|
Plagegeister aller Art und deren Bekämpfung: Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
21.03.2012, 10:39 | #1 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Hi, hab mir irgendwie n Virus oder sqareware eingefangen. Plötzlich blinkten ein Haufen von Meldungen auf die besagten: Hard drive clusters are partly damaged Windows - Delayed Write Failed Critical Error Dann startet ständig son System-Check angeblich von Windows . außerdem ist mein kompletter Desktop leer und ich komme nicht mehr an meine Daten ran, alles weg. Habe hier schon etwas ähnliches gefunden und bin euer Anweisung zu diesem Problem gefolgt. Sprich ich habe rkill laufen lassen, malwarebytes scannen lassen und TDSS Killer.exe ausgeführt. Nun sind die ganzen Meldungen zwar verschwunden, aber sämtliche Ordner und der Desktop sind noch immer leer. Wenn ich Malwarebytes jetzt scannen lasse findet er auch nicht mehr...ich weiß nicht mehr weiter Könnt ihr mir bitte bitte helfen? das war die Logdatei beim Fund: Geändert von piepmatz (21.03.2012 um 10:56 Uhr) |
21.03.2012, 17:41 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
22.03.2012, 09:06 | #3 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Hab Eset jetzt über Nacht durchlaufen lassen und das ist das Ergebnis:
__________________Malwarebytes zeigte keine Funde, trotzdem ist alles auf dem Rechner weg bzw versteckt.. log dazu: |
22.03.2012, 12:35 | #4 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.Zitat:
Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
22.03.2012, 13:56 | #5 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. so, das ist jetzt das Ergebnis: Code:
ATTFilter OTL logfile created on: 22.03.2012 13:36:33 - Run 10 OTL by OldTimer - Version 3.2.39.1 Folder = C:\Users\Nine\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,77% Memory free 6,23 Gb Paging File | 5,13 Gb Available in Paging File | 82,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 54,32 Gb Free Space | 36,45% Space Free | Partition Type: NTFS Drive D: | 137,33 Gb Total Space | 42,55 Gb Free Space | 30,98% Space Free | Partition Type: NTFS Drive G: | 3,73 Gb Total Space | 2,68 Gb Free Space | 71,77% Space Free | Partition Type: FAT32 Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Nine\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software) PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) PRC - C:\Program Files\SBPaper\paper.exe () PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100) PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe () PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe () PRC - C:\CK Popup Killer\PKILL.EXE (CK Software) ========== Modules (No Company Name) ========== MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\WinRAR\RarExt.dll () MOD - C:\Windows\System32\atitmmxx.dll () MOD - C:\Program Files\SBPaper\paper.exe () ========== Win32 Services (SafeList) ========== SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software) SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG) SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe () ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\Nine\AppData\Local\Temp\catchme.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.) DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0 FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5 FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6 FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0 FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1 FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Mozilla Firefox\components [2012.03.18 13:50:34 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.11.28 08:35:00 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\program files\Mozilla Thunderbird\components [2011.11.08 16:40:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Mozilla Firefox\components [2012.03.18 13:50:34 | 000,000,000 | -H-D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.11.28 08:35:00 | 000,000,000 | -H-D | M] [2011.06.21 19:26:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions [2010.02.10 11:26:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.01.09 15:37:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\postbox@postbox-inc.com [2012.01.11 10:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions [2011.12.25 11:59:03 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.01.10 00:01:51 | 000,000,933 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\11-suche.xml [2012.01.10 00:01:52 | 000,002,419 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\englische-ergebnisse.xml [2012.01.10 00:01:51 | 000,010,525 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\gmx-suche.xml [2012.01.10 00:01:51 | 000,002,457 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\lastminute.xml [2012.01.10 00:01:51 | 000,005,508 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\webde-suche.xml [2010.04.24 09:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.03.10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O1 HOSTS File: ([2011.05.04 11:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [ScottsPaperManager] C:\Program Files\SBPaper\paper.exe () O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Stardock\ObjectDock\ObjectDock.exe (Stardock) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin) O15 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..Trusted Domains: everestpoker.com ([account] https in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{899604F5-EF7C-477D-BCE8-8665CB9B0390}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE83FC1-A859-4511-824F-32EA70FF7493}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.) MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software) MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard) MsConfig - StartUpReg: hpqSRMon - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) SafeBootMin: 88773322.sys - Driver SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: 88773322.sys - Driver SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6446BBBF-7E00-2674-BDC7-DED62B620299} - Microsoft Windows Media Player 11.0 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.21 22:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.21 22:16:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nine\Desktop\esetsmartinstaller_enu.exe [2012.03.21 19:30:49 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\Malwarebytes' Anti-Malware [2012.03.20 19:16:58 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe [2012.03.20 18:43:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine [2012.03.20 18:38:51 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nine\Desktop\tdsskiller.exe [2012.03.20 13:43:21 | 000,000,000 | -H-D | C] -- C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check [2012.03.15 19:39:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP Photo Creations [2012.03.15 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations [2012.02.24 22:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} ========== Files - Modified Within 30 Days ========== [2012.03.22 13:33:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.22 13:33:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 09:28:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.22 01:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 01:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.21 22:15:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nine\Desktop\esetsmartinstaller_enu.exe [2012.03.21 19:28:20 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.21 19:28:20 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.21 19:28:20 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.21 19:28:20 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.21 19:20:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys [2012.03.20 19:16:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe [2012.03.20 18:26:36 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nine\Desktop\tdsskiller.exe [2012.03.20 18:19:20 | 001,008,141 | ---- | M] () -- C:\Users\Nine\Desktop\rkill.com [2012.03.20 13:51:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\lawJN9WIPzleuA [2012.03.20 13:48:08 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuA [2012.03.20 13:48:08 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuAr [2012.03.20 13:43:23 | 000,000,612 | -H-- | M] () -- C:\Users\Nine\Desktop\System Check.lnk [2012.03.19 22:21:01 | 000,164,289 | -H-- | M] () -- C:\Users\Nine\Desktop\1311166303-476.jpg [2012.03.19 22:19:05 | 000,078,727 | -H-- | M] () -- C:\Users\Nine\Desktop\1312539364-905.jpg [2012.03.19 22:04:16 | 000,718,319 | -H-- | M] () -- C:\Users\Nine\Desktop\Sarouel_poche_genoulliere.pdf [2012.03.19 22:04:00 | 000,639,226 | -H-- | M] () -- C:\Users\Nine\Desktop\Sarouel_entrejambes.pdf [2012.03.19 22:00:16 | 000,003,674 | -H-- | M] () -- C:\Users\Nine\Desktop\hose-einfach-abb1.gif [2012.03.17 22:09:11 | 000,203,264 | -H-- | M] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.17 02:00:46 | 553,071,814 | -H-- | M] () -- C:\Users\Nine\Desktop\MVI_7962.AVI [2012.03.15 03:22:53 | 002,195,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.12 10:15:01 | 000,000,903 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.03.11 17:11:56 | 000,178,260 | -H-- | M] () -- C:\Users\Nine\Desktop\gewa1_online.pdf [2012.03.06 22:41:01 | 000,000,680 | -H-- | M] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat ========== Files Created - No Company Name ========== [2012.03.20 18:36:26 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys [2012.03.20 18:20:57 | 001,008,141 | ---- | C] () -- C:\Users\Nine\Desktop\rkill.com [2012.03.20 13:43:24 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~lawJN9WIPzleuA [2012.03.20 13:43:24 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~lawJN9WIPzleuAr [2012.03.20 13:43:23 | 000,000,612 | -H-- | C] () -- C:\Users\Nine\Desktop\System Check.lnk [2012.03.20 13:43:15 | 000,000,448 | -H-- | C] () -- C:\ProgramData\lawJN9WIPzleuA [2012.03.19 22:21:00 | 000,164,289 | -H-- | C] () -- C:\Users\Nine\Desktop\1311166303-476.jpg [2012.03.19 22:19:05 | 000,078,727 | -H-- | C] () -- C:\Users\Nine\Desktop\1312539364-905.jpg [2012.03.19 22:04:16 | 000,718,319 | -H-- | C] () -- C:\Users\Nine\Desktop\Sarouel_poche_genoulliere.pdf [2012.03.19 22:04:00 | 000,639,226 | -H-- | C] () -- C:\Users\Nine\Desktop\Sarouel_entrejambes.pdf [2012.03.19 22:00:16 | 000,003,674 | -H-- | C] () -- C:\Users\Nine\Desktop\hose-einfach-abb1.gif [2012.03.18 20:22:41 | 553,071,814 | -H-- | C] () -- C:\Users\Nine\Desktop\MVI_7962.AVI [2012.03.11 17:11:56 | 000,178,260 | -H-- | C] () -- C:\Users\Nine\Desktop\gewa1_online.pdf [2011.07.06 19:33:51 | 000,000,164 | -H-- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51} [2011.03.07 11:30:56 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini [2010.12.22 00:04:07 | 000,000,092 | -H-- | C] () -- C:\Users\Nine\AppData\Local\fusioncache.dat [2010.10.12 16:59:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2010.10.12 16:59:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2010.08.12 14:51:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.12 14:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.12 14:51:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.12 14:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.12 14:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.08.10 20:30:36 | 000,001,745 | ---- | C] () -- C:\Windows\lsrslt.ini ========== LOP Check ========== [2010.02.25 16:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin [2010.11.07 22:52:30 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo [2010.11.16 11:13:07 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro [2010.01.30 14:53:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\avidemux [2011.10.11 12:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Azureus [2011.09.17 09:46:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Canneverbe Limited [2010.11.16 11:05:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite [2011.07.06 19:32:11 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Degener [2012.03.20 09:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox [2011.04.13 21:47:12 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft [2010.07.26 22:13:17 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.04 09:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Egyh [2011.06.19 13:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla [2011.03.03 08:54:08 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ! [2011.02.10 20:39:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo [2010.08.30 18:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express [2010.12.22 00:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel [2010.04.23 17:58:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\MAXON [2010.10.01 11:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound [2010.08.12 17:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions [2010.05.12 16:25:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org [2010.08.08 19:37:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Opera [2010.02.01 17:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Passware [2010.01.09 15:37:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Postbox [2010.02.13 16:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache [2011.06.19 15:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ScummVM [2011.10.13 09:13:33 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\SharePod [2010.05.31 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter [2012.03.20 00:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\temp [2010.02.10 11:26:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird [2012.02.24 22:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software [2011.06.05 09:07:24 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\uTorrent [2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy [2010.05.25 12:32:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad [2012.03.20 20:21:08 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.03.19 16:41:05 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Adobe [2009.12.13 19:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ahead [2010.02.25 16:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin [2009.12.18 10:45:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Apple Computer [2010.11.07 22:52:30 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo [2010.11.16 11:13:07 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro [2009.12.07 17:59:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ATI [2010.01.30 14:53:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\avidemux [2010.08.11 23:01:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Avira [2011.10.11 12:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Azureus [2011.09.17 09:46:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Canneverbe Limited [2010.11.16 11:05:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite [2011.07.06 19:32:11 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Degener [2010.03.22 20:32:54 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DivX [2010.11.09 13:32:16 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Download Manager [2012.03.20 09:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox [2011.04.13 21:47:12 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft [2010.07.26 22:13:17 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.04 09:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Egyh [2011.06.19 13:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla [2011.03.03 08:54:08 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ! [2011.02.10 20:39:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo [2010.02.04 16:29:04 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\HP [2011.10.28 10:50:23 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Identities [2010.08.30 18:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express [2010.12.22 00:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel [2009.12.17 17:07:00 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\InstallShield [2009.12.07 20:00:50 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Macromedia [2010.08.11 09:11:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Malwarebytes [2010.04.23 17:58:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\MAXON [2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Media Center Programs [2009.12.09 16:45:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Media Player Classic [2010.12.26 22:26:05 | 000,000,000 | --SD | M] -- C:\Users\Nine\AppData\Roaming\Microsoft [2009.12.07 18:20:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Mozilla [2010.10.01 11:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound [2010.09.04 13:35:38 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Nero [2010.08.12 17:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions [2010.05.12 16:25:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org [2010.08.08 19:37:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Opera [2010.02.01 17:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Passware [2010.01.09 15:37:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Postbox [2010.02.13 16:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache [2011.06.19 15:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ScummVM [2011.05.16 21:40:23 | 000,000,000 | RH-D | M] -- C:\Users\Nine\AppData\Roaming\SecuROM [2011.10.13 09:13:33 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\SharePod [2012.01.10 23:55:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Skype [2011.06.13 07:01:14 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\skypePM [2010.05.31 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter [2012.03.20 00:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\temp [2010.02.10 11:26:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird [2012.02.24 22:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software [2011.06.05 09:07:24 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\uTorrent [2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy [2010.05.25 12:32:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad [2009.12.08 00:24:00 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2010.10.04 07:56:04 | 000,310,208 | -H-- | M] (Georgia Institute of Technology) -- C:\Users\Nine\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe [2011.10.11 11:53:17 | 009,077,688 | -H-- | M] (Vuze Inc.) -- C:\Users\Nine\AppData\Roaming\Azureus\tmp\AZU6912415733898544045.tmp\Vuze_4.7.0.0a_win32.exe [2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Uninstall.exe [2010.10.04 08:59:18 | 000,038,208 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.12.26 22:26:05 | 000,010,134 | RH-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe [2010.12.26 22:26:05 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 22:26:05 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 22:26:05 | 000,040,960 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe [2010.12.26 22:26:05 | 000,008,854 | RH-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Nine\AppData\Local\temp\RarSFX1\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Users\Nine\Desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Nine\AppData\Local\temp\RarSFX1\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
22.03.2012, 15:33 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054 IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 FF - prefs.js..browser.search.defaultenginename: "Search Results" FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5 FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q=" FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) [2012.01.10 00:01:51 | 000,000,933 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\11-suche.xml [2012.01.10 00:01:51 | 000,010,525 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\gmx-suche.xml [2012.01.10 00:01:51 | 000,002,457 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\lastminute.xml [2012.01.10 00:01:51 | 000,005,508 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\webde-suche.xml [2010.03.10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found. O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software) SafeBootMin: 88773322.sys - Driver [2012.03.20 13:51:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\lawJN9WIPzleuA [2012.03.20 13:48:08 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuA [2012.03.20 13:48:08 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuAr [2012.03.20 13:43:23 | 000,000,612 | -H-- | M] () -- C:\Users\Nine\Desktop\System Check.lnk [2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. |
22.03.2012, 15:49 | #7 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. hier das logfile: |
22.03.2012, 16:19 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
22.03.2012, 16:28 | #9 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Danke..hier die logdatei: |
22.03.2012, 16:31 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
22.03.2012, 16:39 | #11 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. oh gott, was stimmt da nicht? habe die logdatei so wie sie war aus dem Ordner genommen. kann ich jetzt noch irgendwas retten oder ist der Rechner hin? |
23.03.2012, 20:33 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Nein wiederhol den Scan mit dem TDSS-Killer einfach!
__________________ Logfiles bitte immer in CODE-Tags posten |
23.03.2012, 20:48 | #13 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. hab ich gemacht, jetzt hat er mehr gefunden: Code:
ATTFilter 20:42:53.0884 2032 TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00 20:42:54.0056 2032 ============================================================ 20:42:54.0056 2032 Current date / time: 2012/03/23 20:42:54.0056 20:42:54.0056 2032 SystemInfo: 20:42:54.0056 2032 20:42:54.0056 2032 OS Version: 6.0.6002 ServicePack: 2.0 20:42:54.0056 2032 Product type: Workstation 20:42:54.0056 2032 ComputerName: NINE-PC 20:42:54.0056 2032 UserName: Nine 20:42:54.0056 2032 Windows directory: C:\Windows 20:42:54.0056 2032 System windows directory: C:\Windows 20:42:54.0056 2032 Processor architecture: Intel x86 20:42:54.0056 2032 Number of processors: 2 20:42:54.0056 2032 Page size: 0x1000 20:42:54.0056 2032 Boot type: Normal boot 20:42:54.0056 2032 ============================================================ 20:42:55.0959 2032 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 20:42:55.0959 2032 Drive \Device\Harddisk1\DR4 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:42:55.0959 2032 \Device\Harddisk0\DR0: 20:42:55.0959 2032 MBR used 20:42:55.0959 2032 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00 20:42:55.0990 2032 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08 20:42:55.0990 2032 \Device\Harddisk1\DR4: 20:42:55.0990 2032 MBR used 20:42:55.0990 2032 \Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x28, BlocksNum 0x777FD7 20:42:56.0193 2032 Initialize success 20:42:56.0193 2032 ============================================================ 20:43:20.0248 1240 ============================================================ 20:43:20.0248 1240 Scan started 20:43:20.0248 1240 Mode: Manual; 20:43:20.0248 1240 ============================================================ 20:43:21.0200 1240 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:43:21.0215 1240 ACPI - ok 20:43:21.0387 1240 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 20:43:21.0403 1240 adp94xx - ok 20:43:21.0481 1240 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 20:43:21.0481 1240 adpahci - ok 20:43:21.0590 1240 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 20:43:21.0590 1240 adpu160m - ok 20:43:21.0652 1240 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 20:43:21.0668 1240 adpu320 - ok 20:43:21.0824 1240 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 20:43:21.0839 1240 AeLookupSvc - ok 20:43:21.0964 1240 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:43:21.0964 1240 AFD - ok 20:43:22.0011 1240 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 20:43:22.0027 1240 agp440 - ok 20:43:22.0073 1240 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:43:22.0089 1240 aic78xx - ok 20:43:22.0120 1240 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 20:43:22.0120 1240 ALG - ok 20:43:22.0167 1240 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 20:43:22.0167 1240 aliide - ok 20:43:22.0198 1240 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 20:43:22.0198 1240 amdagp - ok 20:43:22.0229 1240 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 20:43:22.0229 1240 amdide - ok 20:43:22.0339 1240 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 20:43:22.0339 1240 AmdK7 - ok 20:43:22.0385 1240 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 20:43:22.0385 1240 AmdK8 - ok 20:43:22.0651 1240 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:43:22.0666 1240 AntiVirSchedulerService - ok 20:43:22.0744 1240 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:43:22.0744 1240 AntiVirService - ok 20:43:23.0119 1240 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 20:43:23.0119 1240 Appinfo - ok 20:43:23.0368 1240 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 20:43:23.0415 1240 Apple Mobile Device - ok 20:43:23.0711 1240 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 20:43:23.0758 1240 arc - ok 20:43:23.0805 1240 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 20:43:23.0805 1240 arcsas - ok 20:43:23.0914 1240 ASLDRService (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe 20:43:23.0961 1240 ASLDRService - ok 20:43:24.0070 1240 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:43:24.0117 1240 aspnet_state - ok 20:43:24.0335 1240 ASTSRV (0c83fc56707bf68db04947052a8188b1) C:\Windows\system32\ASTSRV.EXE 20:43:24.0351 1240 ASTSRV - ok 20:43:24.0538 1240 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:43:24.0538 1240 AsyncMac - ok 20:43:24.0694 1240 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:43:24.0710 1240 atapi - ok 20:43:24.0991 1240 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys 20:43:25.0022 1240 athr - ok 20:43:25.0256 1240 Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe 20:43:25.0334 1240 Ati External Event Utility - ok 20:43:25.0677 1240 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys 20:43:25.0771 1240 atikmdag - ok 20:43:26.0051 1240 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 20:43:26.0067 1240 atksgt - ok 20:43:26.0192 1240 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:43:26.0254 1240 AudioEndpointBuilder - ok 20:43:26.0285 1240 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:43:26.0285 1240 Audiosrv - ok 20:43:26.0441 1240 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 20:43:26.0473 1240 avgntflt - ok 20:43:26.0535 1240 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 20:43:26.0535 1240 avipbb - ok 20:43:26.0582 1240 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:43:26.0582 1240 Beep - ok 20:43:26.0675 1240 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 20:43:26.0691 1240 BFE - ok 20:43:26.0894 1240 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 20:43:26.0956 1240 BITS - ok 20:43:27.0190 1240 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 20:43:27.0206 1240 blbdrive - ok 20:43:27.0377 1240 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe 20:43:27.0377 1240 Bonjour Service - ok 20:43:27.0830 1240 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:43:27.0845 1240 bowser - ok 20:43:27.0986 1240 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:43:28.0001 1240 BrFiltLo - ok 20:43:28.0048 1240 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:43:28.0048 1240 BrFiltUp - ok 20:43:28.0142 1240 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 20:43:28.0157 1240 Browser - ok 20:43:28.0189 1240 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:43:28.0189 1240 Brserid - ok 20:43:28.0267 1240 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:43:28.0267 1240 BrSerWdm - ok 20:43:28.0313 1240 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:43:28.0313 1240 BrUsbMdm - ok 20:43:28.0329 1240 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:43:28.0345 1240 BrUsbSer - ok 20:43:28.0391 1240 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:43:28.0391 1240 BTHMODEM - ok 20:43:28.0532 1240 catchme - ok 20:43:28.0797 1240 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:43:28.0813 1240 cdfs - ok 20:43:29.0047 1240 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:43:29.0093 1240 cdrom - ok 20:43:29.0140 1240 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 20:43:29.0140 1240 CertPropSvc - ok 20:43:29.0171 1240 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 20:43:29.0171 1240 circlass - ok 20:43:29.0234 1240 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:43:29.0343 1240 CLFS - ok 20:43:29.0515 1240 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:43:29.0546 1240 clr_optimization_v2.0.50727_32 - ok 20:43:29.0608 1240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:43:29.0733 1240 clr_optimization_v4.0.30319_32 - ok 20:43:29.0827 1240 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:43:29.0827 1240 CmBatt - ok 20:43:29.0858 1240 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 20:43:29.0920 1240 cmdide - ok 20:43:29.0998 1240 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:43:29.0998 1240 Compbatt - ok 20:43:30.0014 1240 Scan interrupted by user! 20:43:30.0014 1240 Scan interrupted by user! 20:43:30.0014 1240 Scan interrupted by user! 20:43:30.0014 1240 ============================================================ 20:43:30.0014 1240 Scan finished 20:43:30.0014 1240 ============================================================ 20:43:30.0029 1256 Detected object count: 0 20:43:30.0029 1256 Actual detected object count: 0 20:43:40.0497 4060 ============================================================ 20:43:40.0497 4060 Scan started 20:43:40.0497 4060 Mode: Manual; SigCheck; TDLFS; 20:43:40.0497 4060 ============================================================ 20:43:41.0308 4060 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:43:41.0433 4060 ACPI - ok 20:43:41.0605 4060 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys 20:43:41.0636 4060 adp94xx - ok 20:43:41.0698 4060 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys 20:43:41.0714 4060 adpahci - ok 20:43:41.0776 4060 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys 20:43:41.0776 4060 adpu160m - ok 20:43:41.0823 4060 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys 20:43:41.0839 4060 adpu320 - ok 20:43:41.0948 4060 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll 20:43:42.0104 4060 AeLookupSvc - ok 20:43:42.0369 4060 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:43:42.0509 4060 AFD - ok 20:43:42.0837 4060 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys 20:43:42.0853 4060 agp440 - ok 20:43:43.0071 4060 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:43:43.0087 4060 aic78xx - ok 20:43:43.0180 4060 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe 20:43:43.0383 4060 ALG - ok 20:43:43.0726 4060 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys 20:43:43.0742 4060 aliide - ok 20:43:43.0789 4060 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys 20:43:43.0804 4060 amdagp - ok 20:43:43.0835 4060 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys 20:43:43.0851 4060 amdide - ok 20:43:43.0882 4060 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys 20:43:43.0960 4060 AmdK7 - ok 20:43:44.0007 4060 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys 20:43:44.0085 4060 AmdK8 - ok 20:43:44.0303 4060 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe 20:43:44.0335 4060 AntiVirSchedulerService - ok 20:43:44.0350 4060 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 20:43:44.0366 4060 AntiVirService - ok 20:43:44.0553 4060 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll 20:43:44.0771 4060 Appinfo - ok 20:43:44.0927 4060 Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 20:43:44.0943 4060 Apple Mobile Device - ok 20:43:45.0302 4060 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys 20:43:45.0317 4060 arc - ok 20:43:45.0442 4060 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys 20:43:45.0442 4060 arcsas - ok 20:43:45.0739 4060 ASLDRService (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe 20:43:45.0770 4060 ASLDRService ( UnsignedFile.Multi.Generic ) - warning 20:43:45.0770 4060 ASLDRService - detected UnsignedFile.Multi.Generic (1) 20:43:45.0957 4060 aspnet_state (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 20:43:45.0973 4060 aspnet_state - ok 20:43:46.0363 4060 ASTSRV (0c83fc56707bf68db04947052a8188b1) C:\Windows\system32\ASTSRV.EXE 20:43:46.0378 4060 ASTSRV ( UnsignedFile.Multi.Generic ) - warning 20:43:46.0378 4060 ASTSRV - detected UnsignedFile.Multi.Generic (1) 20:43:46.0628 4060 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:43:46.0675 4060 AsyncMac - ok 20:43:46.0971 4060 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:43:46.0987 4060 atapi - ok 20:43:47.0361 4060 athr (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys 20:43:47.0501 4060 athr - ok 20:43:47.0923 4060 Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe 20:43:48.0047 4060 Ati External Event Utility - ok 20:43:48.0469 4060 atikmdag (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys 20:43:49.0233 4060 atikmdag - ok 20:43:49.0592 4060 atksgt (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys 20:43:49.0841 4060 atksgt - ok 20:43:50.0091 4060 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:43:50.0138 4060 AudioEndpointBuilder - ok 20:43:50.0247 4060 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll 20:43:50.0278 4060 Audiosrv - ok 20:43:50.0575 4060 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 20:43:50.0606 4060 avgntflt - ok 20:43:50.0715 4060 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 20:43:50.0731 4060 avipbb - ok 20:43:50.0777 4060 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:43:50.0918 4060 Beep - ok 20:43:51.0074 4060 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll 20:43:51.0152 4060 BFE - ok 20:43:51.0620 4060 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll 20:43:51.0698 4060 BITS - ok 20:43:51.0838 4060 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys 20:43:51.0947 4060 blbdrive - ok 20:43:52.0150 4060 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe 20:43:52.0166 4060 Bonjour Service - ok 20:43:52.0571 4060 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:43:52.0649 4060 bowser - ok 20:43:53.0024 4060 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:43:53.0055 4060 BrFiltLo - ok 20:43:53.0383 4060 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:43:53.0476 4060 BrFiltUp - ok 20:43:53.0663 4060 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll 20:43:53.0773 4060 Browser - ok 20:43:53.0991 4060 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:43:54.0225 4060 Brserid - ok 20:43:54.0475 4060 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:43:54.0553 4060 BrSerWdm - ok 20:43:54.0833 4060 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:43:54.0943 4060 BrUsbMdm - ok 20:43:55.0301 4060 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:43:55.0395 4060 BrUsbSer - ok 20:43:55.0567 4060 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:43:55.0691 4060 BTHMODEM - ok 20:43:55.0832 4060 catchme - ok 20:43:56.0206 4060 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:43:56.0300 4060 cdfs - ok 20:43:56.0565 4060 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:43:56.0643 4060 cdrom - ok 20:43:56.0830 4060 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 20:43:56.0924 4060 CertPropSvc - ok 20:43:57.0236 4060 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys 20:43:57.0283 4060 circlass - ok 20:43:57.0517 4060 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:43:57.0548 4060 CLFS - ok 20:43:57.0704 4060 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:43:57.0719 4060 clr_optimization_v2.0.50727_32 - ok 20:43:57.0844 4060 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:43:57.0860 4060 clr_optimization_v4.0.30319_32 - ok 20:43:58.0297 4060 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:43:58.0359 4060 CmBatt - ok 20:43:58.0499 4060 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys 20:43:58.0515 4060 cmdide - ok 20:43:58.0624 4060 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:43:58.0640 4060 Compbatt - ok 20:43:58.0718 4060 COMSysApp - ok 20:43:58.0733 4060 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys 20:43:58.0749 4060 crcdisk - ok 20:43:58.0765 4060 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys 20:43:58.0827 4060 Crusoe - ok 20:43:59.0030 4060 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll 20:43:59.0123 4060 CryptSvc - ok 20:43:59.0404 4060 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 20:43:59.0482 4060 DcomLaunch - ok 20:43:59.0685 4060 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 20:43:59.0794 4060 DfsC - ok 20:44:00.0137 4060 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe 20:44:00.0371 4060 DFSR - ok 20:44:00.0621 4060 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll 20:44:00.0683 4060 Dhcp - ok 20:44:00.0793 4060 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 20:44:00.0808 4060 disk - ok 20:44:00.0902 4060 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll 20:44:00.0995 4060 Dnscache - ok 20:44:01.0058 4060 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll 20:44:01.0073 4060 dot3svc - ok 20:44:01.0136 4060 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys 20:44:01.0214 4060 Dot4 - ok 20:44:01.0292 4060 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys 20:44:01.0339 4060 Dot4Print - ok 20:44:01.0432 4060 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys 20:44:01.0526 4060 dot4usb - ok 20:44:01.0651 4060 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll 20:44:01.0744 4060 DPS - ok 20:44:01.0869 4060 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:44:01.0947 4060 drmkaud - ok 20:44:02.0056 4060 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 20:44:02.0165 4060 DXGKrnl - ok 20:44:02.0431 4060 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:44:02.0524 4060 E1G60 - ok 20:44:02.0883 4060 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll 20:44:02.0961 4060 EapHost - ok 20:44:03.0304 4060 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 20:44:03.0320 4060 Ecache - ok 20:44:03.0507 4060 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe 20:44:03.0601 4060 ehRecvr - ok 20:44:03.0663 4060 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe 20:44:03.0788 4060 ehSched - ok 20:44:03.0803 4060 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll 20:44:03.0835 4060 ehstart - ok 20:44:03.0928 4060 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys 20:44:03.0991 4060 elxstor - ok 20:44:04.0178 4060 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll 20:44:04.0303 4060 EMDMgmt - ok 20:44:04.0646 4060 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys 20:44:04.0724 4060 ErrDev - ok 20:44:04.0833 4060 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll 20:44:04.0880 4060 EventSystem - ok 20:44:05.0005 4060 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 20:44:05.0129 4060 exfat - ok 20:44:05.0239 4060 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 20:44:05.0301 4060 fastfat - ok 20:44:05.0332 4060 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys 20:44:05.0395 4060 fdc - ok 20:44:05.0582 4060 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll 20:44:05.0629 4060 fdPHost - ok 20:44:05.0675 4060 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll 20:44:05.0800 4060 FDResPub - ok 20:44:06.0221 4060 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:44:06.0253 4060 FileInfo - ok 20:44:06.0487 4060 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:44:06.0565 4060 Filetrace - ok 20:44:06.0689 4060 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 20:44:06.0908 4060 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning 20:44:06.0908 4060 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1) 20:44:07.0220 4060 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 20:44:07.0313 4060 flpydisk - ok 20:44:07.0469 4060 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 20:44:07.0485 4060 FltMgr - ok 20:44:07.0735 4060 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll 20:44:07.0875 4060 FontCache - ok 20:44:08.0109 4060 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 20:44:08.0140 4060 FontCache3.0.0.0 - ok 20:44:08.0359 4060 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 20:44:08.0437 4060 Fs_Rec - ok 20:44:08.0702 4060 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys 20:44:08.0717 4060 gagp30kx - ok 20:44:09.0029 4060 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:44:09.0061 4060 GEARAspiWDM - ok 20:44:09.0404 4060 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll 20:44:09.0560 4060 gpsvc - ok 20:44:09.0778 4060 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:44:09.0825 4060 gupdate - ok 20:44:09.0872 4060 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 20:44:09.0887 4060 gupdatem - ok 20:44:10.0043 4060 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys 20:44:10.0215 4060 HdAudAddService - ok 20:44:10.0496 4060 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:44:10.0730 4060 HDAudBus - ok 20:44:10.0917 4060 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:44:10.0995 4060 HidBth - ok 20:44:11.0198 4060 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 20:44:11.0291 4060 HidIr - ok 20:44:11.0510 4060 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll 20:44:11.0541 4060 hidserv - ok 20:44:11.0619 4060 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 20:44:11.0666 4060 HidUsb - ok 20:44:11.0853 4060 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll 20:44:11.0915 4060 hkmsvc - ok 20:44:12.0118 4060 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys 20:44:12.0149 4060 HpCISSs - ok 20:44:12.0274 4060 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 20:44:12.0368 4060 HTTP - ok 20:44:12.0711 4060 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys 20:44:12.0727 4060 i2omp - ok 20:44:12.0992 4060 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:44:13.0023 4060 i8042prt - ok 20:44:13.0569 4060 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys 20:44:13.0631 4060 iaStorV - ok 20:44:13.0865 4060 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 20:44:14.0068 4060 idsvc - ok 20:44:14.0224 4060 IGDCTRL (506801c7d47be8cd1cf342bf28eb17ec) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE 20:44:14.0240 4060 IGDCTRL - ok 20:44:14.0443 4060 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:44:14.0458 4060 iirsp - ok 20:44:14.0536 4060 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll 20:44:14.0599 4060 IKEEXT - ok 20:44:14.0973 4060 IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys 20:44:15.0160 4060 IntcAzAudAddService - ok 20:44:15.0488 4060 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 20:44:15.0519 4060 intelide - ok 20:44:15.0800 4060 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 20:44:15.0909 4060 intelppm - ok 20:44:16.0112 4060 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll 20:44:16.0174 4060 IPBusEnum - ok 20:44:16.0361 4060 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:44:16.0424 4060 IpFilterDriver - ok 20:44:16.0549 4060 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll 20:44:16.0611 4060 iphlpsvc - ok 20:44:16.0829 4060 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys 20:44:16.0892 4060 IPMIDRV - ok 20:44:17.0017 4060 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:44:17.0063 4060 IPNAT - ok 20:44:17.0297 4060 iPod Service (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe 20:44:17.0438 4060 iPod Service - ok 20:44:17.0719 4060 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:44:17.0765 4060 IRENUM - ok 20:44:17.0968 4060 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys 20:44:17.0984 4060 isapnp - ok 20:44:18.0311 4060 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 20:44:18.0389 4060 iScsiPrt - ok 20:44:18.0592 4060 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:44:18.0608 4060 iteatapi - ok 20:44:18.0779 4060 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:44:18.0795 4060 iteraid - ok 20:44:18.0967 4060 ivusb (67390c4565772d4bfa996c40d8319954) C:\Windows\system32\DRIVERS\ivusb.sys 20:44:18.0967 4060 ivusb - ok 20:44:19.0107 4060 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:44:19.0107 4060 kbdclass - ok 20:44:19.0216 4060 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 20:44:19.0263 4060 kbdhid - ok 20:44:19.0559 4060 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:44:19.0591 4060 KeyIso - ok 20:44:19.0996 4060 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys 20:44:20.0027 4060 KSecDD - ok 20:44:20.0433 4060 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll 20:44:20.0589 4060 KtmRm - ok 20:44:20.0854 4060 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll 20:44:20.0932 4060 LanmanServer - ok 20:44:21.0041 4060 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll 20:44:21.0104 4060 LanmanWorkstation - ok 20:44:21.0229 4060 lirsgt (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys 20:44:21.0244 4060 lirsgt - ok 20:44:21.0400 4060 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:44:21.0447 4060 lltdio - ok 20:44:21.0650 4060 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll 20:44:21.0743 4060 lltdsvc - ok 20:44:21.0868 4060 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll 20:44:21.0946 4060 lmhosts - ok 20:44:22.0118 4060 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys 20:44:22.0133 4060 LSI_FC - ok 20:44:22.0445 4060 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys 20:44:22.0492 4060 LSI_SAS - ok 20:44:22.0742 4060 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys 20:44:22.0773 4060 LSI_SCSI - ok 20:44:22.0929 4060 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:44:23.0038 4060 luafv - ok 20:44:23.0272 4060 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys 20:44:23.0288 4060 MBAMProtector - ok 20:44:23.0413 4060 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 20:44:23.0459 4060 MBAMService - ok 20:44:23.0678 4060 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll 20:44:23.0709 4060 Mcx2Svc - ok 20:44:23.0865 4060 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys 20:44:23.0881 4060 megasas - ok 20:44:24.0083 4060 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys 20:44:24.0177 4060 MegaSR - ok 20:44:24.0520 4060 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 20:44:24.0614 4060 MMCSS - ok 20:44:24.0832 4060 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:44:24.0910 4060 Modem - ok 20:44:25.0207 4060 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:44:25.0285 4060 monitor - ok 20:44:25.0581 4060 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:44:25.0612 4060 mouclass - ok 20:44:25.0877 4060 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:44:25.0971 4060 mouhid - ok 20:44:26.0096 4060 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:44:26.0174 4060 MountMgr - ok 20:44:26.0267 4060 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys 20:44:26.0283 4060 mpio - ok 20:44:26.0470 4060 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:44:26.0501 4060 mpsdrv - ok 20:44:26.0642 4060 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll 20:44:26.0704 4060 MpsSvc - ok 20:44:26.0985 4060 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:44:27.0001 4060 Mraid35x - ok 20:44:27.0047 4060 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 20:44:27.0094 4060 MRxDAV - ok 20:44:27.0125 4060 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:44:27.0157 4060 mrxsmb - ok 20:44:27.0203 4060 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:44:27.0235 4060 mrxsmb10 - ok 20:44:27.0266 4060 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:44:27.0359 4060 mrxsmb20 - ok 20:44:27.0406 4060 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys 20:44:27.0469 4060 msahci - ok 20:44:27.0500 4060 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys 20:44:27.0515 4060 msdsm - ok 20:44:27.0562 4060 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe 20:44:27.0609 4060 MSDTC - ok 20:44:27.0640 4060 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:44:27.0671 4060 Msfs - ok 20:44:27.0718 4060 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:44:27.0749 4060 msisadrv - ok 20:44:27.0952 4060 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll 20:44:28.0061 4060 MSiSCSI - ok 20:44:28.0171 4060 msiserver - ok 20:44:28.0389 4060 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:44:28.0451 4060 MSKSSRV - ok 20:44:28.0545 4060 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:44:28.0639 4060 MSPCLOCK - ok 20:44:28.0888 4060 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:44:28.0935 4060 MSPQM - ok 20:44:29.0153 4060 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 20:44:29.0169 4060 MsRPC - ok 20:44:29.0294 4060 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:44:29.0309 4060 mssmbios - ok 20:44:29.0372 4060 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:44:29.0419 4060 MSTEE - ok 20:44:29.0621 4060 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys 20:44:29.0668 4060 MTsensor - ok 20:44:29.0933 4060 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 20:44:29.0965 4060 Mup - ok 20:44:30.0167 4060 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll 20:44:30.0245 4060 napagent - ok 20:44:30.0541 4060 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 20:44:30.0603 4060 NativeWifiP - ok 20:44:30.0993 4060 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 20:44:31.0040 4060 NDIS - ok 20:44:31.0337 4060 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:44:31.0399 4060 NdisTapi - ok 20:44:31.0602 4060 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:44:31.0664 4060 Ndisuio - ok 20:44:31.0789 4060 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:44:31.0836 4060 NdisWan - ok 20:44:32.0007 4060 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:44:32.0039 4060 NDProxy - ok 20:44:32.0117 4060 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll 20:44:32.0148 4060 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:44:32.0148 4060 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:44:32.0226 4060 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:44:32.0288 4060 NetBIOS - ok 20:44:32.0553 4060 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 20:44:32.0585 4060 netbt - ok 20:44:32.0897 4060 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:44:32.0912 4060 Netlogon - ok 20:44:33.0053 4060 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll 20:44:33.0115 4060 Netman - ok 20:44:33.0162 4060 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll 20:44:33.0255 4060 netprofm - ok 20:44:33.0365 4060 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:44:33.0380 4060 NetTcpPortSharing - ok 20:44:33.0552 4060 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:44:33.0567 4060 nfrd960 - ok 20:44:33.0786 4060 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll 20:44:33.0864 4060 NlaSvc - ok 20:44:34.0020 4060 NMIndexingService - ok 20:44:34.0316 4060 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 20:44:34.0379 4060 Npfs - ok 20:44:34.0566 4060 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll 20:44:34.0644 4060 nsi - ok 20:44:34.0800 4060 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:44:34.0862 4060 nsiproxy - ok 20:44:35.0268 4060 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 20:44:35.0393 4060 Ntfs - ok 20:44:35.0642 4060 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:44:35.0736 4060 ntrigdigi - ok 20:44:35.0767 4060 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:44:35.0829 4060 Null - ok 20:44:35.0861 4060 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys 20:44:35.0876 4060 nvraid - ok 20:44:35.0907 4060 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys 20:44:35.0954 4060 nvstor - ok 20:44:36.0001 4060 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys 20:44:36.0017 4060 nv_agp - ok 20:44:36.0110 4060 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys 20:44:36.0157 4060 ohci1394 - ok 20:44:36.0344 4060 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:44:36.0500 4060 p2pimsvc - ok 20:44:36.0750 4060 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:44:36.0797 4060 p2psvc - ok 20:44:37.0046 4060 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:44:37.0140 4060 Parport - ok 20:44:37.0389 4060 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 20:44:37.0405 4060 partmgr - ok 20:44:37.0561 4060 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:44:37.0655 4060 Parvdm - ok 20:44:37.0982 4060 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll 20:44:38.0076 4060 PcaSvc - ok 20:44:38.0325 4060 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 20:44:38.0341 4060 pci - ok 20:44:38.0856 4060 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 20:44:38.0903 4060 pciide - ok 20:44:39.0277 4060 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:44:39.0339 4060 pcmcia - ok 20:44:39.0698 4060 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:44:40.0010 4060 PEAUTH - ok 20:44:40.0275 4060 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll 20:44:40.0385 4060 pla - ok 20:44:40.0541 4060 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll 20:44:40.0603 4060 PlugPlay - ok 20:44:40.0712 4060 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll 20:44:40.0775 4060 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 20:44:40.0775 4060 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 20:44:40.0821 4060 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:44:40.0868 4060 PNRPAutoReg - ok 20:44:40.0899 4060 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll 20:44:40.0977 4060 PNRPsvc - ok 20:44:41.0165 4060 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll 20:44:41.0289 4060 PolicyAgent - ok 20:44:41.0399 4060 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:44:41.0477 4060 PptpMiniport - ok 20:44:41.0555 4060 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys 20:44:41.0664 4060 Processor - ok 20:44:41.0851 4060 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll 20:44:41.0945 4060 ProfSvc - ok 20:44:42.0085 4060 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:44:42.0101 4060 ProtectedStorage - ok 20:44:42.0272 4060 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 20:44:42.0335 4060 PSched - ok 20:44:42.0615 4060 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys 20:44:42.0974 4060 ql2300 - ok 20:44:43.0208 4060 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:44:43.0286 4060 ql40xx - ok 20:44:43.0380 4060 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll 20:44:43.0411 4060 QWAVE - ok 20:44:43.0442 4060 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:44:43.0458 4060 QWAVEdrv - ok 20:44:43.0489 4060 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:44:43.0536 4060 RasAcd - ok 20:44:43.0614 4060 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll 20:44:43.0707 4060 RasAuto - ok 20:44:43.0785 4060 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:44:43.0817 4060 Rasl2tp - ok 20:44:44.0175 4060 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll 20:44:44.0238 4060 RasMan - ok 20:44:44.0409 4060 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 20:44:44.0503 4060 RasPppoe - ok 20:44:44.0706 4060 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 20:44:44.0721 4060 RasSstp - ok 20:44:45.0065 4060 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 20:44:45.0330 4060 rdbss - ok 20:44:45.0829 4060 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:44:45.0891 4060 RDPCDD - ok 20:44:46.0094 4060 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys 20:44:46.0141 4060 rdpdr - ok 20:44:46.0297 4060 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:44:46.0359 4060 RDPENCDD - ok 20:44:46.0671 4060 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys 20:44:46.0765 4060 RDPWD - ok 20:44:46.0952 4060 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll 20:44:47.0015 4060 RemoteAccess - ok 20:44:47.0217 4060 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll 20:44:47.0264 4060 RemoteRegistry - ok 20:44:47.0498 4060 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe 20:44:47.0623 4060 RpcLocator - ok 20:44:47.0857 4060 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll 20:44:47.0935 4060 RpcSs - ok 20:44:48.0185 4060 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:44:48.0309 4060 rspndr - ok 20:44:48.0575 4060 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe 20:44:48.0590 4060 SamSs - ok 20:44:48.0918 4060 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:44:48.0949 4060 sbp2port - ok 20:44:49.0058 4060 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll 20:44:49.0105 4060 SCardSvr - ok 20:44:49.0417 4060 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll 20:44:49.0604 4060 Schedule - ok 20:44:49.0979 4060 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll 20:44:50.0010 4060 SCPolicySvc - ok 20:44:50.0369 4060 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys 20:44:50.0447 4060 sdbus - ok 20:44:50.0571 4060 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll 20:44:50.0618 4060 SDRSVC - ok 20:44:50.0821 4060 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:44:50.0915 4060 secdrv - ok 20:44:50.0993 4060 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll 20:44:51.0086 4060 seclogon - ok 20:44:51.0180 4060 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll 20:44:51.0227 4060 SENS - ok 20:44:51.0414 4060 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:44:51.0570 4060 Serenum - ok 20:44:51.0913 4060 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:44:52.0022 4060 Serial - ok 20:44:52.0443 4060 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:44:52.0537 4060 sermouse - ok 20:44:52.0927 4060 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll 20:44:52.0974 4060 SessionEnv - ok 20:44:53.0333 4060 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys 20:44:53.0395 4060 sffdisk - ok 20:44:53.0613 4060 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys 20:44:53.0676 4060 sffp_mmc - ok 20:44:53.0832 4060 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys 20:44:53.0910 4060 sffp_sd - ok 20:44:53.0941 4060 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys 20:44:54.0019 4060 sfloppy - ok 20:44:54.0191 4060 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll 20:44:54.0269 4060 SharedAccess - ok 20:44:54.0503 4060 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll 20:44:54.0596 4060 ShellHWDetection - ok 20:44:54.0783 4060 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys 20:44:54.0799 4060 sisagp - ok 20:44:54.0893 4060 SiSGbeLH (f7da61bd62a16510227656c3477e2b52) C:\Windows\system32\DRIVERS\SiSGB6.sys 20:44:54.0924 4060 SiSGbeLH - ok 20:44:54.0971 4060 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys 20:44:54.0986 4060 SiSRaid2 - ok 20:44:55.0017 4060 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys 20:44:55.0049 4060 SiSRaid4 - ok 20:44:55.0345 4060 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe 20:44:55.0704 4060 slsvc - ok 20:44:55.0938 4060 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll 20:44:56.0016 4060 SLUINotify - ok 20:44:56.0328 4060 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 20:44:56.0421 4060 Smb - ok 20:44:56.0843 4060 smserial (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys 20:44:57.0186 4060 smserial - ok 20:44:57.0373 4060 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe 20:44:57.0420 4060 SNMPTRAP - ok 20:44:57.0545 4060 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:44:57.0576 4060 spldr - ok 20:44:57.0716 4060 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe 20:44:57.0763 4060 Spooler - ok 20:44:58.0028 4060 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 20:44:58.0106 4060 srv - ok 20:44:58.0356 4060 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 20:44:58.0418 4060 srv2 - ok 20:44:58.0699 4060 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 20:44:58.0793 4060 srvnet - ok 20:44:59.0073 4060 sscdbus (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys 20:44:59.0167 4060 sscdbus - ok 20:44:59.0276 4060 sscdmdfl (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys 20:44:59.0339 4060 sscdmdfl - ok 20:44:59.0432 4060 sscdmdm (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys 20:44:59.0479 4060 sscdmdm - ok 20:44:59.0697 4060 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll 20:44:59.0838 4060 SSDPSRV - ok 20:44:59.0963 4060 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 20:44:59.0978 4060 ssmdrv - ok 20:45:00.0103 4060 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll 20:45:00.0150 4060 SstpSvc - ok 20:45:00.0477 4060 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll 20:45:00.0680 4060 stisvc - ok 20:45:01.0070 4060 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:45:01.0086 4060 swenum - ok 20:45:01.0289 4060 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll 20:45:01.0367 4060 swprv - ok 20:45:01.0866 4060 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:45:01.0881 4060 Symc8xx - ok 20:45:02.0256 4060 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:45:02.0287 4060 Sym_hi - ok 20:45:02.0459 4060 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:45:02.0490 4060 Sym_u3 - ok 20:45:02.0615 4060 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll 20:45:02.0755 4060 SysMain - ok 20:45:03.0223 4060 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll 20:45:03.0301 4060 TabletInputService - ok 20:45:03.0535 4060 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll 20:45:03.0613 4060 TapiSrv - ok 20:45:03.0785 4060 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll 20:45:03.0831 4060 TBS - ok 20:45:04.0487 4060 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys 20:45:04.0565 4060 Tcpip - ok 20:45:04.0861 4060 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys 20:45:04.0955 4060 Tcpip6 - ok 20:45:05.0173 4060 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 20:45:05.0220 4060 tcpipreg - ok 20:45:05.0329 4060 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:45:05.0360 4060 TDPIPE - ok 20:45:05.0423 4060 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:45:05.0501 4060 TDTCP - ok 20:45:05.0625 4060 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 20:45:05.0719 4060 tdx - ok 20:45:05.0828 4060 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 20:45:05.0844 4060 TermDD - ok 20:45:05.0937 4060 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll 20:45:06.0015 4060 TermService - ok 20:45:06.0218 4060 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll 20:45:06.0234 4060 Themes - ok 20:45:06.0390 4060 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll 20:45:06.0421 4060 THREADORDER - ok 20:45:06.0639 4060 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll 20:45:06.0702 4060 TrkWks - ok 20:45:06.0811 4060 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe 20:45:06.0858 4060 TrustedInstaller - ok 20:45:06.0951 4060 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:45:07.0092 4060 tssecsrv - ok 20:45:07.0341 4060 TuneUp.Defrag (4196d7bc21786883201747dcc0dc84a0) C:\Windows\System32\TuneUpDefragService.exe 20:45:07.0451 4060 TuneUp.Defrag - ok 20:45:07.0638 4060 TuneUp.ProgramStatisticsSvc (02e5f68a55cd413c5bfb9f2df677dd01) C:\Windows\System32\TUProgSt.exe 20:45:07.0700 4060 TuneUp.ProgramStatisticsSvc - ok 20:45:07.0841 4060 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:45:07.0887 4060 tunmp - ok 20:45:08.0028 4060 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 20:45:08.0090 4060 tunnel - ok 20:45:08.0168 4060 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys 20:45:08.0215 4060 uagp35 - ok 20:45:08.0262 4060 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 20:45:08.0293 4060 udfs - ok 20:45:08.0355 4060 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe 20:45:08.0449 4060 UI0Detect - ok 20:45:08.0527 4060 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys 20:45:08.0605 4060 uliagpkx - ok 20:45:08.0683 4060 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys 20:45:08.0730 4060 uliahci - ok 20:45:08.0777 4060 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:45:08.0792 4060 UlSata - ok 20:45:08.0823 4060 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:45:08.0933 4060 ulsata2 - ok 20:45:08.0964 4060 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:45:09.0026 4060 umbus - ok 20:45:09.0089 4060 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll 20:45:09.0167 4060 upnphost - ok 20:45:09.0323 4060 UPnPService (d4531b9b73b990dc53b4a765e3bd070a) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe 20:45:09.0510 4060 UPnPService ( UnsignedFile.Multi.Generic ) - warning 20:45:09.0510 4060 UPnPService - detected UnsignedFile.Multi.Generic (1) 20:45:09.0713 4060 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys 20:45:09.0775 4060 USBAAPL - ok 20:45:09.0915 4060 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 20:45:09.0993 4060 usbccgp - ok 20:45:10.0040 4060 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:45:10.0134 4060 usbcir - ok 20:45:10.0368 4060 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 20:45:10.0415 4060 usbehci - ok 20:45:10.0571 4060 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 20:45:10.0617 4060 usbhub - ok 20:45:10.0680 4060 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 20:45:10.0711 4060 usbohci - ok 20:45:10.0789 4060 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 20:45:10.0898 4060 usbprint - ok 20:45:10.0992 4060 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 20:45:11.0070 4060 usbscan - ok 20:45:11.0132 4060 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:45:11.0226 4060 USBSTOR - ok 20:45:11.0257 4060 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 20:45:11.0304 4060 usbuhci - ok 20:45:11.0335 4060 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 20:45:11.0382 4060 usbvideo - ok 20:45:11.0538 4060 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll 20:45:11.0631 4060 UxSms - ok 20:45:11.0834 4060 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe 20:45:11.0943 4060 vds - ok 20:45:12.0053 4060 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys 20:45:12.0146 4060 vga - ok 20:45:12.0177 4060 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:45:12.0224 4060 VgaSave - ok 20:45:12.0240 4060 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys 20:45:12.0255 4060 viaagp - ok 20:45:12.0271 4060 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys 20:45:12.0333 4060 ViaC7 - ok 20:45:12.0365 4060 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys 20:45:12.0427 4060 viaide - ok 20:45:12.0489 4060 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:45:12.0505 4060 volmgr - ok 20:45:12.0583 4060 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 20:45:12.0630 4060 volmgrx - ok 20:45:12.0801 4060 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 20:45:12.0833 4060 volsnap - ok 20:45:12.0989 4060 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys 20:45:13.0020 4060 vsmraid - ok 20:45:13.0238 4060 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe 20:45:13.0410 4060 VSS - ok 20:45:13.0472 4060 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll 20:45:13.0550 4060 W32Time - ok 20:45:13.0628 4060 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:45:13.0722 4060 WacomPen - ok 20:45:13.0784 4060 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:45:13.0815 4060 Wanarp - ok 20:45:13.0831 4060 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:45:13.0862 4060 Wanarpv6 - ok 20:45:13.0987 4060 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll 20:45:14.0081 4060 wcncsvc - ok 20:45:14.0346 4060 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll 20:45:14.0424 4060 WcsPlugInService - ok 20:45:14.0595 4060 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys 20:45:14.0611 4060 Wd - ok 20:45:14.0814 4060 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 20:45:14.0892 4060 Wdf01000 - ok 20:45:14.0970 4060 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 20:45:15.0063 4060 WdiServiceHost - ok 20:45:15.0110 4060 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll 20:45:15.0157 4060 WdiSystemHost - ok 20:45:15.0344 4060 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll 20:45:15.0391 4060 WebClient - ok 20:45:15.0641 4060 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll 20:45:15.0703 4060 Wecsvc - ok 20:45:15.0828 4060 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll 20:45:15.0875 4060 wercplsupport - ok 20:45:16.0109 4060 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll 20:45:16.0140 4060 WerSvc - ok 20:45:16.0296 4060 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll 20:45:16.0327 4060 WinDefend - ok 20:45:16.0327 4060 WinHttpAutoProxySvc - ok 20:45:16.0592 4060 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll 20:45:16.0623 4060 Winmgmt - ok 20:45:17.0060 4060 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll 20:45:17.0185 4060 WinRM - ok 20:45:17.0279 4060 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll 20:45:17.0435 4060 Wlansvc - ok 20:45:17.0715 4060 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:45:17.0793 4060 WmiAcpi - ok 20:45:17.0965 4060 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe 20:45:18.0012 4060 wmiApSrv - ok 20:45:18.0152 4060 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe 20:45:18.0339 4060 WMPNetworkSvc - ok 20:45:18.0433 4060 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll 20:45:18.0527 4060 WPCSvc - ok 20:45:18.0901 4060 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll 20:45:18.0979 4060 WPDBusEnum - ok 20:45:19.0104 4060 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 20:45:19.0182 4060 WpdUsb - ok 20:45:19.0603 4060 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 20:45:19.0712 4060 WPFFontCache_v0400 - ok 20:45:19.0962 4060 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:45:20.0071 4060 ws2ifsl - ok 20:45:20.0180 4060 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll 20:45:20.0196 4060 wscsvc - ok 20:45:20.0211 4060 WSearch - ok 20:45:20.0570 4060 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll 20:45:20.0913 4060 wuauserv - ok 20:45:21.0085 4060 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:45:21.0179 4060 WUDFRd - ok 20:45:21.0319 4060 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll 20:45:21.0366 4060 wudfsvc - ok 20:45:21.0475 4060 yukonwlh (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys 20:45:21.0584 4060 yukonwlh - ok 20:45:21.0600 4060 MBR (0x1B8) (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0 20:45:21.0756 4060 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 20:45:21.0756 4060 \Device\Harddisk0\DR0 - detected TDSS File System (1) 20:45:21.0771 4060 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4 20:45:24.0673 4060 \Device\Harddisk1\DR4 - ok 20:45:24.0704 4060 Boot (0x1200) (77747511e96e7e2a35f498d25bd6a3f6) \Device\Harddisk0\DR0\Partition0 20:45:24.0720 4060 \Device\Harddisk0\DR0\Partition0 - ok 20:45:24.0751 4060 Boot (0x1200) (bb38b48b16f28b4fb72578c1a3a97c4d) \Device\Harddisk0\DR0\Partition1 20:45:24.0767 4060 \Device\Harddisk0\DR0\Partition1 - ok 20:45:24.0767 4060 Boot (0x1200) (2838daf1a414f42466cfc138277a4fde) \Device\Harddisk1\DR4\Partition0 20:45:24.0767 4060 \Device\Harddisk1\DR4\Partition0 - ok 20:45:24.0767 4060 ============================================================ 20:45:24.0767 4060 Scan finished 20:45:24.0767 4060 ============================================================ 20:45:24.0798 3028 Detected object count: 7 20:45:24.0798 3028 Actual detected object count: 7 |
23.03.2012, 21:59 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
23.03.2012, 22:48 | #15 |
| Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. oh toll, meine daten sind wieder da...danke danke danke hier die datei dazu: |
Themen zu Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. |
anweisung, bli, blink, daten, desktop, desktop leer, drive, fehlermeldungen, gen, haufen, laufen, leer, logdatei, malwarebytes, meldungen, nicht mehr, ordner, problem, scan, scanne, scannen, sämtliche, tdss, verschwunden, virus, ähnliches |