Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.

piepmatz · 21.03.2012, 10:39

Hi,
hab mir irgendwie n Virus oder sqareware eingefangen.
Plötzlich blinkten ein Haufen von Meldungen auf die besagten:

Hard drive clusters are partly damaged
Windows - Delayed Write Failed
Critical Error

Dann startet ständig son System-Check angeblich von Windows .

außerdem ist mein kompletter Desktop leer und ich komme nicht mehr an meine Daten ran, alles weg.
Habe hier schon etwas ähnliches gefunden und bin euer Anweisung zu diesem Problem gefolgt. Sprich ich habe rkill laufen lassen, malwarebytes scannen lassen und TDSS Killer.exe ausgeführt. Nun sind die ganzen Meldungen zwar verschwunden, aber sämtliche Ordner und der Desktop sind noch immer leer.
Wenn ich Malwarebytes jetzt scannen lasse findet er auch nicht mehr...ich weiß nicht mehr weiter

Könnt ihr mir bitte bitte helfen?

das war die Logdatei beim Fund:

cosinus · 21.03.2012, 17:41

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

piepmatz · 22.03.2012, 09:06

Hab Eset jetzt über Nacht durchlaufen lassen und das ist das Ergebnis:

Malwarebytes zeigte keine Funde, trotzdem ist alles auf dem Rechner weg bzw versteckt..
log dazu:

cosinus · 22.03.2012, 12:35

Zitat:

D:\Download\SoftonicDownloader_fuer_scotts-wallpaper-switcher.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

piepmatz · 22.03.2012, 13:56

so, das ist jetzt das Ergebnis:

Code:

ATTFilter

OTL logfile created on: 22.03.2012 13:36:33 - Run 10
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Nine\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,77% Memory free
6,23 Gb Paging File | 5,13 Gb Available in Paging File | 82,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 54,32 Gb Free Space | 36,45% Space Free | Partition Type: NTFS
Drive D: | 137,33 Gb Total Space | 42,55 Gb Free Space | 30,98% Space Free | Partition Type: NTFS
Drive G: | 3,73 Gb Total Space | 2,68 Gb Free Space | 71,77% Space Free | Partition Type: FAT32
 
Computer Name: NINE-PC | User Name: Nine | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Nine\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\SBPaper\paper.exe ()
PRC - C:\Program Files\ATK Hotkey\HControl.exe (ATK0100)
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\CK Popup Killer\PKILL.EXE (CK Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WinRAR\RarExt.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Program Files\SBPaper\paper.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (UPnPService) -- C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (ASTSRV) -- C:\Windows\System32\ASTSRV.EXE (Nalpeiron Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\Nine\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (ivusb) -- C:\Windows\System32\drivers\ivusb.sys (Initio Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {464F169E-ACE1-4C5F-A778-A433A3DABBAE}:1.0
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.6
FF - prefs.js..extensions.enabledItems: {2122962a-1424-fffe-19af-bba2ef3eff4a}:1.0
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.0: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_0.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Nine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Mozilla Firefox\components [2012.03.18 13:50:34 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.11.28 08:35:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\program files\Mozilla Thunderbird\components [2011.11.08 16:40:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Mozilla Firefox\components [2012.03.18 13:50:34 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Mozilla Firefox\plugins [2011.11.28 08:35:00 | 000,000,000 | -H-D | M]
 
[2011.06.21 19:26:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions
[2010.02.10 11:26:45 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.01.09 15:37:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Extensions\postbox@postbox-inc.com
[2012.01.11 10:04:19 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions
[2011.12.25 11:59:03 | 000,000,000 | -H-D | M] (DownloadHelper) -- C:\Users\Nine\AppData\Roaming\mozilla\Firefox\Profiles\cmswdcip.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.10 00:01:51 | 000,000,933 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\11-suche.xml
[2012.01.10 00:01:52 | 000,002,419 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\englische-ergebnisse.xml
[2012.01.10 00:01:51 | 000,010,525 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\gmx-suche.xml
[2012.01.10 00:01:51 | 000,002,457 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\lastminute.xml
[2012.01.10 00:01:51 | 000,005,508 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\webde-suche.xml
[2010.04.24 09:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
 
O1 HOSTS File: ([2011.05.04 11:27:51 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [ScottsPaperManager] C:\Program Files\SBPaper\paper.exe ()
O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O15 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..Trusted Domains: everestpoker.com ([account] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{899604F5-EF7C-477D-BCE8-8665CB9B0390}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE83FC1-A859-4511-824F-32EA70FF7493}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^Nine^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)
MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software)
MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
MsConfig - StartUpReg: hpqSRMon - hkey= - key= -  File not found
MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Malwarebytes' Anti-Malware (reboot) - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
 
SafeBootMin: 88773322.sys - Driver
SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: 88773322.sys - Driver
SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6446BBBF-7E00-2674-BDC7-DED62B620299} - Microsoft Windows Media Player 11.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.21 22:17:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.21 22:16:37 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nine\Desktop\esetsmartinstaller_enu.exe
[2012.03.21 19:30:49 | 000,000,000 | ---D | C] -- C:\Users\Nine\Desktop\Malwarebytes' Anti-Malware
[2012.03.20 19:16:58 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe
[2012.03.20 18:43:19 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.03.20 18:38:51 | 002,063,920 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Nine\Desktop\tdsskiller.exe
[2012.03.20 13:43:21 | 000,000,000 | -H-D | C] -- C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.15 19:39:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\HP Photo Creations
[2012.03.15 19:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\HP Photo Creations
[2012.02.24 22:44:40 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.22 13:33:18 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.22 13:33:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.22 09:28:00 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.22 01:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.22 01:20:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 22:15:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nine\Desktop\esetsmartinstaller_enu.exe
[2012.03.21 19:28:20 | 000,639,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.21 19:28:20 | 000,604,764 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.21 19:28:20 | 000,131,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.21 19:28:20 | 000,108,096 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.21 19:20:47 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 19:16:22 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Nine\Desktop\OTL.exe
[2012.03.20 18:26:36 | 002,063,920 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Nine\Desktop\tdsskiller.exe
[2012.03.20 18:19:20 | 001,008,141 | ---- | M] () -- C:\Users\Nine\Desktop\rkill.com
[2012.03.20 13:51:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\lawJN9WIPzleuA
[2012.03.20 13:48:08 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuA
[2012.03.20 13:48:08 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuAr
[2012.03.20 13:43:23 | 000,000,612 | -H-- | M] () -- C:\Users\Nine\Desktop\System Check.lnk
[2012.03.19 22:21:01 | 000,164,289 | -H-- | M] () -- C:\Users\Nine\Desktop\1311166303-476.jpg
[2012.03.19 22:19:05 | 000,078,727 | -H-- | M] () -- C:\Users\Nine\Desktop\1312539364-905.jpg
[2012.03.19 22:04:16 | 000,718,319 | -H-- | M] () -- C:\Users\Nine\Desktop\Sarouel_poche_genoulliere.pdf
[2012.03.19 22:04:00 | 000,639,226 | -H-- | M] () -- C:\Users\Nine\Desktop\Sarouel_entrejambes.pdf
[2012.03.19 22:00:16 | 000,003,674 | -H-- | M] () -- C:\Users\Nine\Desktop\hose-einfach-abb1.gif
[2012.03.17 22:09:11 | 000,203,264 | -H-- | M] () -- C:\Users\Nine\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.17 02:00:46 | 553,071,814 | -H-- | M] () -- C:\Users\Nine\Desktop\MVI_7962.AVI
[2012.03.15 03:22:53 | 002,195,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.03.12 10:15:01 | 000,000,903 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.11 17:11:56 | 000,178,260 | -H-- | M] () -- C:\Users\Nine\Desktop\gewa1_online.pdf
[2012.03.06 22:41:01 | 000,000,680 | -H-- | M] () -- C:\Users\Nine\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2012.03.20 18:36:26 | 3220,463,616 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.20 18:20:57 | 001,008,141 | ---- | C] () -- C:\Users\Nine\Desktop\rkill.com
[2012.03.20 13:43:24 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~lawJN9WIPzleuA
[2012.03.20 13:43:24 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~lawJN9WIPzleuAr
[2012.03.20 13:43:23 | 000,000,612 | -H-- | C] () -- C:\Users\Nine\Desktop\System Check.lnk
[2012.03.20 13:43:15 | 000,000,448 | -H-- | C] () -- C:\ProgramData\lawJN9WIPzleuA
[2012.03.19 22:21:00 | 000,164,289 | -H-- | C] () -- C:\Users\Nine\Desktop\1311166303-476.jpg
[2012.03.19 22:19:05 | 000,078,727 | -H-- | C] () -- C:\Users\Nine\Desktop\1312539364-905.jpg
[2012.03.19 22:04:16 | 000,718,319 | -H-- | C] () -- C:\Users\Nine\Desktop\Sarouel_poche_genoulliere.pdf
[2012.03.19 22:04:00 | 000,639,226 | -H-- | C] () -- C:\Users\Nine\Desktop\Sarouel_entrejambes.pdf
[2012.03.19 22:00:16 | 000,003,674 | -H-- | C] () -- C:\Users\Nine\Desktop\hose-einfach-abb1.gif
[2012.03.18 20:22:41 | 553,071,814 | -H-- | C] () -- C:\Users\Nine\Desktop\MVI_7962.AVI
[2012.03.11 17:11:56 | 000,178,260 | -H-- | C] () -- C:\Users\Nine\Desktop\gewa1_online.pdf
[2011.07.06 19:33:51 | 000,000,164 | -H-- | C] () -- C:\ProgramData\{701ACAF9-F102-47c2-8907-36246F4DFB51}
[2011.03.07 11:30:56 | 000,000,109 | ---- | C] () -- C:\Windows\GMouse.ini
[2010.12.22 00:04:07 | 000,000,092 | -H-- | C] () -- C:\Users\Nine\AppData\Local\fusioncache.dat
[2010.10.12 16:59:35 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.10.12 16:59:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.08.12 14:51:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.08.12 14:51:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.08.12 14:51:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010.08.12 14:51:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.08.12 14:51:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.08.10 20:30:36 | 000,001,745 | ---- | C] () -- C:\Windows\lsrslt.ini
 
========== LOP Check ==========
 
[2010.02.25 16:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin
[2010.11.07 22:52:30 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo
[2010.11.16 11:13:07 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro
[2010.01.30 14:53:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\avidemux
[2011.10.11 12:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Azureus
[2011.09.17 09:46:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Canneverbe Limited
[2010.11.16 11:05:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite
[2011.07.06 19:32:11 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Degener
[2012.03.20 09:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox
[2011.04.13 21:47:12 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft
[2010.07.26 22:13:17 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.04 09:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Egyh
[2011.06.19 13:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2011.03.03 08:54:08 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ!
[2011.02.10 20:39:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo
[2010.08.30 18:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express
[2010.12.22 00:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel
[2010.04.23 17:58:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\MAXON
[2010.10.01 11:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound
[2010.08.12 17:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions
[2010.05.12 16:25:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org
[2010.08.08 19:37:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.02.01 17:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Passware
[2010.01.09 15:37:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Postbox
[2010.02.13 16:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache
[2011.06.19 15:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ScummVM
[2011.10.13 09:13:33 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\SharePod
[2010.05.31 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2012.03.20 00:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\temp
[2010.02.10 11:26:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird
[2012.02.24 22:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software
[2011.06.05 09:07:24 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\uTorrent
[2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy
[2010.05.25 12:32:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2012.03.20 20:21:08 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.19 16:41:05 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Adobe
[2009.12.13 19:48:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ahead
[2010.02.25 16:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Alien Skin
[2009.12.18 10:45:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Apple Computer
[2010.11.07 22:52:30 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Ashampoo
[2010.11.16 11:13:07 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Astroburn Pro
[2009.12.07 17:59:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ATI
[2010.01.30 14:53:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\avidemux
[2010.08.11 23:01:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Avira
[2011.10.11 12:09:02 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Azureus
[2011.09.17 09:46:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Canneverbe Limited
[2010.11.16 11:05:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DAEMON Tools Lite
[2011.07.06 19:32:11 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Degener
[2010.03.22 20:32:54 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DivX
[2010.11.09 13:32:16 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Download Manager
[2012.03.20 09:08:19 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Dropbox
[2011.04.13 21:47:12 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoft
[2010.07.26 22:13:17 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.05.04 09:39:29 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Egyh
[2011.06.19 13:17:44 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FileZilla
[2011.03.03 08:54:08 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\FRITZ!
[2011.02.10 20:39:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\GetRightToGo
[2010.02.04 16:29:04 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\HP
[2011.10.28 10:50:23 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Identities
[2010.08.30 18:39:48 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Image Zone Express
[2010.12.22 00:11:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Imaxel
[2009.12.17 17:07:00 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\InstallShield
[2009.12.07 20:00:50 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Macromedia
[2010.08.11 09:11:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Malwarebytes
[2010.04.23 17:58:55 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\MAXON
[2006.11.02 13:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Media Center Programs
[2009.12.09 16:45:43 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Media Player Classic
[2010.12.26 22:26:05 | 000,000,000 | --SD | M] -- C:\Users\Nine\AppData\Roaming\Microsoft
[2009.12.07 18:20:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Mozilla
[2010.10.01 11:14:10 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\NCH Swift Sound
[2010.09.04 13:35:38 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Nero
[2010.08.12 17:17:51 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Online Solutions
[2010.05.12 16:25:52 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\OpenOffice.org
[2010.08.08 19:37:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Opera
[2010.02.01 17:05:56 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Passware
[2010.01.09 15:37:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Postbox
[2010.02.13 16:48:18 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Printer Info Cache
[2011.06.19 15:16:06 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\ScummVM
[2011.05.16 21:40:23 | 000,000,000 | RH-D | M] -- C:\Users\Nine\AppData\Roaming\SecuROM
[2011.10.13 09:13:33 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\SharePod
[2012.01.10 23:55:34 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Skype
[2011.06.13 07:01:14 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\skypePM
[2010.05.31 15:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Spesoft Audio Converter
[2012.03.20 00:19:27 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\temp
[2010.02.10 11:26:45 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Thunderbird
[2012.02.24 22:46:01 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\TuneUp Software
[2011.06.05 09:07:24 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\uTorrent
[2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy
[2010.05.25 12:32:39 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\VMLoad
[2009.12.08 00:24:00 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.04 07:56:04 | 000,310,208 | -H-- | M] (Georgia Institute of Technology) -- C:\Users\Nine\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011.10.11 11:53:17 | 009,077,688 | -H-- | M] (Vuze Inc.) -- C:\Users\Nine\AppData\Roaming\Azureus\tmp\AZU6912415733898544045.tmp\Vuze_4.7.0.0a_win32.exe
[2012.02.15 00:03:14 | 024,246,216 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | -H-- | M] (Dropbox, Inc.) -- C:\Users\Nine\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2010.10.04 08:59:18 | 000,038,208 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.12.26 22:26:05 | 000,010,134 | RH-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\ARPPRODUCTICON.exe
[2010.12.26 22:26:05 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 22:26:05 | 000,045,056 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 22:26:05 | 000,040,960 | RH-- | M] (InstallShield Software Corp.) -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
[2010.12.26 22:26:05 | 000,008,854 | RH-- | M] () -- C:\Users\Nine\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\NewShortcut1_D98C963793DA44DBB73AB11A1192AB26.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\agp440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\agp440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\ERDNT\cache\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Nine\AppData\Local\temp\RarSFX1\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Users\Nine\Desktop\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Nine\AppData\Local\temp\RarSFX1\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 22.03.2012, 15:33

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&ai=13054"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..extensions.enabledItems: fbchathistory@firechm.com:1.1.5
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
[2012.01.10 00:01:51 | 000,000,933 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\11-suche.xml
[2012.01.10 00:01:51 | 000,010,525 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\gmx-suche.xml
[2012.01.10 00:01:51 | 000,002,457 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\lastminute.xml
[2012.01.10 00:01:51 | 000,005,508 | -H-- | M] () -- C:\Users\Nine\AppData\Roaming\Mozilla\Firefox\Profiles\cmswdcip.default\searchplugins\webde-suche.xml
[2010.03.10 16:00:26 | 000,002,025 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Nine\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000..\Run: [CK POPUP KILLER] C:\CK Popup Killer\PKILL.EXE (CK Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-21-2684614725-1401231723-2353267314-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk -  - File not found
MsConfig - StartUpReg: CK POPUP KILLER - hkey= - key= - C:\CK Popup Killer\PKILL.EXE (CK Software)
SafeBootMin: 88773322.sys - Driver
[2012.03.20 13:51:19 | 000,000,448 | -H-- | M] () -- C:\ProgramData\lawJN9WIPzleuA
[2012.03.20 13:48:08 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuA
[2012.03.20 13:48:08 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~lawJN9WIPzleuAr
[2012.03.20 13:43:23 | 000,000,612 | -H-- | M] () -- C:\Users\Nine\Desktop\System Check.lnk
[2011.05.04 09:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Nine\AppData\Roaming\Uwwiqy
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

piepmatz · 22.03.2012, 15:49

hier das logfile:

cosinus · 22.03.2012, 16:19

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

piepmatz · 22.03.2012, 16:28

Danke..hier die logdatei:

cosinus · 22.03.2012, 16:31

Zitat:

16:24:33.0516 1920 ============================================================
16:24:33.0531 2712 Detected object count: 1
16:24:33.0531 2712 Actual detected object count: 1

Irgendwas stimmt da nicht. Hast du das Log wirklich komplett gepostet?

piepmatz · 22.03.2012, 16:39

oh gott, was stimmt da nicht?
habe die logdatei so wie sie war aus dem Ordner genommen.

kann ich jetzt noch irgendwas retten oder ist der Rechner hin?

cosinus · 23.03.2012, 20:33

Nein wiederhol den Scan mit dem TDSS-Killer einfach!

piepmatz · 23.03.2012, 20:48

hab ich gemacht, jetzt hat er mehr gefunden:

Code:

ATTFilter

20:42:53.0884 2032	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
20:42:54.0056 2032	============================================================
20:42:54.0056 2032	Current date / time: 2012/03/23 20:42:54.0056
20:42:54.0056 2032	SystemInfo:
20:42:54.0056 2032	
20:42:54.0056 2032	OS Version: 6.0.6002 ServicePack: 2.0
20:42:54.0056 2032	Product type: Workstation
20:42:54.0056 2032	ComputerName: NINE-PC
20:42:54.0056 2032	UserName: Nine
20:42:54.0056 2032	Windows directory: C:\Windows
20:42:54.0056 2032	System windows directory: C:\Windows
20:42:54.0056 2032	Processor architecture: Intel x86
20:42:54.0056 2032	Number of processors: 2
20:42:54.0056 2032	Page size: 0x1000
20:42:54.0056 2032	Boot type: Normal boot
20:42:54.0056 2032	============================================================
20:42:55.0959 2032	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
20:42:55.0959 2032	Drive \Device\Harddisk1\DR4 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:42:55.0959 2032	\Device\Harddisk0\DR0:
20:42:55.0959 2032	MBR used
20:42:55.0959 2032	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770D7A, BlocksNum 0x12A14C00
20:42:55.0990 2032	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x141859B9, BlocksNum 0x112A7D08
20:42:55.0990 2032	\Device\Harddisk1\DR4:
20:42:55.0990 2032	MBR used
20:42:55.0990 2032	\Device\Harddisk1\DR4\Partition0: MBR, Type 0xC, StartLBA 0x28, BlocksNum 0x777FD7
20:42:56.0193 2032	Initialize success
20:42:56.0193 2032	============================================================
20:43:20.0248 1240	============================================================
20:43:20.0248 1240	Scan started
20:43:20.0248 1240	Mode: Manual; 
20:43:20.0248 1240	============================================================
20:43:21.0200 1240	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:43:21.0215 1240	ACPI - ok
20:43:21.0387 1240	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:43:21.0403 1240	adp94xx - ok
20:43:21.0481 1240	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:43:21.0481 1240	adpahci - ok
20:43:21.0590 1240	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:43:21.0590 1240	adpu160m - ok
20:43:21.0652 1240	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:43:21.0668 1240	adpu320 - ok
20:43:21.0824 1240	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:43:21.0839 1240	AeLookupSvc - ok
20:43:21.0964 1240	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:43:21.0964 1240	AFD - ok
20:43:22.0011 1240	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:43:22.0027 1240	agp440 - ok
20:43:22.0073 1240	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:43:22.0089 1240	aic78xx - ok
20:43:22.0120 1240	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:43:22.0120 1240	ALG - ok
20:43:22.0167 1240	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:43:22.0167 1240	aliide - ok
20:43:22.0198 1240	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:43:22.0198 1240	amdagp - ok
20:43:22.0229 1240	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:43:22.0229 1240	amdide - ok
20:43:22.0339 1240	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:43:22.0339 1240	AmdK7 - ok
20:43:22.0385 1240	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:43:22.0385 1240	AmdK8 - ok
20:43:22.0651 1240	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:43:22.0666 1240	AntiVirSchedulerService - ok
20:43:22.0744 1240	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:43:22.0744 1240	AntiVirService - ok
20:43:23.0119 1240	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:43:23.0119 1240	Appinfo - ok
20:43:23.0368 1240	Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:43:23.0415 1240	Apple Mobile Device - ok
20:43:23.0711 1240	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:43:23.0758 1240	arc - ok
20:43:23.0805 1240	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:43:23.0805 1240	arcsas - ok
20:43:23.0914 1240	ASLDRService    (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
20:43:23.0961 1240	ASLDRService - ok
20:43:24.0070 1240	aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:43:24.0117 1240	aspnet_state - ok
20:43:24.0335 1240	ASTSRV          (0c83fc56707bf68db04947052a8188b1) C:\Windows\system32\ASTSRV.EXE
20:43:24.0351 1240	ASTSRV - ok
20:43:24.0538 1240	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:24.0538 1240	AsyncMac - ok
20:43:24.0694 1240	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:43:24.0710 1240	atapi - ok
20:43:24.0991 1240	athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
20:43:25.0022 1240	athr - ok
20:43:25.0256 1240	Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
20:43:25.0334 1240	Ati External Event Utility - ok
20:43:25.0677 1240	atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:43:25.0771 1240	atikmdag - ok
20:43:26.0051 1240	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
20:43:26.0067 1240	atksgt - ok
20:43:26.0192 1240	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:26.0254 1240	AudioEndpointBuilder - ok
20:43:26.0285 1240	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:26.0285 1240	Audiosrv - ok
20:43:26.0441 1240	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:43:26.0473 1240	avgntflt - ok
20:43:26.0535 1240	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:43:26.0535 1240	avipbb - ok
20:43:26.0582 1240	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:43:26.0582 1240	Beep - ok
20:43:26.0675 1240	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:43:26.0691 1240	BFE - ok
20:43:26.0894 1240	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:43:26.0956 1240	BITS - ok
20:43:27.0190 1240	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:43:27.0206 1240	blbdrive - ok
20:43:27.0377 1240	Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
20:43:27.0377 1240	Bonjour Service - ok
20:43:27.0830 1240	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:43:27.0845 1240	bowser - ok
20:43:27.0986 1240	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:43:28.0001 1240	BrFiltLo - ok
20:43:28.0048 1240	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:43:28.0048 1240	BrFiltUp - ok
20:43:28.0142 1240	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:43:28.0157 1240	Browser - ok
20:43:28.0189 1240	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:43:28.0189 1240	Brserid - ok
20:43:28.0267 1240	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:43:28.0267 1240	BrSerWdm - ok
20:43:28.0313 1240	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:43:28.0313 1240	BrUsbMdm - ok
20:43:28.0329 1240	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:43:28.0345 1240	BrUsbSer - ok
20:43:28.0391 1240	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:43:28.0391 1240	BTHMODEM - ok
20:43:28.0532 1240	catchme - ok
20:43:28.0797 1240	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:28.0813 1240	cdfs - ok
20:43:29.0047 1240	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:29.0093 1240	cdrom - ok
20:43:29.0140 1240	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:43:29.0140 1240	CertPropSvc - ok
20:43:29.0171 1240	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:43:29.0171 1240	circlass - ok
20:43:29.0234 1240	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:43:29.0343 1240	CLFS - ok
20:43:29.0515 1240	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:29.0546 1240	clr_optimization_v2.0.50727_32 - ok
20:43:29.0608 1240	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:43:29.0733 1240	clr_optimization_v4.0.30319_32 - ok
20:43:29.0827 1240	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:29.0827 1240	CmBatt - ok
20:43:29.0858 1240	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:43:29.0920 1240	cmdide - ok
20:43:29.0998 1240	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:43:29.0998 1240	Compbatt - ok
20:43:30.0014 1240	Scan interrupted by user!
20:43:30.0014 1240	Scan interrupted by user!
20:43:30.0014 1240	Scan interrupted by user!
20:43:30.0014 1240	============================================================
20:43:30.0014 1240	Scan finished
20:43:30.0014 1240	============================================================
20:43:30.0029 1256	Detected object count: 0
20:43:30.0029 1256	Actual detected object count: 0
20:43:40.0497 4060	============================================================
20:43:40.0497 4060	Scan started
20:43:40.0497 4060	Mode: Manual; SigCheck; TDLFS; 
20:43:40.0497 4060	============================================================
20:43:41.0308 4060	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:43:41.0433 4060	ACPI - ok
20:43:41.0605 4060	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:43:41.0636 4060	adp94xx - ok
20:43:41.0698 4060	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:43:41.0714 4060	adpahci - ok
20:43:41.0776 4060	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:43:41.0776 4060	adpu160m - ok
20:43:41.0823 4060	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:43:41.0839 4060	adpu320 - ok
20:43:41.0948 4060	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
20:43:42.0104 4060	AeLookupSvc - ok
20:43:42.0369 4060	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:43:42.0509 4060	AFD - ok
20:43:42.0837 4060	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:43:42.0853 4060	agp440 - ok
20:43:43.0071 4060	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:43:43.0087 4060	aic78xx - ok
20:43:43.0180 4060	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
20:43:43.0383 4060	ALG - ok
20:43:43.0726 4060	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:43:43.0742 4060	aliide - ok
20:43:43.0789 4060	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:43:43.0804 4060	amdagp - ok
20:43:43.0835 4060	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:43:43.0851 4060	amdide - ok
20:43:43.0882 4060	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:43:43.0960 4060	AmdK7 - ok
20:43:44.0007 4060	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:43:44.0085 4060	AmdK8 - ok
20:43:44.0303 4060	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:43:44.0335 4060	AntiVirSchedulerService - ok
20:43:44.0350 4060	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:43:44.0366 4060	AntiVirService - ok
20:43:44.0553 4060	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
20:43:44.0771 4060	Appinfo - ok
20:43:44.0927 4060	Apple Mobile Device (4b5ae15e5c73eb4dc8dbec2788230d41) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
20:43:44.0943 4060	Apple Mobile Device - ok
20:43:45.0302 4060	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:43:45.0317 4060	arc - ok
20:43:45.0442 4060	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:43:45.0442 4060	arcsas - ok
20:43:45.0739 4060	ASLDRService    (66597ad6098352d11239c0c42100b176) C:\Program Files\ATK Hotkey\ASLDRSrv.exe
20:43:45.0770 4060	ASLDRService ( UnsignedFile.Multi.Generic ) - warning
20:43:45.0770 4060	ASLDRService - detected UnsignedFile.Multi.Generic (1)
20:43:45.0957 4060	aspnet_state    (40c145f12ff461a0220303bda134f598) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
20:43:45.0973 4060	aspnet_state - ok
20:43:46.0363 4060	ASTSRV          (0c83fc56707bf68db04947052a8188b1) C:\Windows\system32\ASTSRV.EXE
20:43:46.0378 4060	ASTSRV ( UnsignedFile.Multi.Generic ) - warning
20:43:46.0378 4060	ASTSRV - detected UnsignedFile.Multi.Generic (1)
20:43:46.0628 4060	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:43:46.0675 4060	AsyncMac - ok
20:43:46.0971 4060	atapi           (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:43:46.0987 4060	atapi - ok
20:43:47.0361 4060	athr            (2846f5ee802889d500fcf5cc48b28381) C:\Windows\system32\DRIVERS\athr.sys
20:43:47.0501 4060	athr - ok
20:43:47.0923 4060	Ati External Event Utility (2039e24fe00639a9123dcd6f22d42d74) C:\Windows\system32\Ati2evxx.exe
20:43:48.0047 4060	Ati External Event Utility - ok
20:43:48.0469 4060	atikmdag        (d2e9acb68fa61c911cc21e07f87705bf) C:\Windows\system32\DRIVERS\atikmdag.sys
20:43:49.0233 4060	atikmdag - ok
20:43:49.0592 4060	atksgt          (f0d933b42cd0594048e4d5200ae9e417) C:\Windows\system32\DRIVERS\atksgt.sys
20:43:49.0841 4060	atksgt - ok
20:43:50.0091 4060	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:50.0138 4060	AudioEndpointBuilder - ok
20:43:50.0247 4060	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
20:43:50.0278 4060	Audiosrv - ok
20:43:50.0575 4060	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
20:43:50.0606 4060	avgntflt - ok
20:43:50.0715 4060	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
20:43:50.0731 4060	avipbb - ok
20:43:50.0777 4060	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:43:50.0918 4060	Beep - ok
20:43:51.0074 4060	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
20:43:51.0152 4060	BFE - ok
20:43:51.0620 4060	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
20:43:51.0698 4060	BITS - ok
20:43:51.0838 4060	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:43:51.0947 4060	blbdrive - ok
20:43:52.0150 4060	Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files\Bonjour\mDNSResponder.exe
20:43:52.0166 4060	Bonjour Service - ok
20:43:52.0571 4060	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:43:52.0649 4060	bowser - ok
20:43:53.0024 4060	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:43:53.0055 4060	BrFiltLo - ok
20:43:53.0383 4060	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:43:53.0476 4060	BrFiltUp - ok
20:43:53.0663 4060	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
20:43:53.0773 4060	Browser - ok
20:43:53.0991 4060	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:43:54.0225 4060	Brserid - ok
20:43:54.0475 4060	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:43:54.0553 4060	BrSerWdm - ok
20:43:54.0833 4060	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:43:54.0943 4060	BrUsbMdm - ok
20:43:55.0301 4060	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:43:55.0395 4060	BrUsbSer - ok
20:43:55.0567 4060	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:43:55.0691 4060	BTHMODEM - ok
20:43:55.0832 4060	catchme - ok
20:43:56.0206 4060	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:43:56.0300 4060	cdfs - ok
20:43:56.0565 4060	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:43:56.0643 4060	cdrom - ok
20:43:56.0830 4060	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:43:56.0924 4060	CertPropSvc - ok
20:43:57.0236 4060	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:43:57.0283 4060	circlass - ok
20:43:57.0517 4060	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:43:57.0548 4060	CLFS - ok
20:43:57.0704 4060	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:43:57.0719 4060	clr_optimization_v2.0.50727_32 - ok
20:43:57.0844 4060	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:43:57.0860 4060	clr_optimization_v4.0.30319_32 - ok
20:43:58.0297 4060	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:43:58.0359 4060	CmBatt - ok
20:43:58.0499 4060	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:43:58.0515 4060	cmdide - ok
20:43:58.0624 4060	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:43:58.0640 4060	Compbatt - ok
20:43:58.0718 4060	COMSysApp - ok
20:43:58.0733 4060	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:43:58.0749 4060	crcdisk - ok
20:43:58.0765 4060	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:43:58.0827 4060	Crusoe - ok
20:43:59.0030 4060	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
20:43:59.0123 4060	CryptSvc - ok
20:43:59.0404 4060	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:43:59.0482 4060	DcomLaunch - ok
20:43:59.0685 4060	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
20:43:59.0794 4060	DfsC - ok
20:44:00.0137 4060	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
20:44:00.0371 4060	DFSR - ok
20:44:00.0621 4060	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
20:44:00.0683 4060	Dhcp - ok
20:44:00.0793 4060	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:44:00.0808 4060	disk - ok
20:44:00.0902 4060	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
20:44:00.0995 4060	Dnscache - ok
20:44:01.0058 4060	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
20:44:01.0073 4060	dot3svc - ok
20:44:01.0136 4060	Dot4            (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
20:44:01.0214 4060	Dot4 - ok
20:44:01.0292 4060	Dot4Print       (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
20:44:01.0339 4060	Dot4Print - ok
20:44:01.0432 4060	dot4usb         (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
20:44:01.0526 4060	dot4usb - ok
20:44:01.0651 4060	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
20:44:01.0744 4060	DPS - ok
20:44:01.0869 4060	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:44:01.0947 4060	drmkaud - ok
20:44:02.0056 4060	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:44:02.0165 4060	DXGKrnl - ok
20:44:02.0431 4060	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:44:02.0524 4060	E1G60 - ok
20:44:02.0883 4060	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
20:44:02.0961 4060	EapHost - ok
20:44:03.0304 4060	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:44:03.0320 4060	Ecache - ok
20:44:03.0507 4060	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
20:44:03.0601 4060	ehRecvr - ok
20:44:03.0663 4060	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
20:44:03.0788 4060	ehSched - ok
20:44:03.0803 4060	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
20:44:03.0835 4060	ehstart - ok
20:44:03.0928 4060	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:44:03.0991 4060	elxstor - ok
20:44:04.0178 4060	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
20:44:04.0303 4060	EMDMgmt - ok
20:44:04.0646 4060	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:44:04.0724 4060	ErrDev - ok
20:44:04.0833 4060	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
20:44:04.0880 4060	EventSystem - ok
20:44:05.0005 4060	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:44:05.0129 4060	exfat - ok
20:44:05.0239 4060	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:44:05.0301 4060	fastfat - ok
20:44:05.0332 4060	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:44:05.0395 4060	fdc - ok
20:44:05.0582 4060	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
20:44:05.0629 4060	fdPHost - ok
20:44:05.0675 4060	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
20:44:05.0800 4060	FDResPub - ok
20:44:06.0221 4060	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:44:06.0253 4060	FileInfo - ok
20:44:06.0487 4060	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:44:06.0565 4060	Filetrace - ok
20:44:06.0689 4060	FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:44:06.0908 4060	FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
20:44:06.0908 4060	FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
20:44:07.0220 4060	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:44:07.0313 4060	flpydisk - ok
20:44:07.0469 4060	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:44:07.0485 4060	FltMgr - ok
20:44:07.0735 4060	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
20:44:07.0875 4060	FontCache - ok
20:44:08.0109 4060	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
20:44:08.0140 4060	FontCache3.0.0.0 - ok
20:44:08.0359 4060	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:44:08.0437 4060	Fs_Rec - ok
20:44:08.0702 4060	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:44:08.0717 4060	gagp30kx - ok
20:44:09.0029 4060	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:44:09.0061 4060	GEARAspiWDM - ok
20:44:09.0404 4060	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
20:44:09.0560 4060	gpsvc - ok
20:44:09.0778 4060	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:44:09.0825 4060	gupdate - ok
20:44:09.0872 4060	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:44:09.0887 4060	gupdatem - ok
20:44:10.0043 4060	HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
20:44:10.0215 4060	HdAudAddService - ok
20:44:10.0496 4060	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:44:10.0730 4060	HDAudBus - ok
20:44:10.0917 4060	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:44:10.0995 4060	HidBth - ok
20:44:11.0198 4060	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:44:11.0291 4060	HidIr - ok
20:44:11.0510 4060	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
20:44:11.0541 4060	hidserv - ok
20:44:11.0619 4060	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:44:11.0666 4060	HidUsb - ok
20:44:11.0853 4060	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
20:44:11.0915 4060	hkmsvc - ok
20:44:12.0118 4060	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:44:12.0149 4060	HpCISSs - ok
20:44:12.0274 4060	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
20:44:12.0368 4060	HTTP - ok
20:44:12.0711 4060	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:44:12.0727 4060	i2omp - ok
20:44:12.0992 4060	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:44:13.0023 4060	i8042prt - ok
20:44:13.0569 4060	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:44:13.0631 4060	iaStorV - ok
20:44:13.0865 4060	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:44:14.0068 4060	idsvc - ok
20:44:14.0224 4060	IGDCTRL         (506801c7d47be8cd1cf342bf28eb17ec) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
20:44:14.0240 4060	IGDCTRL - ok
20:44:14.0443 4060	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:44:14.0458 4060	iirsp - ok
20:44:14.0536 4060	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
20:44:14.0599 4060	IKEEXT - ok
20:44:14.0973 4060	IntcAzAudAddService (d9b869a909cc93aec507d4f7dfa24434) C:\Windows\system32\drivers\RTKVHDA.sys
20:44:15.0160 4060	IntcAzAudAddService - ok
20:44:15.0488 4060	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
20:44:15.0519 4060	intelide - ok
20:44:15.0800 4060	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:44:15.0909 4060	intelppm - ok
20:44:16.0112 4060	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
20:44:16.0174 4060	IPBusEnum - ok
20:44:16.0361 4060	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:44:16.0424 4060	IpFilterDriver - ok
20:44:16.0549 4060	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
20:44:16.0611 4060	iphlpsvc - ok
20:44:16.0829 4060	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:44:16.0892 4060	IPMIDRV - ok
20:44:17.0017 4060	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:44:17.0063 4060	IPNAT - ok
20:44:17.0297 4060	iPod Service    (7a3611564fce7c8be50b03f58cb3eb7d) C:\Program Files\iPod\bin\iPodService.exe
20:44:17.0438 4060	iPod Service - ok
20:44:17.0719 4060	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:44:17.0765 4060	IRENUM - ok
20:44:17.0968 4060	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:44:17.0984 4060	isapnp - ok
20:44:18.0311 4060	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:44:18.0389 4060	iScsiPrt - ok
20:44:18.0592 4060	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:44:18.0608 4060	iteatapi - ok
20:44:18.0779 4060	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:44:18.0795 4060	iteraid - ok
20:44:18.0967 4060	ivusb           (67390c4565772d4bfa996c40d8319954) C:\Windows\system32\DRIVERS\ivusb.sys
20:44:18.0967 4060	ivusb - ok
20:44:19.0107 4060	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:44:19.0107 4060	kbdclass - ok
20:44:19.0216 4060	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
20:44:19.0263 4060	kbdhid - ok
20:44:19.0559 4060	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:19.0591 4060	KeyIso - ok
20:44:19.0996 4060	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
20:44:20.0027 4060	KSecDD - ok
20:44:20.0433 4060	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
20:44:20.0589 4060	KtmRm - ok
20:44:20.0854 4060	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
20:44:20.0932 4060	LanmanServer - ok
20:44:21.0041 4060	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
20:44:21.0104 4060	LanmanWorkstation - ok
20:44:21.0229 4060	lirsgt          (f8a7212d0864ef5e9185fb95e6623f4d) C:\Windows\system32\DRIVERS\lirsgt.sys
20:44:21.0244 4060	lirsgt - ok
20:44:21.0400 4060	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:44:21.0447 4060	lltdio - ok
20:44:21.0650 4060	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
20:44:21.0743 4060	lltdsvc - ok
20:44:21.0868 4060	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
20:44:21.0946 4060	lmhosts - ok
20:44:22.0118 4060	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:44:22.0133 4060	LSI_FC - ok
20:44:22.0445 4060	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:44:22.0492 4060	LSI_SAS - ok
20:44:22.0742 4060	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:44:22.0773 4060	LSI_SCSI - ok
20:44:22.0929 4060	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:44:23.0038 4060	luafv - ok
20:44:23.0272 4060	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
20:44:23.0288 4060	MBAMProtector - ok
20:44:23.0413 4060	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
20:44:23.0459 4060	MBAMService - ok
20:44:23.0678 4060	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
20:44:23.0709 4060	Mcx2Svc - ok
20:44:23.0865 4060	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:44:23.0881 4060	megasas - ok
20:44:24.0083 4060	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:44:24.0177 4060	MegaSR - ok
20:44:24.0520 4060	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:44:24.0614 4060	MMCSS - ok
20:44:24.0832 4060	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:44:24.0910 4060	Modem - ok
20:44:25.0207 4060	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:44:25.0285 4060	monitor - ok
20:44:25.0581 4060	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:44:25.0612 4060	mouclass - ok
20:44:25.0877 4060	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:44:25.0971 4060	mouhid - ok
20:44:26.0096 4060	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:44:26.0174 4060	MountMgr - ok
20:44:26.0267 4060	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:44:26.0283 4060	mpio - ok
20:44:26.0470 4060	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:44:26.0501 4060	mpsdrv - ok
20:44:26.0642 4060	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
20:44:26.0704 4060	MpsSvc - ok
20:44:26.0985 4060	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:44:27.0001 4060	Mraid35x - ok
20:44:27.0047 4060	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:44:27.0094 4060	MRxDAV - ok
20:44:27.0125 4060	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:44:27.0157 4060	mrxsmb - ok
20:44:27.0203 4060	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:44:27.0235 4060	mrxsmb10 - ok
20:44:27.0266 4060	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:44:27.0359 4060	mrxsmb20 - ok
20:44:27.0406 4060	msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:44:27.0469 4060	msahci - ok
20:44:27.0500 4060	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:44:27.0515 4060	msdsm - ok
20:44:27.0562 4060	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
20:44:27.0609 4060	MSDTC - ok
20:44:27.0640 4060	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:44:27.0671 4060	Msfs - ok
20:44:27.0718 4060	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:44:27.0749 4060	msisadrv - ok
20:44:27.0952 4060	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
20:44:28.0061 4060	MSiSCSI - ok
20:44:28.0171 4060	msiserver - ok
20:44:28.0389 4060	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:44:28.0451 4060	MSKSSRV - ok
20:44:28.0545 4060	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:44:28.0639 4060	MSPCLOCK - ok
20:44:28.0888 4060	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:44:28.0935 4060	MSPQM - ok
20:44:29.0153 4060	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:44:29.0169 4060	MsRPC - ok
20:44:29.0294 4060	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:44:29.0309 4060	mssmbios - ok
20:44:29.0372 4060	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:44:29.0419 4060	MSTEE - ok
20:44:29.0621 4060	MTsensor        (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
20:44:29.0668 4060	MTsensor - ok
20:44:29.0933 4060	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:44:29.0965 4060	Mup - ok
20:44:30.0167 4060	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
20:44:30.0245 4060	napagent - ok
20:44:30.0541 4060	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:44:30.0603 4060	NativeWifiP - ok
20:44:30.0993 4060	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:44:31.0040 4060	NDIS - ok
20:44:31.0337 4060	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:44:31.0399 4060	NdisTapi - ok
20:44:31.0602 4060	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:44:31.0664 4060	Ndisuio - ok
20:44:31.0789 4060	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:44:31.0836 4060	NdisWan - ok
20:44:32.0007 4060	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:44:32.0039 4060	NDProxy - ok
20:44:32.0117 4060	Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
20:44:32.0148 4060	Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:44:32.0148 4060	Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:44:32.0226 4060	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:44:32.0288 4060	NetBIOS - ok
20:44:32.0553 4060	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:44:32.0585 4060	netbt - ok
20:44:32.0897 4060	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:32.0912 4060	Netlogon - ok
20:44:33.0053 4060	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
20:44:33.0115 4060	Netman - ok
20:44:33.0162 4060	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
20:44:33.0255 4060	netprofm - ok
20:44:33.0365 4060	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:44:33.0380 4060	NetTcpPortSharing - ok
20:44:33.0552 4060	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:44:33.0567 4060	nfrd960 - ok
20:44:33.0786 4060	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
20:44:33.0864 4060	NlaSvc - ok
20:44:34.0020 4060	NMIndexingService - ok
20:44:34.0316 4060	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:44:34.0379 4060	Npfs - ok
20:44:34.0566 4060	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
20:44:34.0644 4060	nsi - ok
20:44:34.0800 4060	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:44:34.0862 4060	nsiproxy - ok
20:44:35.0268 4060	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:44:35.0393 4060	Ntfs - ok
20:44:35.0642 4060	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:44:35.0736 4060	ntrigdigi - ok
20:44:35.0767 4060	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:44:35.0829 4060	Null - ok
20:44:35.0861 4060	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:44:35.0876 4060	nvraid - ok
20:44:35.0907 4060	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:44:35.0954 4060	nvstor - ok
20:44:36.0001 4060	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:44:36.0017 4060	nv_agp - ok
20:44:36.0110 4060	ohci1394        (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
20:44:36.0157 4060	ohci1394 - ok
20:44:36.0344 4060	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:36.0500 4060	p2pimsvc - ok
20:44:36.0750 4060	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:36.0797 4060	p2psvc - ok
20:44:37.0046 4060	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:44:37.0140 4060	Parport - ok
20:44:37.0389 4060	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:44:37.0405 4060	partmgr - ok
20:44:37.0561 4060	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:44:37.0655 4060	Parvdm - ok
20:44:37.0982 4060	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
20:44:38.0076 4060	PcaSvc - ok
20:44:38.0325 4060	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:44:38.0341 4060	pci - ok
20:44:38.0856 4060	pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:44:38.0903 4060	pciide - ok
20:44:39.0277 4060	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:44:39.0339 4060	pcmcia - ok
20:44:39.0698 4060	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:44:40.0010 4060	PEAUTH - ok
20:44:40.0275 4060	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
20:44:40.0385 4060	pla - ok
20:44:40.0541 4060	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
20:44:40.0603 4060	PlugPlay - ok
20:44:40.0712 4060	Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
20:44:40.0775 4060	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:44:40.0775 4060	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:44:40.0821 4060	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:40.0868 4060	PNRPAutoReg - ok
20:44:40.0899 4060	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
20:44:40.0977 4060	PNRPsvc - ok
20:44:41.0165 4060	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
20:44:41.0289 4060	PolicyAgent - ok
20:44:41.0399 4060	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:44:41.0477 4060	PptpMiniport - ok
20:44:41.0555 4060	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:44:41.0664 4060	Processor - ok
20:44:41.0851 4060	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
20:44:41.0945 4060	ProfSvc - ok
20:44:42.0085 4060	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:42.0101 4060	ProtectedStorage - ok
20:44:42.0272 4060	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:44:42.0335 4060	PSched - ok
20:44:42.0615 4060	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:44:42.0974 4060	ql2300 - ok
20:44:43.0208 4060	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:44:43.0286 4060	ql40xx - ok
20:44:43.0380 4060	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
20:44:43.0411 4060	QWAVE - ok
20:44:43.0442 4060	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:44:43.0458 4060	QWAVEdrv - ok
20:44:43.0489 4060	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:44:43.0536 4060	RasAcd - ok
20:44:43.0614 4060	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
20:44:43.0707 4060	RasAuto - ok
20:44:43.0785 4060	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:44:43.0817 4060	Rasl2tp - ok
20:44:44.0175 4060	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
20:44:44.0238 4060	RasMan - ok
20:44:44.0409 4060	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:44:44.0503 4060	RasPppoe - ok
20:44:44.0706 4060	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:44:44.0721 4060	RasSstp - ok
20:44:45.0065 4060	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:44:45.0330 4060	rdbss - ok
20:44:45.0829 4060	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:44:45.0891 4060	RDPCDD - ok
20:44:46.0094 4060	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:44:46.0141 4060	rdpdr - ok
20:44:46.0297 4060	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:44:46.0359 4060	RDPENCDD - ok
20:44:46.0671 4060	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
20:44:46.0765 4060	RDPWD - ok
20:44:46.0952 4060	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
20:44:47.0015 4060	RemoteAccess - ok
20:44:47.0217 4060	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
20:44:47.0264 4060	RemoteRegistry - ok
20:44:47.0498 4060	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
20:44:47.0623 4060	RpcLocator - ok
20:44:47.0857 4060	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
20:44:47.0935 4060	RpcSs - ok
20:44:48.0185 4060	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:44:48.0309 4060	rspndr - ok
20:44:48.0575 4060	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
20:44:48.0590 4060	SamSs - ok
20:44:48.0918 4060	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:44:48.0949 4060	sbp2port - ok
20:44:49.0058 4060	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
20:44:49.0105 4060	SCardSvr - ok
20:44:49.0417 4060	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
20:44:49.0604 4060	Schedule - ok
20:44:49.0979 4060	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
20:44:50.0010 4060	SCPolicySvc - ok
20:44:50.0369 4060	sdbus           (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
20:44:50.0447 4060	sdbus - ok
20:44:50.0571 4060	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
20:44:50.0618 4060	SDRSVC - ok
20:44:50.0821 4060	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:44:50.0915 4060	secdrv - ok
20:44:50.0993 4060	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
20:44:51.0086 4060	seclogon - ok
20:44:51.0180 4060	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
20:44:51.0227 4060	SENS - ok
20:44:51.0414 4060	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:44:51.0570 4060	Serenum - ok
20:44:51.0913 4060	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:44:52.0022 4060	Serial - ok
20:44:52.0443 4060	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:44:52.0537 4060	sermouse - ok
20:44:52.0927 4060	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
20:44:52.0974 4060	SessionEnv - ok
20:44:53.0333 4060	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:44:53.0395 4060	sffdisk - ok
20:44:53.0613 4060	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:44:53.0676 4060	sffp_mmc - ok
20:44:53.0832 4060	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:44:53.0910 4060	sffp_sd - ok
20:44:53.0941 4060	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
20:44:54.0019 4060	sfloppy - ok
20:44:54.0191 4060	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
20:44:54.0269 4060	SharedAccess - ok
20:44:54.0503 4060	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
20:44:54.0596 4060	ShellHWDetection - ok
20:44:54.0783 4060	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:44:54.0799 4060	sisagp - ok
20:44:54.0893 4060	SiSGbeLH        (f7da61bd62a16510227656c3477e2b52) C:\Windows\system32\DRIVERS\SiSGB6.sys
20:44:54.0924 4060	SiSGbeLH - ok
20:44:54.0971 4060	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:44:54.0986 4060	SiSRaid2 - ok
20:44:55.0017 4060	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:44:55.0049 4060	SiSRaid4 - ok
20:44:55.0345 4060	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
20:44:55.0704 4060	slsvc - ok
20:44:55.0938 4060	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
20:44:56.0016 4060	SLUINotify - ok
20:44:56.0328 4060	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:44:56.0421 4060	Smb - ok
20:44:56.0843 4060	smserial        (c8a58fc905c9184fa70e37f71060c64d) C:\Windows\system32\DRIVERS\smserial.sys
20:44:57.0186 4060	smserial - ok
20:44:57.0373 4060	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
20:44:57.0420 4060	SNMPTRAP - ok
20:44:57.0545 4060	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:44:57.0576 4060	spldr - ok
20:44:57.0716 4060	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
20:44:57.0763 4060	Spooler - ok
20:44:58.0028 4060	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:44:58.0106 4060	srv - ok
20:44:58.0356 4060	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:44:58.0418 4060	srv2 - ok
20:44:58.0699 4060	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:44:58.0793 4060	srvnet - ok
20:44:59.0073 4060	sscdbus         (d5dffeaa1e15d4effabb9d9a3068ac5b) C:\Windows\system32\DRIVERS\sscdbus.sys
20:44:59.0167 4060	sscdbus - ok
20:44:59.0276 4060	sscdmdfl        (8a1be0c347814f482f493aea619d57f6) C:\Windows\system32\DRIVERS\sscdmdfl.sys
20:44:59.0339 4060	sscdmdfl - ok
20:44:59.0432 4060	sscdmdm         (5ab0b1987f682a59b15b78f84c6ad7d0) C:\Windows\system32\DRIVERS\sscdmdm.sys
20:44:59.0479 4060	sscdmdm - ok
20:44:59.0697 4060	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
20:44:59.0838 4060	SSDPSRV - ok
20:44:59.0963 4060	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
20:44:59.0978 4060	ssmdrv - ok
20:45:00.0103 4060	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
20:45:00.0150 4060	SstpSvc - ok
20:45:00.0477 4060	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
20:45:00.0680 4060	stisvc - ok
20:45:01.0070 4060	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:45:01.0086 4060	swenum - ok
20:45:01.0289 4060	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
20:45:01.0367 4060	swprv - ok
20:45:01.0866 4060	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:45:01.0881 4060	Symc8xx - ok
20:45:02.0256 4060	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:45:02.0287 4060	Sym_hi - ok
20:45:02.0459 4060	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:45:02.0490 4060	Sym_u3 - ok
20:45:02.0615 4060	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
20:45:02.0755 4060	SysMain - ok
20:45:03.0223 4060	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
20:45:03.0301 4060	TabletInputService - ok
20:45:03.0535 4060	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
20:45:03.0613 4060	TapiSrv - ok
20:45:03.0785 4060	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
20:45:03.0831 4060	TBS - ok
20:45:04.0487 4060	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:45:04.0565 4060	Tcpip - ok
20:45:04.0861 4060	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:45:04.0955 4060	Tcpip6 - ok
20:45:05.0173 4060	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:45:05.0220 4060	tcpipreg - ok
20:45:05.0329 4060	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:45:05.0360 4060	TDPIPE - ok
20:45:05.0423 4060	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:45:05.0501 4060	TDTCP - ok
20:45:05.0625 4060	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:45:05.0719 4060	tdx - ok
20:45:05.0828 4060	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:45:05.0844 4060	TermDD - ok
20:45:05.0937 4060	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
20:45:06.0015 4060	TermService - ok
20:45:06.0218 4060	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
20:45:06.0234 4060	Themes - ok
20:45:06.0390 4060	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
20:45:06.0421 4060	THREADORDER - ok
20:45:06.0639 4060	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
20:45:06.0702 4060	TrkWks - ok
20:45:06.0811 4060	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
20:45:06.0858 4060	TrustedInstaller - ok
20:45:06.0951 4060	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:45:07.0092 4060	tssecsrv - ok
20:45:07.0341 4060	TuneUp.Defrag   (4196d7bc21786883201747dcc0dc84a0) C:\Windows\System32\TuneUpDefragService.exe
20:45:07.0451 4060	TuneUp.Defrag - ok
20:45:07.0638 4060	TuneUp.ProgramStatisticsSvc (02e5f68a55cd413c5bfb9f2df677dd01) C:\Windows\System32\TUProgSt.exe
20:45:07.0700 4060	TuneUp.ProgramStatisticsSvc - ok
20:45:07.0841 4060	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:45:07.0887 4060	tunmp - ok
20:45:08.0028 4060	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:45:08.0090 4060	tunnel - ok
20:45:08.0168 4060	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:45:08.0215 4060	uagp35 - ok
20:45:08.0262 4060	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:45:08.0293 4060	udfs - ok
20:45:08.0355 4060	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
20:45:08.0449 4060	UI0Detect - ok
20:45:08.0527 4060	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:45:08.0605 4060	uliagpkx - ok
20:45:08.0683 4060	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:45:08.0730 4060	uliahci - ok
20:45:08.0777 4060	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:45:08.0792 4060	UlSata - ok
20:45:08.0823 4060	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:45:08.0933 4060	ulsata2 - ok
20:45:08.0964 4060	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:45:09.0026 4060	umbus - ok
20:45:09.0089 4060	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
20:45:09.0167 4060	upnphost - ok
20:45:09.0323 4060	UPnPService     (d4531b9b73b990dc53b4a765e3bd070a) C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
20:45:09.0510 4060	UPnPService ( UnsignedFile.Multi.Generic ) - warning
20:45:09.0510 4060	UPnPService - detected UnsignedFile.Multi.Generic (1)
20:45:09.0713 4060	USBAAPL         (1df89c499bf45d878b87ebd4421d462d) C:\Windows\system32\Drivers\usbaapl.sys
20:45:09.0775 4060	USBAAPL - ok
20:45:09.0915 4060	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:45:09.0993 4060	usbccgp - ok
20:45:10.0040 4060	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:45:10.0134 4060	usbcir - ok
20:45:10.0368 4060	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:45:10.0415 4060	usbehci - ok
20:45:10.0571 4060	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:45:10.0617 4060	usbhub - ok
20:45:10.0680 4060	usbohci         (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
20:45:10.0711 4060	usbohci - ok
20:45:10.0789 4060	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:45:10.0898 4060	usbprint - ok
20:45:10.0992 4060	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:45:11.0070 4060	usbscan - ok
20:45:11.0132 4060	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:45:11.0226 4060	USBSTOR - ok
20:45:11.0257 4060	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:45:11.0304 4060	usbuhci - ok
20:45:11.0335 4060	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
20:45:11.0382 4060	usbvideo - ok
20:45:11.0538 4060	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
20:45:11.0631 4060	UxSms - ok
20:45:11.0834 4060	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
20:45:11.0943 4060	vds - ok
20:45:12.0053 4060	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:45:12.0146 4060	vga - ok
20:45:12.0177 4060	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:45:12.0224 4060	VgaSave - ok
20:45:12.0240 4060	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:45:12.0255 4060	viaagp - ok
20:45:12.0271 4060	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:45:12.0333 4060	ViaC7 - ok
20:45:12.0365 4060	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:45:12.0427 4060	viaide - ok
20:45:12.0489 4060	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:45:12.0505 4060	volmgr - ok
20:45:12.0583 4060	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:45:12.0630 4060	volmgrx - ok
20:45:12.0801 4060	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:45:12.0833 4060	volsnap - ok
20:45:12.0989 4060	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:45:13.0020 4060	vsmraid - ok
20:45:13.0238 4060	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
20:45:13.0410 4060	VSS - ok
20:45:13.0472 4060	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
20:45:13.0550 4060	W32Time - ok
20:45:13.0628 4060	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:45:13.0722 4060	WacomPen - ok
20:45:13.0784 4060	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:13.0815 4060	Wanarp - ok
20:45:13.0831 4060	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:45:13.0862 4060	Wanarpv6 - ok
20:45:13.0987 4060	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
20:45:14.0081 4060	wcncsvc - ok
20:45:14.0346 4060	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
20:45:14.0424 4060	WcsPlugInService - ok
20:45:14.0595 4060	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:45:14.0611 4060	Wd - ok
20:45:14.0814 4060	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:45:14.0892 4060	Wdf01000 - ok
20:45:14.0970 4060	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:15.0063 4060	WdiServiceHost - ok
20:45:15.0110 4060	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
20:45:15.0157 4060	WdiSystemHost - ok
20:45:15.0344 4060	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
20:45:15.0391 4060	WebClient - ok
20:45:15.0641 4060	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
20:45:15.0703 4060	Wecsvc - ok
20:45:15.0828 4060	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
20:45:15.0875 4060	wercplsupport - ok
20:45:16.0109 4060	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
20:45:16.0140 4060	WerSvc - ok
20:45:16.0296 4060	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
20:45:16.0327 4060	WinDefend - ok
20:45:16.0327 4060	WinHttpAutoProxySvc - ok
20:45:16.0592 4060	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
20:45:16.0623 4060	Winmgmt - ok
20:45:17.0060 4060	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
20:45:17.0185 4060	WinRM - ok
20:45:17.0279 4060	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
20:45:17.0435 4060	Wlansvc - ok
20:45:17.0715 4060	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:45:17.0793 4060	WmiAcpi - ok
20:45:17.0965 4060	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
20:45:18.0012 4060	wmiApSrv - ok
20:45:18.0152 4060	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
20:45:18.0339 4060	WMPNetworkSvc - ok
20:45:18.0433 4060	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
20:45:18.0527 4060	WPCSvc - ok
20:45:18.0901 4060	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
20:45:18.0979 4060	WPDBusEnum - ok
20:45:19.0104 4060	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:45:19.0182 4060	WpdUsb - ok
20:45:19.0603 4060	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:45:19.0712 4060	WPFFontCache_v0400 - ok
20:45:19.0962 4060	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:45:20.0071 4060	ws2ifsl - ok
20:45:20.0180 4060	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
20:45:20.0196 4060	wscsvc - ok
20:45:20.0211 4060	WSearch - ok
20:45:20.0570 4060	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
20:45:20.0913 4060	wuauserv - ok
20:45:21.0085 4060	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:45:21.0179 4060	WUDFRd - ok
20:45:21.0319 4060	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
20:45:21.0366 4060	wudfsvc - ok
20:45:21.0475 4060	yukonwlh        (7d1f3b131d503ef43ee594b5a2b9b427) C:\Windows\system32\DRIVERS\yk60x86.sys
20:45:21.0584 4060	yukonwlh - ok
20:45:21.0600 4060	MBR (0x1B8)     (64b1e91c5c6c2157642651010728f90f) \Device\Harddisk0\DR0
20:45:21.0756 4060	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:45:21.0756 4060	\Device\Harddisk0\DR0 - detected TDSS File System (1)
20:45:21.0771 4060	MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
20:45:24.0673 4060	\Device\Harddisk1\DR4 - ok
20:45:24.0704 4060	Boot (0x1200)   (77747511e96e7e2a35f498d25bd6a3f6) \Device\Harddisk0\DR0\Partition0
20:45:24.0720 4060	\Device\Harddisk0\DR0\Partition0 - ok
20:45:24.0751 4060	Boot (0x1200)   (bb38b48b16f28b4fb72578c1a3a97c4d) \Device\Harddisk0\DR0\Partition1
20:45:24.0767 4060	\Device\Harddisk0\DR0\Partition1 - ok
20:45:24.0767 4060	Boot (0x1200)   (2838daf1a414f42466cfc138277a4fde) \Device\Harddisk1\DR4\Partition0
20:45:24.0767 4060	\Device\Harddisk1\DR4\Partition0 - ok
20:45:24.0767 4060	============================================================
20:45:24.0767 4060	Scan finished
20:45:24.0767 4060	============================================================
20:45:24.0798 3028	Detected object count: 7
20:45:24.0798 3028	Actual detected object count: 7

cosinus · 23.03.2012, 21:59

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

piepmatz · 23.03.2012, 22:48

oh toll, meine daten sind wieder da...danke danke danke

hier die datei dazu:

23.03.2012, 20:33	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop. Nein wiederhol den Scan mit dem TDSS-Killer einfach! __________________ Logfiles bitte immer in CODE-Tags posten

Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.

Plagegeister aller Art und deren Bekämpfung: Erst Fehlermeldungen und nun keine Daten mehr und leerer Desktop.