cb71d802) D:\windows\system32\DRIVERS\mouclass.sys
21:54:17.0984 2772	Mouclass - ok
21:54:18.0015 2772	mouhid          (66a6f73c74e1791464160a7065ce711a) D:\windows\system32\DRIVERS\mouhid.sys
21:54:18.0109 2772	mouhid - ok
21:54:18.0125 2772	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) D:\windows\system32\drivers\MountMgr.sys
21:54:18.0203 2772	MountMgr - ok
21:54:18.0218 2772	mraid35x - ok
21:54:18.0218 2772	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) D:\windows\system32\DRIVERS\mrxdav.sys
21:54:18.0312 2772	MRxDAV - ok
21:54:18.0328 2772	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) D:\windows\system32\DRIVERS\mrxsmb.sys
21:54:18.0421 2772	MRxSmb - ok
21:54:18.0437 2772	Msfs            (c941ea2454ba8350021d774daf0f1027) D:\windows\system32\drivers\Msfs.sys
21:54:18.0515 2772	Msfs - ok
21:54:18.0546 2772	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) D:\windows\system32\drivers\MSKSSRV.sys
21:54:18.0640 2772	MSKSSRV - ok
21:54:18.0671 2772	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) D:\windows\system32\drivers\MSPCLOCK.sys
21:54:18.0734 2772	MSPCLOCK - ok
21:54:18.0734 2772	MSPQM           (bad59648ba099da4a17680b39730cb3d) D:\windows\system32\drivers\MSPQM.sys
21:54:18.0828 2772	MSPQM - ok
21:54:18.0843 2772	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) D:\windows\system32\DRIVERS\mssmbios.sys
21:54:18.0937 2772	mssmbios - ok
21:54:18.0953 2772	Mup             (de6a75f5c270e756c5508d94b6cf68f5) D:\windows\system32\drivers\Mup.sys
21:54:19.0031 2772	Mup - ok
21:54:19.0062 2772	NDIS            (1df7f42665c94b825322fae71721130d) D:\windows\system32\drivers\NDIS.sys
21:54:19.0140 2772	NDIS - ok
21:54:19.0171 2772	NdisTapi        (0109c4f3850dfbab279542515386ae22) D:\windows\system32\DRIVERS\ndistapi.sys
21:54:19.0218 2772	NdisTapi - ok
21:54:19.0250 2772	Ndisuio         (f927a4434c5028758a842943ef1a3849) D:\windows\system32\DRIVERS\ndisuio.sys
21:54:19.0328 2772	Ndisuio - ok
21:54:19.0343 2772	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) D:\windows\system32\DRIVERS\ndiswan.sys
21:54:19.0421 2772	NdisWan - ok
21:54:19.0453 2772	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) D:\windows\system32\drivers\NDProxy.sys
21:54:19.0500 2772	NDProxy - ok
21:54:19.0515 2772	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) D:\windows\system32\DRIVERS\netbios.sys
21:54:19.0625 2772	NetBIOS - ok
21:54:19.0656 2772	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) D:\windows\system32\DRIVERS\netbt.sys
21:54:19.0765 2772	NetBT - ok
21:54:19.0781 2772	Npfs            (3182d64ae053d6fb034f44b6def8034a) D:\windows\system32\drivers\Npfs.sys
21:54:19.0859 2772	Npfs - ok
21:54:19.0890 2772	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) D:\windows\system32\drivers\Ntfs.sys
21:54:20.0000 2772	Ntfs - ok
21:54:20.0031 2772	Null            (73c1e1f395918bc2c6dd67af7591a3ad) D:\windows\system32\drivers\Null.sys
21:54:20.0125 2772	Null - ok
21:54:20.0140 2772	nvatabus        (b7fb72492b753930ec70a0f49d04f12f) D:\windows\system32\drivers\nvatabus.sys
21:54:20.0156 2772	nvatabus ( UnsignedFile.Multi.Generic ) - warning
21:54:20.0156 2772	nvatabus - detected UnsignedFile.Multi.Generic (1)
21:54:20.0187 2772	NVENETFD        (7d275ecda4628318912f6c945d5cf963) D:\windows\system32\DRIVERS\NVENETFD.sys
21:54:20.0250 2772	NVENETFD - ok
21:54:20.0265 2772	nvgts           (75e2e77c5497f34e60491d27bf03f1cb) D:\windows\system32\DRIVERS\nvgts.sys
21:54:20.0265 2772	nvgts - ok
21:54:20.0281 2772	nvnetbus        (b64aacefad2be5bff5353fe681253c67) D:\windows\system32\DRIVERS\nvnetbus.sys
21:54:20.0328 2772	nvnetbus - ok
21:54:20.0359 2772	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) D:\windows\system32\DRIVERS\nwlnkflt.sys
21:54:20.0453 2772	NwlnkFlt - ok
21:54:20.0453 2772	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) D:\windows\system32\DRIVERS\nwlnkfwd.sys
21:54:20.0531 2772	NwlnkFwd - ok
21:54:20.0562 2772	Parport         (f84785660305b9b903fb3bca8ba29837) D:\windows\system32\drivers\Parport.sys
21:54:20.0640 2772	Parport - ok
21:54:20.0656 2772	PartMgr         (beb3ba25197665d82ec7065b724171c6) D:\windows\system32\drivers\PartMgr.sys
21:54:20.0734 2772	PartMgr - ok
21:54:20.0750 2772	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) D:\windows\system32\drivers\ParVdm.sys
21:54:20.0828 2772	ParVdm - ok
21:54:20.0843 2772	PCI             (387e8dedc343aa2d1efbc30580273acd) D:\windows\system32\DRIVERS\pci.sys
21:54:20.0937 2772	PCI - ok
21:54:20.0953 2772	PCIDump - ok
21:54:20.0968 2772	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) D:\windows\system32\DRIVERS\pciide.sys
21:54:21.0062 2772	PCIIde - ok
21:54:21.0078 2772	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) D:\windows\system32\drivers\Pcmcia.sys
21:54:21.0156 2772	Pcmcia - ok
21:54:21.0156 2772	PDCOMP - ok
21:54:21.0171 2772	PDFRAME - ok
21:54:21.0171 2772	PDRELI - ok
21:54:21.0187 2772	PDRFRAME - ok
21:54:21.0187 2772	perc2 - ok
21:54:21.0203 2772	perc2hib - ok
21:54:21.0234 2772	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) D:\windows\system32\DRIVERS\raspptp.sys
21:54:21.0328 2772	PptpMiniport - ok
21:54:21.0359 2772	Processor       (2cb55427c58679f49ad600fccba76360) D:\windows\system32\DRIVERS\processr.sys
21:54:21.0437 2772	Processor - ok
21:54:21.0437 2772	PSched          (09298ec810b07e5d582cb3a3f9255424) D:\windows\system32\DRIVERS\psched.sys
21:54:21.0531 2772	PSched - ok
21:54:21.0546 2772	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) D:\windows\system32\DRIVERS\ptilink.sys
21:54:21.0609 2772	Ptilink - ok
21:54:21.0625 2772	ql1080 - ok
21:54:21.0640 2772	Ql10wnt - ok
21:54:21.0640 2772	ql12160 - ok
21:54:21.0656 2772	ql1240 - ok
21:54:21.0656 2772	ql1280 - ok
21:54:21.0671 2772	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) D:\windows\system32\DRIVERS\rasacd.sys
21:54:21.0750 2772	RasAcd - ok
21:54:21.0781 2772	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) D:\windows\system32\DRIVERS\rasl2tp.sys
21:54:21.0843 2772	Rasl2tp - ok
21:54:21.0843 2772	RasPppoe        (5bc962f2654137c9909c3d4603587dee) D:\windows\system32\DRIVERS\raspppoe.sys
21:54:21.0953 2772	RasPppoe - ok
21:54:21.0953 2772	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) D:\windows\system32\DRIVERS\raspti.sys
21:54:22.0031 2772	Raspti - ok
21:54:22.0046 2772	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) D:\windows\system32\DRIVERS\rdbss.sys
21:54:22.0140 2772	Rdbss - ok
21:54:22.0156 2772	RDPCDD          (4912d5b403614ce99c28420f75353332) D:\windows\system32\DRIVERS\RDPCDD.sys
21:54:22.0234 2772	RDPCDD - ok
21:54:22.0250 2772	rdpdr           (15cabd0f7c00c47c70124907916af3f1) D:\windows\system32\DRIVERS\rdpdr.sys
21:54:22.0359 2772	rdpdr - ok
21:54:22.0390 2772	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) D:\windows\system32\drivers\RDPWD.sys
21:54:22.0453 2772	RDPWD - ok
21:54:22.0468 2772	redbook         (ed761d453856f795a7fe056e42c36365) D:\windows\system32\DRIVERS\redbook.sys
21:54:22.0531 2772	redbook - ok
21:54:22.0640 2772	RTHDMIAzAudService (e7d4fcac8aa994d022e91540f9e5b815) D:\windows\system32\drivers\RtKHDMI.sys
21:54:22.0750 2772	RTHDMIAzAudService - ok
21:54:22.0828 2772	Secdrv          (ba0d892d2f786bcebdf03b0a252b47f3) D:\windows\system32\DRIVERS\secdrv.sys
21:54:22.0843 2772	Secdrv ( UnsignedFile.Multi.Generic ) - warning
21:54:22.0843 2772	Secdrv - detected UnsignedFile.Multi.Generic (1)
21:54:22.0859 2772	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) D:\windows\system32\drivers\Serial.sys
21:54:22.0953 2772	Serial - ok
21:54:22.0984 2772	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) D:\windows\system32\drivers\Sfloppy.sys
21:54:23.0046 2772	Sfloppy - ok
21:54:23.0062 2772	Simbad - ok
21:54:23.0078 2772	Sparrow - ok
21:54:23.0093 2772	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) D:\windows\system32\drivers\splitter.sys
21:54:23.0171 2772	splitter - ok
21:54:23.0187 2772	sr              (50fa898f8c032796d3b1b9951bb5a90f) D:\windows\system32\DRIVERS\sr.sys
21:54:23.0234 2772	sr - ok
21:54:23.0265 2772	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) D:\windows\system32\DRIVERS\srv.sys
21:54:23.0359 2772	Srv - ok
21:54:23.0390 2772	StarOpen        (e57b778208c783d8debab320c16a1b82) D:\windows\system32\drivers\StarOpen.sys
21:54:23.0421 2772	StarOpen ( UnsignedFile.Multi.Generic ) - warning
21:54:23.0421 2772	StarOpen - detected UnsignedFile.Multi.Generic (1)
21:54:23.0453 2772	swenum          (3941d127aef12e93addf6fe6ee027e0f) D:\windows\system32\DRIVERS\swenum.sys
21:54:23.0531 2772	swenum - ok
21:54:23.0546 2772	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) D:\windows\system32\drivers\swmidi.sys
21:54:23.0640 2772	swmidi - ok
21:54:23.0656 2772	symc810 - ok
21:54:23.0656 2772	symc8xx - ok
21:54:23.0671 2772	sym_hi - ok
21:54:23.0671 2772	sym_u3 - ok
21:54:23.0687 2772	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) D:\windows\system32\drivers\sysaudio.sys
21:54:23.0781 2772	sysaudio - ok
21:54:23.0828 2772	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) D:\windows\system32\DRIVERS\tcpip.sys
21:54:23.0875 2772	Tcpip - ok
21:54:23.0890 2772	TDPIPE          (6471a66807f5e104e4885f5b67349397) D:\windows\system32\drivers\TDPIPE.sys
21:54:23.0984 2772	TDPIPE - ok
21:54:24.0000 2772	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) D:\windows\system32\drivers\TDTCP.sys
21:54:24.0109 2772	TDTCP - ok
21:54:24.0125 2772	TermDD          (88155247177638048422893737429d9e) D:\windows\system32\DRIVERS\termdd.sys
21:54:24.0203 2772	TermDD - ok
21:54:24.0218 2772	TosIde - ok
21:54:24.0234 2772	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) D:\windows\system32\drivers\Udfs.sys
21:54:24.0328 2772	Udfs - ok
21:54:24.0343 2772	ultra - ok
21:54:24.0375 2772	Update          (402ddc88356b1bac0ee3dd1580c76a31) D:\windows\system32\DRIVERS\update.sys
21:54:24.0468 2772	Update - ok
21:54:24.0484 2772	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) D:\windows\system32\DRIVERS\usbccgp.sys
21:54:24.0578 2772	usbccgp - ok
21:54:24.0593 2772	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) D:\windows\system32\DRIVERS\usbehci.sys
21:54:24.0671 2772	usbehci - ok
21:54:24.0687 2772	usbhub          (1ab3cdde553b6e064d2e754efe20285c) D:\windows\system32\DRIVERS\usbhub.sys
21:54:24.0796 2772	usbhub - ok
21:54:24.0796 2772	usbohci         (0daecce65366ea32b162f85f07c6753b) D:\windows\system32\DRIVERS\usbohci.sys
21:54:24.0875 2772	usbohci - ok
21:54:24.0890 2772	usbprint        (a717c8721046828520c9edf31288fc00) D:\windows\system32\DRIVERS\usbprint.sys
21:54:24.0968 2772	usbprint - ok
21:54:24.0968 2772	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) D:\windows\system32\DRIVERS\usbscan.sys
21:54:25.0062 2772	usbscan - ok
21:54:25.0062 2772	usbstor         (a32426d9b14a089eaa1d922e0c5801a9) D:\windows\system32\DRIVERS\USBSTOR.SYS
21:54:25.0140 2772	usbstor - ok
21:54:25.0171 2772	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) D:\windows\System32\drivers\vga.sys
21:54:25.0250 2772	VgaSave - ok
21:54:25.0265 2772	ViaIde - ok
21:54:25.0281 2772	VolSnap         (a5a712f4e880874a477af790b5186e1d) D:\windows\system32\drivers\VolSnap.sys
21:54:25.0375 2772	VolSnap - ok
21:54:25.0406 2772	Wanarp          (e20b95baedb550f32dd489265c1da1f6) D:\windows\system32\DRIVERS\wanarp.sys
21:54:25.0484 2772	Wanarp - ok
21:54:25.0484 2772	WDICA - ok
21:54:25.0515 2772	wdmaud          (6768acf64b18196494413695f0c3a00f) D:\windows\system32\drivers\wdmaud.sys
21:54:25.0578 2772	wdmaud - ok
21:54:25.0625 2772	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:54:25.0687 2772	\Device\Harddisk0\DR0 - ok
21:54:25.0703 2772	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
21:54:25.0937 2772	\Device\Harddisk1\DR1 - ok
21:54:25.0968 2772	Boot (0x1200)   (ca7eb2cd50a82d6a5a6d989057010092) \Device\Harddisk0\DR0\Partition0
21:54:25.0968 2772	\Device\Harddisk0\DR0\Partition0 - ok
21:54:25.0968 2772	Boot (0x1200)   (7d423beeb74d136e1fd7970cb7c512b2) \Device\Harddisk0\DR0\Partition1
21:54:25.0968 2772	\Device\Harddisk0\DR0\Partition1 - ok
21:54:25.0968 2772	Boot (0x1200)   (d9f6c977189804591ac3bd0a13d0ebc4) \Device\Harddisk0\DR0\Partition2
21:54:25.0968 2772	\Device\Harddisk0\DR0\Partition2 - ok
21:54:25.0984 2772	Boot (0x1200)   (ff55e34dd0b0386560d6f09d36e81b71) \Device\Harddisk0\DR0\Partition3
21:54:25.0984 2772	\Device\Harddisk0\DR0\Partition3 - ok
21:54:25.0984 2772	Boot (0x1200)   (bb77d96d69d4486575c43feca92f8020) \Device\Harddisk1\DR1\Partition0
21:54:25.0984 2772	\Device\Harddisk1\DR1\Partition0 - ok
21:54:25.0984 2772	Boot (0x1200)   (0b26dbc4dae260870ab7714eef214aa3) \Device\Harddisk1\DR1\Partition1
21:54:25.0984 2772	\Device\Harddisk1\DR1\Partition1 - ok
21:54:25.0984 2772	============================================================
21:54:25.0984 2772	Scan finished
21:54:25.0984 2772	============================================================
21:54:26.0093 2764	Detected object count: 4
21:54:26.0093 2764	Actual detected object count: 4
21:55:02.0828 2764	cercsr6 ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764	cercsr6 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:02.0828 2764	nvatabus ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764	nvatabus ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:02.0828 2764	Secdrv ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764	Secdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
21:55:02.0828 2764	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
21:55:02.0828 2764	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Und nochmals Danke für die Mühe!
__________________
Don´t Panic!

Alt 08.01.2012, 22:21   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Also Logs von verschiedenen Betriebssystemen in einem Strang sind verwirrdend. Man muss sich hier schon auf ein System einigen was bereinigt werden soll.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 09.01.2012, 00:49   #14
NoOneSF
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



OK, dann machen wir erstmal Windows 7 wieder fit?

Und wenn es nicht zuviel Mühe macht danach Windows XP von der anderen Festplatte? Ist halt ein PC, XP ist noch auf einer kleinen Extra Platte für den Flugsimulator.

Nur noch mal zu Info beide Platten ein PC über BIOS Boot-Menü wird entschieden welche Platte booten soll. Also wenn möglich erst Win7 danach XP?

THX zum xten mal!
__________________
Don´t Panic!

Alt 09.01.2012, 11:11   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Standard

Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert



Wir machen hier erstmal WIn7. Wenn wir fertig sind kümmern wir uns um das parallel installierte XP, da machst du dann einen neuen Strang zu auf.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert
admin, anderes, angemeldet, arbeit, aufrufe, diverse, einfach, eingefangen, entfernt, eset, folge, freund, gen, gestartet, infiziert, interne, lag, laufen, log-datei, löschen, meldung, nicht mehr, schonmal, systemsteuerung, updates, verschwunden, windows



Ähnliche Themen: Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert


  1. Computer keine Rechte Systemsteuerung geht nicht. Etc
    Alles rund um Windows - 12.10.2015 (3)
  2. Windows 7: Keine Berechtigung zum Herunterfahren des Rechners und zum Ausführen jeglicher Dateien
    Log-Analyse und Auswertung - 06.04.2015 (21)
  3. Taskmanager verschwunden, Systemregistry durch Admin gesperrt, mcafee Link auf dem Desktop
    Plagegeister aller Art und deren Bekämpfung - 08.02.2014 (12)
  4. keine Ausreichende Berechtigung ... und das ist anscheinend nur die Speitze des Eisbergs
    Log-Analyse und Auswertung - 10.11.2013 (13)
  5. Dienste sind unter Systemsteuerung/Verwaltung verschwunden. Ein Trojaner?
    Log-Analyse und Auswertung - 09.11.2013 (11)
  6. Desktopsymbole (z.B.Eigene Dateien) verschwunden obwohl irgendwie vorhanden.
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (5)
  7. Nach Virus keine Berechtigung für externe Festplatte mehr
    Log-Analyse und Auswertung - 04.08.2013 (12)
  8. keine Unistall option mehr bei Systemsteuerung>software
    Plagegeister aller Art und deren Bekämpfung - 18.09.2012 (2)
  9. Keine Berechtigung zum Löschen/Kopieren - einziger Administrator
    Log-Analyse und Auswertung - 25.06.2012 (5)
  10. Web.de versendet automatisch E-Mails, obwohl ich mich seit 2 Jahren nicht angemeldet hab
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (1)
  11. Admin Konto hat keine Admin Rechte mehr
    Log-Analyse und Auswertung - 08.08.2011 (1)
  12. Virenscanner laufen nicht mehr, Zugriff verweigert, keine ausreichende Berechtigung
    Mülltonne - 22.07.2011 (1)
  13. Trojan fakealert - Desktopsymbole (z.B.Eigene Dateien) verschwunden obwohl vorhanden
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (23)
  14. Fehlende Adminrechte - "Keine ausreichende Berechtigung, um auf Elemente zugreifen zu könnnen."
    Plagegeister aller Art und deren Bekämpfung - 17.11.2010 (55)
  15. Keine Berechtigung Windows 7
    Alles rund um Windows - 14.10.2010 (1)
  16. Updater.exe Infiziert und verschwunden
    Plagegeister aller Art und deren Bekämpfung - 17.05.2009 (0)
  17. plötzlich "keine berechtigung" auf Programme (exe.dateien) aufzurufen
    Plagegeister aller Art und deren Bekämpfung - 10.04.2009 (7)

Zum Thema Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert - Servus und danke vorab für Eure arbeit hier! Heute komme ich leider nicht mehr alleine weiter, ein Freund von mir hat sich was eingefangen, womit ich auch nicht weiter weis. - Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert...
Archiv
Du betrachtest: Systemsteuerung verschwunden / keine Berechtigung, obwohl als Admin angemeldet! iastor.sys infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.