| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.07.2012, 12:07
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
27.07.2012, 12:29
| #17 |
 | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Im Startmenü ist noch alles vorhanden. Ich kann auch keine unmittelbaren Einschränkungen mehr wahrnehmen. Problem waren ja (i) extrem langsames Internet und abstürzender Browser sowie (ii) automatisches Runterfahren nach Re-installation der Microsoft Security Essentials.
__________________Aber: Ich habe eben festgestellt, dass Microsoft Security Essentials keine Updates laden will. Es wird der Fehlercode 0x80070424 angezeigt. Ergänzung: Die Funktion nach Updates für Windows (insgesamt) zu suchen funktioniert auch nicht. Geändert von Niels (27.07.2012 um 12:39 Uhr) |
|
27.07.2012, 13:45
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.
__________________Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
27.07.2012, 14:22
| #19 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.Code:
ATTFilter OTL logfile created on: 27.07.2012 14:53:58 - Run 2 OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jealous_Sound\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 1,31 Gb Available Physical Memory | 65,83% Memory free 3,99 Gb Paging File | 3,05 Gb Available in Paging File | 76,46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 75,04 Gb Total Space | 1,65 Gb Free Space | 2,20% Space Free | Partition Type: NTFS Drive D: | 190,43 Gb Total Space | 90,92 Gb Free Space | 47,74% Space Free | Partition Type: NTFS Drive E: | 200,20 Gb Total Space | 87,49 Gb Free Space | 43,70% Space Free | Partition Type: NTFS Drive F: | 3,64 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: SAMSUNG_MADRIL | User Name: Jealous_Sound | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.27 14:51:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jealous_Sound\Desktop\OTL.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 22:58:46 | 000,857,408 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2012.02.29 22:58:36 | 001,820,480 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCore.exe PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.06.08 16:39:00 | 000,847,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.11.11 13:21:36 | 000,717,312 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe ========== Modules (No Company Name) ========== MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- D:\hardwaretest\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe -- (SandraAgentSrv) SRV - [2012.07.27 08:38:29 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.14 18:56:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.26 16:29:25 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.04.11 23:07:38 | 000,175,632 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.01 01:59:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.09.02 20:05:55 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.08.12 01:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore.exe -- (!SASCORE) SRV - [2011.05.13 15:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.04.01 11:14:30 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.28 11:21:16 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2007.05.28 18:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\hardwaretest\SiSoftware Sandra Lite 2011.SP4c\WNt500x86\Sandra.sys -- (SANDRA) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\emak.sys -- (mfelwvn) DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.06.05 15:56:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Users\Jealous_Sound\Desktop\emsissoft\Run\a2ddax86.sys -- (A2DDA) DRV - [2012.04.04 09:52:01 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2012.03.01 01:59:00 | 010,819,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.02.22 12:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple) DRV - [2012.02.04 13:46:59 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2012.01.17 14:45:56 | 000,148,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.01.11 08:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam) DRV - [2011.09.21 10:25:34 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135) DRV - [2011.07.29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv) DRV - [2011.07.29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.07.29 00:25:02 | 000,025,112 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ivusb.sys -- (ivusb) DRV - [2010.01.13 16:36:40 | 006,755,840 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) DRV - [2009.07.03 11:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2008.11.18 17:26:40 | 000,103,552 | ---- | M] (Option N.V.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtstusbser.sys -- (gtstusbser) DRV - [2007.06.14 14:41:00 | 000,466,048 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stk7070P.sys -- (Ltn_stk7070P) DRV - [2007.06.13 19:30:20 | 000,013,440 | ---- | M] (LITEON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ltn_stkrc.sys -- (Ltn_stkrc) DRV - [1996.12.12 06:30:00 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.minilua.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://search.minilua.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://search.minilua.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.minilua.com/ IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.minilua.com/ IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://search.minilua.com/ IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "hxxp://www.google.com/search" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "localhost" FF - prefs.js..network.proxy.ftp_port: 4001 FF - prefs.js..network.proxy.http: "localhost" FF - prefs.js..network.proxy.http_port: 4001 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 4001 FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 4001 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll () FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files\Aurora\components [2012.05.22 09:35:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.14 18:56:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.21 22:18:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Components: C:\Program Files\Aurora\components [2012.05.22 09:35:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Aurora 14.0a2\extensions\\Plugins: C:\Program Files\Aurora\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.14 18:56:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.26 21:59:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Extensions [2012.07.26 13:40:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\3znyjc2z.default\extensions [2012.07.24 13:00:17 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\3znyjc2z.default\extensions\firefox@ghostery.com [2012.05.24 10:11:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions [2012.05.24 10:06:12 | 000,000,000 | ---D | M] (JonDoFox) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{437be45a-4114-11dd-b9ab-71d256d89593} [2012.05.24 10:06:10 | 000,000,000 | ---D | M] (Cookie Monster) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{45d8ff86-d909-11db-9705-005056c00008} [2012.05.24 10:06:12 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2012.05.24 10:06:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.24 10:06:15 | 000,000,000 | ---D | M] (ProfileSwitcher) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\{fa8476cf-a98c-4e08-99b4-65a69cb4b7d4} [2012.05.24 10:06:11 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\https-everywhere@eff.org [2012.05.24 10:06:15 | 000,000,000 | ---D | M] ("UnPlug") -- C:\Users\Jealous_Sound\AppData\Roaming\mozilla\Firefox\Profiles\JonDoFox\extensions\unplug@compunach [2012.03.12 15:19:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.09.19 22:50:53 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Programme\Mozilla Firefox\extensions\ocr@babylon.com [2012.07.14 18:56:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions [2012.01.11 10:57:30 | 000,021,797 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\{D5EA4520-61A1-11DA-8CD6-0800200C9A66}.XPI [2012.03.12 15:23:02 | 000,047,822 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\BROWSERPROTECT@BROWSERPROTECT.COM.XPI [2011.11.10 14:38:03 | 000,246,802 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\LAZARUS@INTERCLUE.COM.XPI [2011.08.17 16:08:08 | 000,049,306 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\MP4DOWNLOADER@JEFF.NET.XPI [2012.03.01 10:44:34 | 000,025,235 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\REFGRABIT@REFWORKS.PLUGIN.XPI [2012.03.23 15:31:39 | 001,184,804 | ---- | M] () (No name found) -- C:\USERS\JEALOUS_SOUND\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3ZNYJC2Z.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI [2012.07.14 18:56:32 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.30 14:04:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.30 14:04:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.30 14:04:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.30 14:04:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.30 14:04:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.30 14:04:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - Extension: YouTube = C:\Users\Jealous_Sound\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\ CHR - Extension: Google-Suche = C:\Users\Jealous_Sound\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\ CHR - Extension: Google Mail = C:\Users\Jealous_Sound\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [dvd43] C:\Programme\dvd43\DVD43_Tray.exe () O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [VirtualCloneDrive] E:\7 Tools\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001..\Run: [Argus Monitor] "C:\Program Files\ArgusMonitor\ArgusMonitor.exe" File not found O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001..\Run: [AVMUSBFernanschluss] C:\Users\Jealous_Sound\AppData\Local\Apps\2.0\QWT9J1XB.8ME\Q9GDTMMP.7G0\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC) O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1001..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2862196369-2506484223-3221380511-1007..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Jealous_Sound\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jealous_Sound\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jealous_Sound\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDF2D830-CE56-4AB9-B635-A7604F66B9E7}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F85FFD8A-3338-4B91-AC40-DC2593D068D0}: DhcpNameServer = 134.102.20.20 134.102.200.14 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.12.12 18:04:35 | 000,000,488 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2012.06.18 12:59:54 | 000,000,012 | R--- | M] () - F:\autorun.tag -- [ CDFS ] O33 - MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\Shell - "" = AutoRun O33 - MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\Shell\AutoRun\command - "" = G:\QsSetup.exe O33 - MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG) O33 - MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\Shell - "" = AutoRun O33 - MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: DAT20BB.tmp.exe - hkey= - key= - File not found MsConfig - StartUpReg: Malwarebytes' Anti-Malware - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com) SafeBootNet: Base - Driver Group SafeBootNet: BFE - Service SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MPSSvc - Service SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: SharedAccess - File not found SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.iac2 - C:\\Windows\\system32\\iac25_32.ax () Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msg723 - msg723.acm File not found Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - tssoft32.acm File not found Drivers32: msacm.voxacm160 - vct3216.acm File not found Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: SENTINEL - C:\Windows\System32\SNTI386.DLL () Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.DRAW - DVIDEO.DLL File not found Drivers32: VIDC.FFDS - C:\Programme\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll () Drivers32: VIDC.FPS1 - frapsvid.dll File not found Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.M261 - msh261.drv File not found Drivers32: vidc.M263 - msh263.drv File not found Drivers32: VIDC.MSUD - msulvc05.dll File not found Drivers32: VIDC.VP40 - vp4vfw.dll File not found Drivers32: vidc.VP60 - vp6vfw.dll File not found Drivers32: vidc.VP61 - vp6vfw.dll File not found Drivers32: vidc.VP62 - vp6vfw.dll File not found Drivers32: vidc.VP70 - vp7vfw.dll File not found Drivers32: VIDC.WMV3 - wmv9vcm.dll File not found Drivers32: vidc.X264 - x264vfw.dll File not found Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.24 12:47:25 | 004,754,944 | ---- | C] (Geza Kovacs) -- C:\Users\Jealous_Sound\Desktop\unetbootin-windows-568.exe [2012.07.23 09:41:17 | 000,000,000 | ---D | C] -- C:\Users\Jealous_Sound\AppData\Roaming\SUPERAntiSpyware.com [2012.07.23 09:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware [2012.07.23 09:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2012.07.23 09:40:52 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2012.07.22 21:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.21 13:34:22 | 000,000,000 | ---D | C] -- C:\Users\Jealous_Sound\AppData\Roaming\Malwarebytes [2012.07.21 13:34:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.21 13:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.21 13:34:09 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.21 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.21 13:33:18 | 000,000,000 | ---D | C] -- C:\Users\Jealous_Sound\Desktop\emsissoft [2012.07.20 15:09:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.19 16:25:04 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jealous_Sound\Desktop\OTL.exe [2012.07.19 16:13:46 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.07.19 12:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.07.06 09:52:55 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2012.07.05 13:18:14 | 000,114,176 | ---- | C] (CPUID) -- C:\Windows\System32\PCWizard.cpl [2012.07.05 13:17:07 | 000,000,000 | ---D | C] -- C:\Users\Jealous_Sound\AppData\Roaming\AlMiSoft [2012.07.05 13:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser-Maulkorb [2012.07.05 13:15:46 | 000,000,000 | ---D | C] -- C:\Program Files\Browser-Maulkorb [2012.07.03 10:00:18 | 000,000,000 | ---D | C] -- C:\Users\Jealous_Sound\AppData\Roaming\QuickScan ========== Files - Modified Within 30 Days ========== [2012.07.27 14:51:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jealous_Sound\Desktop\OTL.exe [2012.07.27 14:38:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.27 14:14:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.27 13:42:39 | 000,029,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 13:42:39 | 000,029,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.27 13:35:37 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.27 13:35:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.27 13:35:07 | 1606,373,376 | -HS- | M] () -- C:\hiberfil.sys [2012.07.26 22:28:57 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.26 22:28:57 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.26 22:28:57 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.26 22:28:57 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.26 21:29:50 | 000,632,049 | ---- | M] () -- C:\Users\Jealous_Sound\Desktop\adwcleaner.exe [2012.07.25 17:06:21 | 000,049,269 | ---- | M] () -- C:\Users\Jealous_Sound\Desktop\3943_6309.jpeg [2012.07.25 14:56:28 | 000,055,582 | ---- | M] () -- C:\Users\Jealous_Sound\Desktop\Unbenannt.png [2012.07.24 12:56:54 | 000,341,940 | ---- | M] () -- C:\Users\Jealous_Sound\Desktop\Lesezeichen - Mozilla [2012.07.24 12:47:42 | 004,754,944 | ---- | M] (Geza Kovacs) -- C:\Users\Jealous_Sound\Desktop\unetbootin-windows-568.exe [2012.07.23 09:40:59 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.21 13:35:12 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.21 13:27:17 | 000,000,020 | ---- | M] () -- C:\Users\Jealous_Sound\defogger_reenable [2012.07.19 12:40:20 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.07.08 20:08:36 | 000,000,410 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.07.27 13:37:05 | 000,001,973 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2012.07.26 21:29:44 | 000,632,049 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\adwcleaner.exe [2012.07.25 21:43:03 | 000,001,063 | ---- | C] () -- C:\Users\Jealous_Sound\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.07.25 17:05:23 | 000,049,269 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\3943_6309.jpeg [2012.07.25 14:56:24 | 000,055,582 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\Unbenannt.png [2012.07.24 12:56:54 | 000,341,940 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\Lesezeichen - Mozilla [2012.07.23 09:40:59 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk [2012.07.21 13:34:16 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 15:12:52 | 000,000,020 | ---- | C] () -- C:\Users\Jealous_Sound\defogger_reenable [2012.07.19 16:25:04 | 000,302,592 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\gmer.exe [2012.07.19 16:25:04 | 000,050,477 | ---- | C] () -- C:\Users\Jealous_Sound\Desktop\Defogger.exe [2012.07.19 12:39:48 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.05.20 21:37:05 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.02.06 14:40:16 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2012.02.06 14:40:16 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2012.02.06 14:40:16 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2012.02.06 14:40:16 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2012.02.06 14:40:16 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2012.02.06 12:01:21 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS [2012.02.06 12:01:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL [2012.02.06 12:01:20 | 000,038,400 | ---- | C] () -- C:\Windows\System32\SNTI386.DLL [2012.02.06 12:01:20 | 000,006,656 | ---- | C] () -- C:\Windows\System32\Js~reg32.dll [2012.01.19 15:03:30 | 000,000,720 | ---- | C] () -- C:\Windows\liswin32.ini [2012.01.19 15:03:30 | 000,000,179 | ---- | C] () -- C:\Windows\HIGHED32.INI [2012.01.11 09:35:12 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{5bd47288-d8c4-3f33-3c8d-899ff0668cc9}\@ [2012.01.11 09:35:12 | 000,002,048 | -HS- | C] () -- C:\Users\Jealous_Sound\AppData\Local\{5bd47288-d8c4-3f33-3c8d-899ff0668cc9}\@ [2011.12.28 09:53:06 | 000,611,840 | ---- | C] () -- C:\Windows\System32\DVD43.dll [2011.10.10 13:04:57 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.10.10 13:04:57 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.09.20 09:44:02 | 000,000,193 | ---- | C] () -- C:\Users\Jealous_Sound\AppData\Roaming\burnaware.ini [2011.09.19 22:54:01 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.09.19 22:50:59 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.09.13 15:46:52 | 011,210,752 | ---- | C] () -- C:\Users\Jealous_Sound\AppData\Roaming\Sandra.mdb [2011.09.12 16:37:54 | 000,299,520 | ---- | C] () -- C:\Windows\uninst.exe [2011.08.30 12:35:27 | 000,000,966 | ---- | C] () -- C:\Windows\Mobile Partner Manager.INI [2011.08.03 09:17:37 | 000,197,648 | ---- | C] () -- C:\Windows\System32\drivers\StkCSF.sys [2011.08.03 09:17:37 | 000,088,592 | ---- | C] () -- C:\Windows\StkUnist.exe [2011.08.02 08:37:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.28 12:59:42 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.07.27 07:32:06 | 000,656,266 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2011.07.27 07:32:06 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2011.07.27 07:32:06 | 000,131,006 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2011.07.27 07:32:06 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2011.08.04 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2012.05.22 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Downloaded Installations [2012.07.27 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Dropbox [2011.08.10 10:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\DVDVideoSoft [2011.08.10 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.17 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Foxit Software [2012.04.04 09:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\HandBrake [2012.03.25 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\IrfanView [2012.05.24 10:21:32 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\JonDo [2012.05.04 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\ManyCam [2011.08.01 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Mp3tag [2012.07.27 12:34:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Nitro PDF [2011.11.17 15:52:02 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\OpenOffice.org [2012.07.03 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\QuickScan [2012.04.22 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\redsn0w [2011.07.26 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Thunderbird [2012.06.14 09:13:59 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.26 09:07:06 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Adobe [2012.07.05 13:17:07 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\AlMiSoft [2012.04.22 15:42:28 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Apple Computer [2011.08.04 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\de.makesoft.twhirl.0EA062BC275E7ED1E6EC3762EFFD73C7158ADF33.1 [2012.01.16 14:22:13 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\DivX [2012.05.22 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Downloaded Installations [2012.07.27 13:39:20 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Dropbox [2011.08.10 10:30:50 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\DVDVideoSoft [2011.08.10 10:30:39 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\DVDVideoSoftIEHelpers [2011.09.17 09:33:16 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Foxit Software [2012.04.04 09:49:37 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\HandBrake [2011.07.26 21:43:04 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Identities [2011.08.03 09:16:53 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\InstallShield [2012.03.25 17:08:12 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\IrfanView [2012.05.24 10:21:32 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\JonDo [2011.07.27 11:31:06 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Macromedia [2012.07.21 13:34:22 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Malwarebytes [2012.05.04 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\ManyCam [2009.07.14 09:49:10 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Media Center Programs [2012.01.16 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Media Player Classic [2012.06.13 20:43:40 | 000,000,000 | --SD | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Microsoft [2011.07.26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Mozilla [2011.08.01 20:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Mp3tag [2012.07.27 12:34:47 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Nitro PDF [2011.09.13 15:51:34 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\NVIDIA [2011.11.17 15:52:02 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\OpenOffice.org [2012.07.03 10:00:18 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\QuickScan [2012.04.22 14:45:21 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\redsn0w [2012.05.23 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Skype [2012.07.23 09:41:17 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\SUPERAntiSpyware.com [2011.07.26 22:57:37 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\Thunderbird [2011.11.24 17:18:34 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\vlc [2011.08.12 10:47:37 | 000,000,000 | ---D | M] -- C:\Users\Jealous_Sound\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jealous_Sound\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe [2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jealous_Sound\AppData\Roaming\Dropbox\bin\Uninstall.exe [2011.08.04 10:14:47 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Jealous_Sound\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2011.09.05 10:05:11 | 000,341,512 | R--- | M] (Acresso Software Inc.) -- C:\Users\Jealous_Sound\AppData\Roaming\Microsoft\Installer\{C92482C1-CC55-4152-AFCC-186A4A7EC4CA}\ARPPRODUCTICON.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\drivers\AGP440.sys [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\drivers\AGP440.sys [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 04:38:05 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\drivers\atapi.sys [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\drivers\atapi.sys [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 04:38:05 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\drivers\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\drivers\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 04:38:05 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\drivers\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\drivers\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 04:38:05 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\drivers\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\BootWimSrc\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\buildcache\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Users\Jealous_Sound\Downloads\ctnotwin2011\ctNotWin2011\Temp\cc7pe\InstallWimSrc\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
27.07.2012, 15:22
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.12.12 18:04:35 | 000,000,488 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012.06.18 12:59:54 | 000,000,012 | R--- | M] () - F:\autorun.tag -- [ CDFS ]
O33 - MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\Shell\AutoRun\command - "" = G:\QsSetup.exe
O33 - MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\Shell\AutoRun\command - "" = F:\start.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG)
O33 - MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\start.exe -- [2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG)
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 15:40
| #21 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Ist alles wie von Dir beschrieben abgelaufen: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.tag scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a7a6064-d0bc-11e0-8ee2-002269e02bd7}\ not found.
File G:\QsSetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{225acc75-b7be-11e0-a295-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{225acc75-b7be-11e0-a295-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{225acc75-b7be-11e0-a295-806e6f6e6963}\ not found.
File move failed. F:\start.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ebebc3cb-f30d-11e0-8e2e-002269e02bd7}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\start.exe scheduled to be moved on reboot.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Jealous_Sound
->Temp folder emptied: 264852414 bytes
->Temporary Internet Files folder emptied: 314923405 bytes
->Java cache emptied: 12501244 bytes
->FireFox cache emptied: 363718455 bytes
->Google Chrome cache emptied: 13023924 bytes
->Flash cache emptied: 59147 bytes
User: Mcx1-SAMSUNG_MADRIL
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 68222 bytes
->Flash cache emptied: 56468 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 98265459 bytes
RecycleBin emptied: 919802 bytes
Total Files Cleaned = 1.019,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Jealous_Sound
->Flash cache emptied: 0 bytes
User: Mcx1-SAMSUNG_MADRIL
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_163613
Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\autorun.tag scheduled to be moved on reboot.
File move failed. F:\start.exe scheduled to be moved on reboot.
File\Folder C:\Users\Jealous_Sound\AppData\Local\Temp\2011-06-20-1152886497_04-RG.PDF not found!
File\Folder C:\Users\Jealous_Sound\AppData\Local\Temp\2011-09-16-1183771907_04-RG.PDF not found!
File\Folder C:\Users\Jealous_Sound\AppData\Local\Temp\2011-10-18-1194014553_04-RG.PDF not found!
PendingFileRenameOperations files...
[2011.12.12 18:04:35 | 000,000,488 | R--- | M] () F:\autorun.inf : MD5=9B05DEC5D5D48A2DF972A27161EE5373
[2012.06.18 12:59:54 | 000,000,012 | R--- | M] () F:\autorun.tag : MD5=33FD42713800FF6BBDEF53D79C06B9D0
[2009.02.13 11:59:52 | 000,935,768 | R--- | M] (mirabyte GmbH & Co. KG) F:\start.exe : MD5=AEF9AAC93F3B9D3A15E840B4E592D655
File C:\Users\Jealous_Sound\AppData\Local\Temp\2011-06-20-1152886497_04-RG.PDF not found!
File C:\Users\Jealous_Sound\AppData\Local\Temp\2011-09-16-1183771907_04-RG.PDF not found!
File C:\Users\Jealous_Sound\AppData\Local\Temp\2011-10-18-1194014553_04-RG.PDF not found!
Registry entries deleted on Reboot...
|
|
27.07.2012, 20:15
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.07.2012, 11:07
| #23 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Bin gespannt. Ein paar Sachen hat er angemerkt, die ich dann geskipped habe. Code:
ATTFilter 12:05:25.0445 3284 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
12:05:25.0991 3284 ============================================================
12:05:25.0991 3284 Current date / time: 2012/07/28 12:05:25.0991
12:05:25.0991 3284 SystemInfo:
12:05:25.0991 3284
12:05:25.0991 3284 OS Version: 6.1.7601 ServicePack: 1.0
12:05:25.0991 3284 Product type: Workstation
12:05:25.0991 3284 ComputerName: SAMSUNG_MADRIL
12:05:25.0991 3284 UserName: Jealous_Sound
12:05:25.0991 3284 Windows directory: C:\Windows
12:05:25.0991 3284 System windows directory: C:\Windows
12:05:25.0991 3284 Processor architecture: Intel x86
12:05:25.0991 3284 Number of processors: 2
12:05:25.0991 3284 Page size: 0x1000
12:05:25.0991 3284 Boot type: Normal boot
12:05:25.0991 3284 ============================================================
12:05:27.0489 3284 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:05:27.0489 3284 ============================================================
12:05:27.0489 3284 \Device\Harddisk0\DR0:
12:05:27.0489 3284 MBR partitions:
12:05:27.0489 3284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:05:27.0489 3284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x17CDC000
12:05:27.0489 3284 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x17D0E800, BlocksNum 0x19064000
12:05:27.0489 3284 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x30D72800, BlocksNum 0x9613000
12:05:27.0489 3284 ============================================================
12:05:27.0536 3284 C: <-> \Device\Harddisk0\DR0\Partition3
12:05:27.0583 3284 D: <-> \Device\Harddisk0\DR0\Partition1
12:05:27.0629 3284 E: <-> \Device\Harddisk0\DR0\Partition2
12:05:27.0629 3284 ============================================================
12:05:27.0629 3284 Initialize success
12:05:27.0629 3284 ============================================================
12:06:03.0478 4300 ============================================================
12:06:03.0478 4300 Scan started
12:06:03.0478 4300 Mode: Manual; SigCheck; TDLFS;
12:06:03.0478 4300 ============================================================
12:06:05.0506 4300 !SASCORE (c0393eb99a6c72c6bef9bfc4a72b33a6) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
12:06:05.0584 4300 !SASCORE - ok
12:06:05.0928 4300 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
12:06:06.0021 4300 1394ohci - ok
12:06:06.0146 4300 A2DDA (f7eabca8375ea2dc6f35c4bca4757515) C:\Users\Jealous_Sound\Desktop\emsissoft\Run\a2ddax86.sys
12:06:06.0177 4300 A2DDA - ok
12:06:06.0240 4300 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
12:06:06.0271 4300 ACPI - ok
12:06:06.0286 4300 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
12:06:06.0333 4300 AcpiPmi - ok
12:06:06.0988 4300 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:06:07.0020 4300 AdobeFlashPlayerUpdateSvc - ok
12:06:07.0098 4300 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
12:06:07.0144 4300 adp94xx - ok
12:06:07.0176 4300 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
12:06:07.0207 4300 adpahci - ok
12:06:07.0238 4300 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
12:06:07.0254 4300 adpu320 - ok
12:06:07.0285 4300 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
12:06:07.0332 4300 AeLookupSvc - ok
12:06:07.0410 4300 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
12:06:07.0472 4300 AFD - ok
12:06:07.0503 4300 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
12:06:07.0519 4300 agp440 - ok
12:06:07.0534 4300 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
12:06:07.0550 4300 aic78xx - ok
12:06:07.0581 4300 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
12:06:07.0644 4300 ALG - ok
12:06:07.0659 4300 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
12:06:07.0675 4300 aliide - ok
12:06:07.0690 4300 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
12:06:07.0706 4300 amdagp - ok
12:06:07.0706 4300 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
12:06:07.0722 4300 amdide - ok
12:06:07.0737 4300 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
12:06:07.0768 4300 AmdK8 - ok
12:06:07.0784 4300 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
12:06:07.0815 4300 AmdPPM - ok
12:06:07.0862 4300 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
12:06:07.0878 4300 amdsata - ok
12:06:07.0924 4300 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
12:06:07.0956 4300 amdsbs - ok
12:06:07.0956 4300 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
12:06:07.0971 4300 amdxata - ok
12:06:08.0002 4300 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
12:06:08.0080 4300 AppID - ok
12:06:08.0096 4300 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
12:06:08.0143 4300 AppIDSvc - ok
12:06:08.0174 4300 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
12:06:08.0252 4300 Appinfo - ok
12:06:08.0361 4300 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:06:08.0377 4300 Apple Mobile Device - ok
12:06:08.0439 4300 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
12:06:08.0502 4300 AppMgmt - ok
12:06:08.0533 4300 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
12:06:08.0548 4300 arc - ok
12:06:08.0564 4300 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
12:06:08.0564 4300 arcsas - ok
12:06:08.0611 4300 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
12:06:08.0642 4300 AsyncMac - ok
12:06:08.0658 4300 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
12:06:08.0673 4300 atapi - ok
12:06:08.0736 4300 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:06:08.0829 4300 AudioEndpointBuilder - ok
12:06:08.0829 4300 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
12:06:08.0860 4300 Audiosrv - ok
12:06:08.0923 4300 avmaudio (728c4a6c722535c16d1025f51aa31e22) C:\Windows\system32\DRIVERS\avmaudio.sys
12:06:08.0985 4300 avmaudio - ok
12:06:09.0032 4300 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
12:06:09.0110 4300 AxInstSV - ok
12:06:09.0172 4300 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
12:06:09.0235 4300 b06bdrv - ok
12:06:09.0282 4300 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
12:06:09.0313 4300 b57nd60x - ok
12:06:09.0391 4300 BBSvc (0d1ea7509f394d8b705b239ee71f5118) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
12:06:09.0422 4300 BBSvc - ok
12:06:09.0453 4300 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
12:06:09.0484 4300 BDESVC - ok
12:06:09.0516 4300 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
12:06:09.0562 4300 Beep - ok
12:06:09.0594 4300 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
12:06:09.0640 4300 blbdrive - ok
12:06:09.0750 4300 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
12:06:09.0796 4300 Bonjour Service - ok
12:06:09.0828 4300 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
12:06:09.0843 4300 bowser - ok
12:06:09.0859 4300 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:06:09.0906 4300 BrFiltLo - ok
12:06:09.0921 4300 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:06:09.0952 4300 BrFiltUp - ok
12:06:09.0984 4300 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
12:06:10.0077 4300 Browser - ok
12:06:10.0124 4300 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
12:06:10.0171 4300 Brserid - ok
12:06:10.0202 4300 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
12:06:10.0233 4300 BrSerWdm - ok
12:06:10.0249 4300 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:06:10.0264 4300 BrUsbMdm - ok
12:06:10.0280 4300 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
12:06:10.0296 4300 BrUsbSer - ok
12:06:10.0342 4300 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
12:06:10.0405 4300 BthEnum - ok
12:06:10.0436 4300 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
12:06:10.0483 4300 BTHMODEM - ok
12:06:10.0530 4300 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
12:06:10.0576 4300 BthPan - ok
12:06:10.0639 4300 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
12:06:10.0670 4300 BTHPORT - ok
12:06:10.0717 4300 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
12:06:10.0779 4300 bthserv - ok
12:06:10.0795 4300 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
12:06:10.0826 4300 BTHUSB - ok
12:06:10.0857 4300 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
12:06:10.0873 4300 cdfs - ok
12:06:10.0935 4300 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
12:06:10.0966 4300 cdrom - ok
12:06:11.0013 4300 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:06:11.0076 4300 CertPropSvc - ok
12:06:11.0122 4300 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
12:06:11.0138 4300 circlass - ok
12:06:11.0200 4300 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
12:06:11.0247 4300 CLFS - ok
12:06:11.0356 4300 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:06:11.0388 4300 clr_optimization_v2.0.50727_32 - ok
12:06:11.0512 4300 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:06:11.0590 4300 clr_optimization_v4.0.30319_32 - ok
12:06:11.0606 4300 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
12:06:11.0637 4300 CmBatt - ok
12:06:11.0653 4300 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
12:06:11.0668 4300 cmdide - ok
12:06:11.0715 4300 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
12:06:11.0762 4300 CNG - ok
12:06:11.0778 4300 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
12:06:11.0793 4300 Compbatt - ok
12:06:11.0840 4300 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
12:06:11.0871 4300 CompositeBus - ok
12:06:11.0887 4300 COMSysApp - ok
12:06:11.0965 4300 cpuz135 (3411fdf098aa20193eee5ffa36ba43b2) C:\Windows\system32\drivers\cpuz135_x32.sys
12:06:11.0980 4300 cpuz135 - ok
12:06:12.0121 4300 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
12:06:12.0136 4300 crcdisk - ok
12:06:12.0214 4300 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
12:06:12.0261 4300 CryptSvc - ok
12:06:12.0308 4300 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
12:06:12.0417 4300 CSC - ok
12:06:12.0511 4300 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
12:06:12.0542 4300 CscService - ok
12:06:12.0620 4300 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:06:12.0792 4300 DcomLaunch - ok
12:06:12.0838 4300 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
12:06:12.0916 4300 defragsvc - ok
12:06:12.0979 4300 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
12:06:13.0057 4300 DfsC - ok
12:06:13.0104 4300 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
12:06:13.0182 4300 Dhcp - ok
12:06:13.0197 4300 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
12:06:13.0228 4300 discache - ok
12:06:13.0260 4300 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
12:06:13.0275 4300 Disk - ok
12:06:13.0306 4300 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
12:06:13.0338 4300 Dnscache - ok
12:06:13.0384 4300 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
12:06:13.0478 4300 dot3svc - ok
12:06:13.0509 4300 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
12:06:13.0572 4300 DPS - ok
12:06:13.0603 4300 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
12:06:13.0650 4300 drmkaud - ok
12:06:13.0743 4300 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\Windows\system32\DRIVERS\dvd43llh.sys
12:06:13.0759 4300 dvd43llh ( UnsignedFile.Multi.Generic ) - warning
12:06:13.0759 4300 dvd43llh - detected UnsignedFile.Multi.Generic (1)
12:06:13.0852 4300 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
12:06:13.0899 4300 DXGKrnl - ok
12:06:13.0946 4300 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
12:06:13.0993 4300 EapHost - ok
12:06:14.0180 4300 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
12:06:14.0320 4300 ebdrv - ok
12:06:14.0461 4300 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
12:06:14.0492 4300 EFS - ok
12:06:14.0554 4300 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
12:06:14.0586 4300 ehRecvr - ok
12:06:14.0617 4300 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
12:06:14.0664 4300 ehSched - ok
12:06:14.0757 4300 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
12:06:14.0788 4300 ElbyCDIO - ok
12:06:14.0820 4300 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
12:06:14.0851 4300 elxstor - ok
12:06:14.0913 4300 epmntdrv (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys
12:06:14.0960 4300 epmntdrv ( UnsignedFile.Multi.Generic ) - warning
12:06:14.0960 4300 epmntdrv - detected UnsignedFile.Multi.Generic (1)
12:06:14.0991 4300 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
12:06:15.0007 4300 ErrDev - ok
12:06:15.0069 4300 EuGdiDrv (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys
12:06:15.0100 4300 EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning
12:06:15.0100 4300 EuGdiDrv - detected UnsignedFile.Multi.Generic (1)
12:06:15.0163 4300 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
12:06:15.0225 4300 EventSystem - ok
12:06:15.0241 4300 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
12:06:15.0288 4300 exfat - ok
12:06:15.0319 4300 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
12:06:15.0350 4300 fastfat - ok
12:06:15.0444 4300 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
12:06:15.0522 4300 Fax - ok
12:06:15.0537 4300 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
12:06:15.0568 4300 fdc - ok
12:06:15.0584 4300 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
12:06:15.0631 4300 fdPHost - ok
12:06:15.0646 4300 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
12:06:15.0693 4300 FDResPub - ok
12:06:15.0724 4300 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
12:06:15.0740 4300 FileInfo - ok
12:06:15.0756 4300 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
12:06:15.0834 4300 Filetrace - ok
12:06:15.0834 4300 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
12:06:15.0865 4300 flpydisk - ok
12:06:15.0896 4300 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
12:06:15.0927 4300 FltMgr - ok
12:06:16.0021 4300 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
12:06:16.0083 4300 FontCache - ok
12:06:16.0192 4300 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:06:16.0224 4300 FontCache3.0.0.0 - ok
12:06:16.0255 4300 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
12:06:16.0255 4300 FsDepends - ok
12:06:16.0317 4300 fssfltr (bfaaa92861526bb0adcd01e964ab6609) C:\Windows\system32\DRIVERS\fssfltr.sys
12:06:16.0333 4300 fssfltr - ok
12:06:16.0504 4300 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
12:06:16.0598 4300 fsssvc - ok
12:06:16.0785 4300 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
12:06:16.0801 4300 Fs_Rec - ok
12:06:16.0879 4300 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
12:06:16.0910 4300 fvevol - ok
12:06:16.0941 4300 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:06:16.0972 4300 gagp30kx - ok
12:06:16.0972 4300 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
12:06:16.0988 4300 GEARAspiWDM - ok
12:06:17.0066 4300 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
12:06:17.0144 4300 gpsvc - ok
12:06:17.0191 4300 gtstusbser (b980d6f28324183c71d9bffa9d022f52) C:\Windows\system32\DRIVERS\gtstusbser.sys
12:06:17.0238 4300 gtstusbser - ok
12:06:17.0300 4300 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:17.0316 4300 gupdate - ok
12:06:17.0331 4300 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
12:06:17.0347 4300 gupdatem - ok
12:06:17.0362 4300 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
12:06:17.0440 4300 hcw85cir - ok
12:06:17.0518 4300 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
12:06:17.0565 4300 HdAudAddService - ok
12:06:17.0628 4300 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
12:06:17.0674 4300 HDAudBus - ok
12:06:17.0690 4300 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
12:06:17.0706 4300 HidBatt - ok
12:06:17.0721 4300 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
12:06:17.0752 4300 HidBth - ok
12:06:17.0784 4300 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
12:06:17.0815 4300 HidIr - ok
12:06:17.0846 4300 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
12:06:17.0893 4300 hidserv - ok
12:06:17.0924 4300 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
12:06:17.0955 4300 HidUsb - ok
12:06:17.0986 4300 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
12:06:18.0018 4300 hkmsvc - ok
12:06:18.0064 4300 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
12:06:18.0111 4300 HomeGroupListener - ok
12:06:18.0158 4300 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
12:06:18.0220 4300 HomeGroupProvider - ok
12:06:18.0267 4300 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
12:06:18.0283 4300 HpSAMD - ok
12:06:18.0361 4300 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
12:06:18.0408 4300 HTTP - ok
12:06:18.0439 4300 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
12:06:18.0454 4300 hwpolicy - ok
12:06:18.0501 4300 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
12:06:18.0532 4300 i8042prt - ok
12:06:18.0626 4300 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\drivers\iaStorV.sys
12:06:18.0657 4300 iaStorV - ok
12:06:18.0829 4300 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:06:18.0891 4300 idsvc - ok
12:06:18.0907 4300 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
12:06:18.0922 4300 iirsp - ok
12:06:19.0000 4300 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
12:06:19.0078 4300 IKEEXT - ok
12:06:19.0328 4300 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\Windows\system32\drivers\RTKVHDA.sys
12:06:19.0484 4300 IntcAzAudAddService - ok
12:06:19.0749 4300 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
12:06:19.0780 4300 intelide - ok
12:06:19.0812 4300 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
12:06:19.0827 4300 intelppm - ok
12:06:19.0874 4300 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
12:06:19.0952 4300 IPBusEnum - ok
12:06:19.0968 4300 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:06:20.0046 4300 IpFilterDriver - ok
12:06:20.0077 4300 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
12:06:20.0108 4300 IPMIDRV - ok
12:06:20.0139 4300 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
12:06:20.0186 4300 IPNAT - ok
12:06:20.0280 4300 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
12:06:20.0326 4300 iPod Service - ok
12:06:20.0373 4300 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
12:06:20.0404 4300 IRENUM - ok
12:06:20.0436 4300 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
12:06:20.0436 4300 isapnp - ok
12:06:20.0482 4300 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
12:06:20.0514 4300 iScsiPrt - ok
12:06:20.0592 4300 ivusb (994ebb45c4b438e1f6ea0b958ae9b9a3) C:\Windows\system32\DRIVERS\ivusb.sys
12:06:20.0607 4300 ivusb - ok
12:06:20.0638 4300 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
12:06:20.0654 4300 kbdclass - ok
12:06:20.0685 4300 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
12:06:20.0732 4300 kbdhid - ok
12:06:20.0763 4300 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:06:20.0779 4300 KeyIso - ok
12:06:20.0794 4300 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
12:06:20.0810 4300 KSecDD - ok
12:06:20.0826 4300 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
12:06:20.0841 4300 KSecPkg - ok
12:06:20.0888 4300 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
12:06:20.0950 4300 KtmRm - ok
12:06:20.0997 4300 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
12:06:21.0044 4300 LanmanServer - ok
12:06:21.0075 4300 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
12:06:21.0106 4300 LanmanWorkstation - ok
12:06:21.0153 4300 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
12:06:21.0216 4300 lltdio - ok
12:06:21.0278 4300 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
12:06:21.0309 4300 lltdsvc - ok
12:06:21.0325 4300 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
12:06:21.0356 4300 lmhosts - ok
12:06:21.0403 4300 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:06:21.0418 4300 LSI_FC - ok
12:06:21.0450 4300 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:06:21.0450 4300 LSI_SAS - ok
12:06:21.0496 4300 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:06:21.0512 4300 LSI_SAS2 - ok
12:06:21.0528 4300 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:06:21.0528 4300 LSI_SCSI - ok
12:06:21.0621 4300 Ltn_stk7070P (23b55d27a0afb7fe9cbcb20b617cc168) C:\Windows\system32\DRIVERS\Ltn_stk7070P.sys
12:06:21.0730 4300 Ltn_stk7070P - ok
12:06:21.0777 4300 Ltn_stkrc (1fa7503d019291c027fedae509bc5500) C:\Windows\system32\DRIVERS\Ltn_stkrc.sys
12:06:21.0808 4300 Ltn_stkrc - ok
12:06:21.0855 4300 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
12:06:21.0871 4300 luafv - ok
12:06:21.0933 4300 ManyCam (8e17d513d8011b0ee03c355eaab0e0cc) C:\Windows\system32\DRIVERS\mcvidrv.sys
12:06:21.0996 4300 ManyCam - ok
12:06:22.0074 4300 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
12:06:22.0105 4300 MBAMProtector - ok
12:06:22.0214 4300 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
12:06:22.0261 4300 MBAMService - ok
12:06:22.0276 4300 mcaudrv_simple (562d95e00e14a944debe655decbd3f5b) C:\Windows\system32\drivers\mcaudrv.sys
12:06:22.0308 4300 mcaudrv_simple - ok
12:06:22.0339 4300 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
12:06:22.0370 4300 Mcx2Svc - ok
12:06:22.0479 4300 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
12:06:22.0526 4300 MDM - ok
12:06:22.0542 4300 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
12:06:22.0542 4300 megasas - ok
12:06:22.0588 4300 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
12:06:22.0635 4300 MegaSR - ok
12:06:22.0651 4300 mfelwvn - ok
12:06:22.0666 4300 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:06:22.0713 4300 MMCSS - ok
12:06:22.0729 4300 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
12:06:22.0760 4300 Modem - ok
12:06:22.0791 4300 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
12:06:22.0822 4300 monitor - ok
12:06:22.0869 4300 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
12:06:22.0900 4300 mouclass - ok
12:06:22.0932 4300 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
12:06:22.0947 4300 mouhid - ok
12:06:22.0978 4300 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
12:06:22.0994 4300 mountmgr - ok
12:06:23.0056 4300 MozillaMaintenance (864c02d08f2f641491fe5b4c004f8980) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:06:23.0088 4300 MozillaMaintenance - ok
12:06:23.0150 4300 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
12:06:23.0166 4300 MpFilter - ok
12:06:23.0197 4300 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
12:06:23.0197 4300 mpio - ok
12:06:23.0228 4300 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
12:06:23.0259 4300 mpsdrv - ok
12:06:23.0306 4300 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
12:06:23.0322 4300 MRxDAV - ok
12:06:23.0368 4300 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:06:23.0415 4300 mrxsmb - ok
12:06:23.0462 4300 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:06:23.0509 4300 mrxsmb10 - ok
12:06:23.0556 4300 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:06:23.0602 4300 mrxsmb20 - ok
12:06:23.0634 4300 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\drivers\msahci.sys
12:06:23.0634 4300 msahci - ok
12:06:23.0665 4300 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\drivers\msdsm.sys
12:06:23.0666 4300 msdsm - ok
12:06:23.0697 4300 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
12:06:23.0713 4300 MSDTC - ok
12:06:23.0744 4300 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
12:06:23.0775 4300 Msfs - ok
12:06:23.0791 4300 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
12:06:23.0853 4300 mshidkmdf - ok
12:06:23.0869 4300 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
12:06:23.0869 4300 msisadrv - ok
12:06:23.0915 4300 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
12:06:23.0978 4300 MSiSCSI - ok
12:06:23.0978 4300 msiserver - ok
12:06:23.0993 4300 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
12:06:24.0040 4300 MSKSSRV - ok
12:06:24.0149 4300 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:06:24.0149 4300 MsMpSvc - ok
12:06:24.0181 4300 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
12:06:24.0243 4300 MSPCLOCK - ok
12:06:24.0259 4300 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
12:06:24.0305 4300 MSPQM - ok
12:06:24.0337 4300 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
12:06:24.0352 4300 MsRPC - ok
12:06:24.0368 4300 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
12:06:24.0368 4300 mssmbios - ok
12:06:24.0383 4300 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
12:06:24.0399 4300 MSTEE - ok
12:06:24.0399 4300 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
12:06:24.0430 4300 MTConfig - ok
12:06:24.0446 4300 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
12:06:24.0461 4300 Mup - ok
12:06:24.0508 4300 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
12:06:24.0539 4300 napagent - ok
12:06:24.0602 4300 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
12:06:24.0664 4300 NativeWifiP - ok
12:06:24.0758 4300 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
12:06:24.0820 4300 NDIS - ok
12:06:24.0820 4300 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
12:06:24.0867 4300 NdisCap - ok
12:06:24.0883 4300 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
12:06:24.0929 4300 NdisTapi - ok
12:06:24.0961 4300 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
12:06:24.0976 4300 Ndisuio - ok
12:06:25.0023 4300 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
12:06:25.0085 4300 NdisWan - ok
12:06:25.0117 4300 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
12:06:25.0148 4300 NDProxy - ok
12:06:25.0163 4300 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
12:06:25.0195 4300 NetBIOS - ok
12:06:25.0226 4300 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
12:06:25.0304 4300 NetBT - ok
12:06:25.0351 4300 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:06:25.0366 4300 Netlogon - ok
12:06:25.0429 4300 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
12:06:25.0507 4300 Netman - ok
12:06:25.0553 4300 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
12:06:25.0585 4300 netprofm - ok
12:06:25.0678 4300 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:06:25.0694 4300 NetTcpPortSharing - ok
12:06:26.0146 4300 NETw5s32 (5b2dfa9c5c02ddf2a113cc0f551b59df) C:\Windows\system32\DRIVERS\NETw5s32.sys
12:06:26.0443 4300 NETw5s32 - ok
12:06:27.0004 4300 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
12:06:27.0191 4300 netw5v32 - ok
12:06:27.0301 4300 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
12:06:27.0316 4300 nfrd960 - ok
12:06:27.0363 4300 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:06:27.0394 4300 NisDrv - ok
12:06:27.0519 4300 NisSrv (290c0d4c4889398797f8df3be00b9698) C:\Program Files\Microsoft Security Client\NisSrv.exe
12:06:27.0550 4300 NisSrv - ok
12:06:27.0644 4300 NitroReaderDriverReadSpool2 (a027e499f6a62134d31018b1f77af2ae) C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
12:06:27.0675 4300 NitroReaderDriverReadSpool2 - ok
12:06:27.0737 4300 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
12:06:27.0769 4300 NlaSvc - ok
12:06:27.0800 4300 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
12:06:27.0862 4300 Npfs - ok
12:06:27.0893 4300 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
12:06:27.0940 4300 nsi - ok
12:06:27.0956 4300 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
12:06:27.0987 4300 nsiproxy - ok
12:06:28.0112 4300 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
12:06:28.0205 4300 Ntfs - ok
12:06:28.0221 4300 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
12:06:28.0268 4300 Null - ok
12:06:28.0330 4300 NVHDA (3d7fb57354703809b5f0c23287fac1d6) C:\Windows\system32\drivers\nvhda32v.sys
12:06:28.0346 4300 NVHDA - ok
12:06:28.0970 4300 nvlddmkm (e891b3979f0cf2740c1b073f834221fe) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:06:29.0360 4300 nvlddmkm - ok
12:06:29.0687 4300 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
12:06:29.0703 4300 nvraid - ok
12:06:29.0750 4300 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
12:06:29.0750 4300 nvstor - ok
12:06:29.0843 4300 nvsvc (ae2de8e165dcb93a66b21748e6f913df) C:\Windows\system32\nvvsvc.exe
12:06:29.0921 4300 nvsvc - ok
12:06:30.0187 4300 nvUpdatusService (c78581c14699c46fe0f0817416383134) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:06:30.0296 4300 nvUpdatusService - ok
12:06:30.0561 4300 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
12:06:30.0577 4300 nv_agp - ok
12:06:30.0639 4300 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
12:06:30.0670 4300 ohci1394 - ok
12:06:30.0764 4300 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:06:30.0857 4300 p2pimsvc - ok
12:06:30.0935 4300 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
12:06:30.0998 4300 p2psvc - ok
12:06:31.0045 4300 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
12:06:31.0060 4300 Parport - ok
12:06:31.0091 4300 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
12:06:31.0107 4300 partmgr - ok
12:06:31.0107 4300 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
12:06:31.0138 4300 Parvdm - ok
12:06:31.0169 4300 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
12:06:31.0216 4300 PcaSvc - ok
12:06:31.0247 4300 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
12:06:31.0279 4300 pci - ok
12:06:31.0294 4300 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
12:06:31.0310 4300 pciide - ok
12:06:31.0325 4300 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
12:06:31.0357 4300 pcmcia - ok
12:06:31.0372 4300 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
12:06:31.0388 4300 pcw - ok
12:06:31.0466 4300 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
12:06:31.0544 4300 PEAUTH - ok
12:06:31.0637 4300 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
12:06:31.0715 4300 PeerDistSvc - ok
12:06:31.0887 4300 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
12:06:31.0965 4300 pla - ok
12:06:32.0121 4300 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
12:06:32.0183 4300 PlugPlay - ok
12:06:32.0215 4300 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
12:06:32.0230 4300 PNRPAutoReg - ok
12:06:32.0293 4300 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
12:06:32.0324 4300 PNRPsvc - ok
12:06:32.0355 4300 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
12:06:32.0386 4300 PolicyAgent - ok
12:06:32.0433 4300 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
12:06:32.0464 4300 Power - ok
12:06:32.0605 4300 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
12:06:32.0667 4300 PptpMiniport - ok
12:06:32.0683 4300 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
12:06:32.0698 4300 Processor - ok
12:06:32.0729 4300 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
12:06:32.0823 4300 ProfSvc - ok
12:06:32.0839 4300 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:06:32.0870 4300 ProtectedStorage - ok
12:06:32.0917 4300 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
12:06:32.0948 4300 Psched - ok
12:06:33.0057 4300 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
12:06:33.0119 4300 ql2300 - ok
12:06:33.0229 4300 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
12:06:33.0260 4300 ql40xx - ok
12:06:33.0291 4300 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
12:06:33.0307 4300 QWAVE - ok
12:06:33.0322 4300 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
12:06:33.0338 4300 QWAVEdrv - ok
12:06:33.0338 4300 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
12:06:33.0385 4300 RasAcd - ok
12:06:33.0431 4300 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:06:33.0494 4300 RasAgileVpn - ok
12:06:33.0509 4300 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
12:06:33.0541 4300 RasAuto - ok
12:06:33.0556 4300 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:06:33.0572 4300 Rasl2tp - ok
12:06:33.0619 4300 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
12:06:33.0697 4300 RasMan - ok
12:06:33.0712 4300 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
12:06:33.0743 4300 RasPppoe - ok
12:06:33.0743 4300 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
12:06:33.0790 4300 RasSstp - ok
12:06:33.0837 4300 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
12:06:33.0868 4300 rdbss - ok
12:06:33.0899 4300 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
12:06:33.0931 4300 rdpbus - ok
12:06:33.0962 4300 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:06:34.0009 4300 RDPCDD - ok
12:06:34.0040 4300 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
12:06:34.0071 4300 RDPDR - ok
12:06:34.0102 4300 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
12:06:34.0149 4300 RDPENCDD - ok
12:06:34.0165 4300 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
12:06:34.0196 4300 RDPREFMP - ok
12:06:34.0243 4300 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
12:06:34.0289 4300 RDPWD - ok
12:06:34.0352 4300 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
12:06:34.0399 4300 rdyboost - ok
12:06:34.0430 4300 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
12:06:34.0477 4300 RemoteAccess - ok
12:06:34.0508 4300 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
12:06:34.0539 4300 RemoteRegistry - ok
12:06:34.0586 4300 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
12:06:34.0633 4300 RFCOMM - ok
12:06:34.0695 4300 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
12:06:34.0773 4300 RpcEptMapper - ok
12:06:34.0804 4300 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
12:06:34.0820 4300 RpcLocator - ok
12:06:34.0851 4300 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
12:06:34.0882 4300 RpcSs - ok
12:06:34.0898 4300 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
12:06:34.0913 4300 rspndr - ok
12:06:34.0945 4300 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
12:06:34.0991 4300 s3cap - ok
12:06:35.0023 4300 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\Windows\system32\Drivers\SABI.sys
12:06:35.0069 4300 SABI - ok
12:06:35.0101 4300 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:06:35.0116 4300 SamSs - ok
12:06:35.0147 4300 SANDRA - ok
12:06:35.0179 4300 SandraAgentSrv - ok
12:06:35.0241 4300 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
12:06:35.0272 4300 SASDIFSV - ok
12:06:35.0288 4300 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
12:06:35.0303 4300 SASKUTIL - ok
12:06:35.0350 4300 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
12:06:35.0366 4300 sbp2port - ok
12:06:35.0397 4300 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
12:06:35.0428 4300 SCardSvr - ok
12:06:35.0459 4300 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
12:06:35.0475 4300 scfilter - ok
12:06:35.0569 4300 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
12:06:35.0631 4300 Schedule - ok
12:06:35.0662 4300 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
12:06:35.0678 4300 SCPolicySvc - ok
12:06:35.0709 4300 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
12:06:35.0756 4300 SDRSVC - ok
12:06:35.0818 4300 SeaPort (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
12:06:35.0865 4300 SeaPort - ok
12:06:35.0912 4300 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
12:06:35.0974 4300 secdrv - ok
12:06:35.0990 4300 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
12:06:36.0037 4300 seclogon - ok
12:06:36.0068 4300 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
12:06:36.0099 4300 SENS - ok
12:06:36.0146 4300 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
12:06:36.0161 4300 SensrSvc - ok
12:06:36.0239 4300 Sentinel (05f03d7f2999431c53ce254da1301b31) C:\Windows\System32\Drivers\SENTINEL.SYS
12:06:36.0255 4300 Sentinel ( UnsignedFile.Multi.Generic ) - warning
12:06:36.0255 4300 Sentinel - detected UnsignedFile.Multi.Generic (1)
12:06:36.0271 4300 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
12:06:36.0302 4300 Serenum - ok
12:06:36.0333 4300 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
12:06:36.0364 4300 Serial - ok
12:06:36.0380 4300 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
12:06:36.0395 4300 sermouse - ok
12:06:36.0458 4300 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
12:06:36.0551 4300 SessionEnv - ok
12:06:36.0567 4300 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
12:06:36.0598 4300 sffdisk - ok
12:06:36.0614 4300 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
12:06:36.0676 4300 sffp_mmc - ok
12:06:36.0723 4300 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
12:06:36.0739 4300 sffp_sd - ok
12:06:36.0770 4300 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
12:06:36.0770 4300 sfloppy - ok
12:06:36.0832 4300 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
12:06:36.0910 4300 ShellHWDetection - ok
12:06:36.0988 4300 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
12:06:37.0019 4300 sisagp - ok
12:06:37.0035 4300 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:06:37.0051 4300 SiSRaid2 - ok
12:06:37.0066 4300 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
12:06:37.0082 4300 SiSRaid4 - ok
12:06:37.0144 4300 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
12:06:37.0160 4300 SkypeUpdate - ok
12:06:37.0191 4300 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
12:06:37.0207 4300 Smb - ok
12:06:37.0238 4300 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
12:06:37.0253 4300 SNMPTRAP - ok
12:06:37.0269 4300 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
12:06:37.0269 4300 spldr - ok
12:06:37.0347 4300 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
12:06:37.0394 4300 Spooler - ok
12:06:37.0612 4300 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
12:06:37.0784 4300 sppsvc - ok
12:06:37.0924 4300 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
12:06:37.0987 4300 sppuinotify - ok
12:06:38.0283 4300 sptd (a80cd850d69d996c832bea37e3a6aa1e) C:\Windows\System32\Drivers\sptd.sys
12:06:38.0314 4300 sptd - ok
12:06:38.0377 4300 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
12:06:38.0439 4300 srv - ok
12:06:38.0486 4300 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
12:06:38.0533 4300 srv2 - ok
12:06:38.0564 4300 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
12:06:38.0579 4300 srvnet - ok
12:06:38.0626 4300 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
12:06:38.0689 4300 SSDPSRV - ok
12:06:38.0704 4300 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
12:06:38.0735 4300 SstpSvc - ok
12:06:38.0845 4300 StarWindServiceAE (b1691af4a072cb674d600db16dd7308e) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
12:06:38.0876 4300 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - warning
12:06:38.0876 4300 StarWindServiceAE - detected UnsignedFile.Multi.Generic (1)
12:06:38.0907 4300 Steam Client Service - ok
12:06:38.0923 4300 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
12:06:38.0938 4300 stexstor - ok
12:06:39.0001 4300 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
12:06:39.0047 4300 StiSvc - ok
12:06:39.0203 4300 StkCMini (80225bebb0e40d0b9a0ad2b89b948c82) C:\Windows\system32\Drivers\StkCMini.sys
12:06:39.0266 4300 StkCMini - ok
12:06:39.0359 4300 StkSSrv (a96f636afbde939e8abd601f9801b031) C:\Windows\System32\StkCSrv.exe
12:06:39.0375 4300 StkSSrv - ok
12:06:39.0578 4300 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
12:06:39.0593 4300 storflt - ok
12:06:39.0625 4300 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
12:06:39.0671 4300 StorSvc - ok
12:06:39.0687 4300 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
12:06:39.0703 4300 storvsc - ok
12:06:39.0703 4300 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
12:06:39.0718 4300 swenum - ok
12:06:39.0765 4300 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
12:06:39.0796 4300 swprv - ok
12:06:39.0921 4300 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
12:06:39.0999 4300 SysMain - ok
12:06:40.0046 4300 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
12:06:40.0061 4300 TabletInputService - ok
12:06:40.0124 4300 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
12:06:40.0171 4300 TapiSrv - ok
12:06:40.0186 4300 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
12:06:40.0202 4300 TBS - ok
12:06:40.0342 4300 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
12:06:40.0420 4300 Tcpip - ok
12:06:40.0436 4300 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
12:06:40.0467 4300 TCPIP6 - ok
12:06:40.0514 4300 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
12:06:40.0561 4300 tcpipreg - ok
12:06:40.0592 4300 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
12:06:40.0607 4300 TDPIPE - ok
12:06:40.0623 4300 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
12:06:40.0670 4300 TDTCP - ok
12:06:40.0701 4300 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
12:06:40.0748 4300 tdx - ok
12:06:40.0779 4300 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
12:06:40.0795 4300 TermDD - ok
12:06:40.0857 4300 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
12:06:40.0919 4300 TermService - ok
12:06:40.0951 4300 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
12:06:40.0966 4300 Themes - ok
12:06:40.0997 4300 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
12:06:41.0013 4300 THREADORDER - ok
12:06:41.0029 4300 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
12:06:41.0075 4300 TrkWks - ok
12:06:41.0153 4300 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
12:06:41.0200 4300 TrustedInstaller - ok
12:06:41.0216 4300 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:06:41.0247 4300 tssecsrv - ok
12:06:41.0294 4300 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
12:06:41.0325 4300 TsUsbFlt - ok
12:06:41.0372 4300 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
12:06:41.0419 4300 tunnel - ok
12:06:41.0450 4300 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
12:06:41.0450 4300 uagp35 - ok
12:06:41.0497 4300 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
12:06:41.0590 4300 udfs - ok
12:06:41.0621 4300 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
12:06:41.0653 4300 UI0Detect - ok
12:06:41.0699 4300 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
12:06:41.0715 4300 uliagpkx - ok
12:06:41.0762 4300 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
12:06:41.0793 4300 umbus - ok
12:06:41.0809 4300 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
12:06:41.0824 4300 UmPass - ok
12:06:41.0871 4300 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
12:06:41.0902 4300 UmRdpService - ok
12:06:41.0949 4300 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
12:06:42.0089 4300 upnphost - ok
12:06:42.0121 4300 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
12:06:42.0167 4300 USBAAPL - ok
12:06:42.0183 4300 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
12:06:42.0199 4300 usbccgp - ok
12:06:42.0214 4300 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
12:06:42.0230 4300 usbcir - ok
12:06:42.0245 4300 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
12:06:42.0261 4300 usbehci - ok
12:06:42.0277 4300 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
12:06:42.0308 4300 usbhub - ok
12:06:42.0339 4300 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
12:06:42.0355 4300 usbohci - ok
12:06:42.0370 4300 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
12:06:42.0386 4300 usbprint - ok
12:06:42.0401 4300 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:06:42.0448 4300 USBSTOR - ok
12:06:42.0464 4300 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:06:42.0479 4300 usbuhci - ok
12:06:42.0511 4300 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
12:06:42.0557 4300 usbvideo - ok
12:06:42.0573 4300 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
12:06:42.0604 4300 UxSms - ok
12:06:42.0635 4300 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
12:06:42.0651 4300 VaultSvc - ok
12:06:42.0682 4300 VClone (fce98c43b5c5db8e0da8ea0e2b45e044) C:\Windows\system32\DRIVERS\VClone.sys
12:06:42.0729 4300 VClone - ok
12:06:42.0729 4300 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
12:06:42.0745 4300 vdrvroot - ok
12:06:42.0791 4300 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
12:06:42.0838 4300 vds - ok
12:06:42.0869 4300 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
12:06:42.0869 4300 vga - ok
12:06:42.0885 4300 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
12:06:42.0916 4300 VgaSave - ok
12:06:42.0932 4300 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
12:06:42.0947 4300 vhdmp - ok
12:06:42.0963 4300 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
12:06:42.0979 4300 viaagp - ok
12:06:42.0994 4300 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
12:06:43.0025 4300 ViaC7 - ok
12:06:43.0057 4300 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
12:06:43.0057 4300 viaide - ok
12:06:43.0088 4300 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
12:06:43.0103 4300 vmbus - ok
12:06:43.0119 4300 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
12:06:43.0135 4300 VMBusHID - ok
12:06:43.0166 4300 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
12:06:43.0181 4300 volmgr - ok
12:06:43.0213 4300 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
12:06:43.0244 4300 volmgrx - ok
12:06:43.0275 4300 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
12:06:43.0291 4300 volsnap - ok
12:06:43.0322 4300 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
12:06:43.0337 4300 vsmraid - ok
12:06:43.0447 4300 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
12:06:43.0540 4300 VSS - ok
12:06:43.0571 4300 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
12:06:43.0587 4300 vwifibus - ok
12:06:43.0603 4300 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
12:06:43.0649 4300 vwififlt - ok
12:06:43.0681 4300 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
12:06:43.0727 4300 W32Time - ok
12:06:43.0743 4300 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
12:06:43.0774 4300 WacomPen - ok
12:06:43.0821 4300 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:06:43.0868 4300 WANARP - ok
12:06:43.0868 4300 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
12:06:43.0883 4300 Wanarpv6 - ok
12:06:44.0039 4300 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
12:06:44.0102 4300 WatAdminSvc - ok
12:06:44.0195 4300 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
12:06:44.0273 4300 wbengine - ok
12:06:44.0289 4300 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
12:06:44.0305 4300 WbioSrvc - ok
12:06:44.0367 4300 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
12:06:44.0445 4300 wcncsvc - ok
12:06:44.0492 4300 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
12:06:44.0570 4300 WcsPlugInService - ok
12:06:44.0648 4300 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
12:06:44.0663 4300 Wd - ok
12:06:44.0710 4300 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
12:06:44.0757 4300 Wdf01000 - ok
12:06:44.0788 4300 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:06:44.0866 4300 WdiServiceHost - ok
12:06:44.0882 4300 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
12:06:44.0897 4300 WdiSystemHost - ok
12:06:44.0944 4300 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
12:06:44.0960 4300 WebClient - ok
12:06:44.0991 4300 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
12:06:45.0022 4300 Wecsvc - ok
12:06:45.0038 4300 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
12:06:45.0069 4300 wercplsupport - ok
12:06:45.0116 4300 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
12:06:45.0131 4300 WerSvc - ok
12:06:45.0163 4300 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
12:06:45.0178 4300 WfpLwf - ok
12:06:45.0194 4300 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
12:06:45.0209 4300 WIMMount - ok
12:06:45.0209 4300 WinHttpAutoProxySvc - ok
12:06:45.0287 4300 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
12:06:45.0334 4300 Winmgmt - ok
12:06:45.0428 4300 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
12:06:45.0521 4300 WinRM - ok
12:06:45.0568 4300 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
12:06:45.0599 4300 WinUsb - ok
12:06:45.0677 4300 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
12:06:45.0724 4300 Wlansvc - ok
12:06:45.0818 4300 wlcrasvc (6067acef367e79914af628fa1e9b5330) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
12:06:45.0833 4300 wlcrasvc - ok
12:06:46.0036 4300 wlidsvc (fb01d4ae207b9efdbabfc55dc95c7e31) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:06:46.0114 4300 wlidsvc - ok
12:06:46.0239 4300 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
12:06:46.0270 4300 WmiAcpi - ok
12:06:46.0301 4300 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
12:06:46.0333 4300 wmiApSrv - ok
12:06:46.0457 4300 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
12:06:46.0567 4300 WMPNetworkSvc - ok
12:06:46.0582 4300 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
12:06:46.0613 4300 WPCSvc - ok
12:06:46.0660 4300 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
12:06:46.0738 4300 WPDBusEnum - ok
12:06:46.0769 4300 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
12:06:46.0832 4300 ws2ifsl - ok
12:06:46.0847 4300 WSearch - ok
12:06:46.0894 4300 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
12:06:46.0925 4300 WudfPf - ok
12:06:47.0003 4300 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:06:47.0050 4300 WUDFRd - ok
12:06:47.0097 4300 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
12:06:47.0113 4300 wudfsvc - ok
12:06:47.0144 4300 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
12:06:47.0222 4300 WwanSvc - ok
12:06:47.0300 4300 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
12:06:47.0331 4300 yukonw7 - ok
12:06:47.0378 4300 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:06:47.0752 4300 \Device\Harddisk0\DR0 - ok
12:06:47.0752 4300 Boot (0x1200) (2269c757e2b625930ff61f742e255230) \Device\Harddisk0\DR0\Partition0
12:06:47.0768 4300 \Device\Harddisk0\DR0\Partition0 - ok
12:06:47.0799 4300 Boot (0x1200) (212d14522617dedf88114503f59afbc4) \Device\Harddisk0\DR0\Partition1
12:06:47.0815 4300 \Device\Harddisk0\DR0\Partition1 - ok
12:06:47.0830 4300 Boot (0x1200) (7a457a8f64f55e1401e0b99e49806df5) \Device\Harddisk0\DR0\Partition2
12:06:47.0830 4300 \Device\Harddisk0\DR0\Partition2 - ok
12:06:47.0861 4300 Boot (0x1200) (3358eb516df31d1d70f20bed5e8adfc8) \Device\Harddisk0\DR0\Partition3
12:06:47.0861 4300 \Device\Harddisk0\DR0\Partition3 - ok
12:06:47.0861 4300 ============================================================
12:06:47.0861 4300 Scan finished
12:06:47.0861 4300 ============================================================
12:06:47.0893 0488 Detected object count: 5
12:06:47.0893 0488 Actual detected object count: 5
12:07:32.0914 0488 dvd43llh ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:32.0914 0488 dvd43llh ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:07:32.0914 0488 epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:32.0930 0488 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:07:32.0930 0488 EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:32.0930 0488 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:07:32.0930 0488 Sentinel ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:32.0930 0488 Sentinel ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:07:32.0945 0488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - skipped by user
12:07:32.0945 0488 StarWindServiceAE ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
28.07.2012, 23:19
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 14:33
| #25 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter.Code:
ATTFilter ComboFix 12-07-29.02 - Jealous_Sound 29.07.2012 15:06:58.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2043.1400 [GMT 2:00]
ausgeführt von:: c:\users\Jealous_Sound\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\_detmp.2
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-29 ))))))))))))))))))))))))))))))
.
.
2012-07-29 13:16 . 2012-07-29 13:18 -------- d-----w- c:\users\Jealous_Sound\AppData\Local\temp
2012-07-29 13:16 . 2012-07-29 13:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-27 14:39 . 2012-07-29 13:18 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9D0E73-A207-4500-A3DC-E577DB0DB567}\offreg.dll
2012-07-27 14:36 . 2012-07-27 14:36 -------- d-----w- C:\_OTL
2012-07-26 10:54 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9D0E73-A207-4500-A3DC-E577DB0DB567}\mpengine.dll
2012-07-23 07:41 . 2012-07-23 07:41 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\SUPERAntiSpyware.com
2012-07-23 07:40 . 2012-07-23 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-23 07:40 . 2012-07-23 07:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-22 21:20 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 19:00 . 2012-07-22 19:00 -------- d-----w- c:\program files\ESET
2012-07-21 11:34 . 2012-07-21 11:34 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\Malwarebytes
2012-07-21 11:34 . 2012-07-21 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 11:34 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 11:34 . 2012-07-21 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 10:41 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{320F7BC8-21F9-43AA-88F4-3D3CD9595B9C}\gapaengine.dll
2012-07-19 10:39 . 2012-07-19 10:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-06 07:52 . 2012-07-06 07:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-05 11:18 . 2012-02-14 09:49 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2012-07-05 11:17 . 2012-07-05 11:17 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\AlMiSoft
2012-07-05 11:15 . 2012-07-05 11:17 -------- d-----w- c:\program files\Browser-Maulkorb
2012-07-03 08:00 . 2012-07-03 08:00 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 06:38 . 2012-04-11 07:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 06:38 . 2011-07-27 09:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-15 07:51 . 2012-05-01 17:47 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-15 07:51 . 2012-05-01 17:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-15 07:51 . 2012-05-01 17:47 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-19 08:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 08:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 08:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 08:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 08:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 08:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 08:26 . 2012-04-26 17:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 08:26 . 2012-04-26 17:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 08:26 . 2012-04-26 17:12 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-17 22:45 . 2012-06-14 07:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-14 07:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-14 07:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 07:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 07:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:05 . 2012-06-14 07:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-14 07:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-14 16:56 . 2011-07-26 19:59 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\System32\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\System32\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-04-19 2104696]
"AVMUSBFernanschluss"="c:\users\Jealous_Sound\AppData\Local\Apps\2.0\QWT9J1XB.8ME\Q9GDTMMP.7G0\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-02-04 147456]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="e:\7 tools\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-07 220744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2012-03-27 421736]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\users\Jealous_Sound\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R0 mfelwvn;mfelwvn;c:\windows\System32\drivers\emak.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gtstusbser.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [x]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\hardwaretest\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Jealous_Sound\Desktop\emsissoft\Run\a2ddax86.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:38]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 20:29]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 20:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.minilua.com/q/%s
IE: Free YouTube Download - c:\users\Jealous_Sound\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jealous_Sound\AppData\Roaming\Mozilla\Firefox\Profiles\3znyjc2z.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 4001
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-PMCLoader - c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe
HKCU-Run-Argus Monitor - c:\program files\ArgusMonitor\ArgusMonitor.exe
MSConfigStartUp-DAT20BB.tmp - c:\users\JEALOU~1\AppData\Local\Temp\DAT20BB.tmp.exe
AddRemove-BattlEye A2 Free - e:\steam\steamapps\common\arma 2 freeBattlEye\UnInstallBE.exe
AddRemove-Core Damage 0.8h - d:\hardwaretest\Core Damage\Uninstall.exe
AddRemove-SPSS für Windows 11.5 - d:\spss_alt\DeIsL1.isu
AddRemove-{C3113E55-7BCB-4de3-8EBF-60E6CE6B2296}_is1 - d:\hardwaretest\SiSoftware Sandra Lite 2011.SP4c\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sentinel\ImagePath]
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1520)
c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-29 15:26:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-29 13:26
.
Vor Suchlauf: 2.112.724.992 Bytes frei
Nach Suchlauf: 2.012.012.544 Bytes frei
.
- - End Of File - - 4B9CA1512D39EF477877B13A1604BB16
|
|
29.07.2012, 18:50
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Driver::
mfelwvn
File::
c:\windows\System32\drivers\emak.sys
Firefox::
FF - ProfilePath - c:\users\Jealous_Sound\AppData\Roaming\Mozilla\Firefox\Profiles\3znyjc2z.default\
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 4001
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 4001
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 4001
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 4001
FF - prefs.js: network.proxy.type - 0
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.07.2012, 19:57
| #27 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Ok, die Windows Firewall war wohl irgendwo im Hintergrund noch an, deshalb habe ich sie vorher deaktiviert. Ansonsten konnte ich kein anderes Programm mehr erkennen. Danke, dass Du den Code geschrieben hast. Hier das Logfile: Code:
ATTFilter ComboFix 12-07-29.02 - Jealous_Sound 29.07.2012 20:32:40.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2043.1156 [GMT 2:00]
ausgeführt von:: c:\users\Jealous_Sound\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jealous_Sound\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\System32\drivers\emak.sys"
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_mfelwvn
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-28 bis 2012-07-29 ))))))))))))))))))))))))))))))
.
.
2012-07-29 18:42 . 2012-07-29 18:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-29 18:42 . 2012-07-29 18:42 -------- d-----w- c:\users\Mcx1-SAMSUNG_MADRIL\AppData\Local\temp
2012-07-29 18:42 . 2012-07-29 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-29 13:16 . 2012-07-29 18:44 -------- d-----w- c:\users\Jealous_Sound\AppData\Local\temp
2012-07-27 14:39 . 2012-07-29 18:44 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9D0E73-A207-4500-A3DC-E577DB0DB567}\offreg.dll
2012-07-27 14:36 . 2012-07-27 14:36 -------- d-----w- C:\_OTL
2012-07-26 10:54 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4B9D0E73-A207-4500-A3DC-E577DB0DB567}\mpengine.dll
2012-07-23 07:41 . 2012-07-23 07:41 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\SUPERAntiSpyware.com
2012-07-23 07:40 . 2012-07-23 07:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-23 07:40 . 2012-07-23 07:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-07-22 21:20 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-22 19:00 . 2012-07-22 19:00 -------- d-----w- c:\program files\ESET
2012-07-21 11:34 . 2012-07-21 11:34 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\Malwarebytes
2012-07-21 11:34 . 2012-07-21 11:34 -------- d-----w- c:\programdata\Malwarebytes
2012-07-21 11:34 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-21 11:34 . 2012-07-21 11:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-19 10:41 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{320F7BC8-21F9-43AA-88F4-3D3CD9595B9C}\gapaengine.dll
2012-07-19 10:39 . 2012-07-19 10:39 -------- d-----w- c:\program files\Microsoft Security Client
2012-07-06 07:52 . 2012-07-06 07:52 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-05 11:18 . 2012-02-14 09:49 114176 ----a-w- c:\windows\system32\PCWizard.cpl
2012-07-05 11:17 . 2012-07-05 11:17 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\AlMiSoft
2012-07-05 11:15 . 2012-07-05 11:17 -------- d-----w- c:\program files\Browser-Maulkorb
2012-07-03 08:00 . 2012-07-03 08:00 -------- d-----w- c:\users\Jealous_Sound\AppData\Roaming\QuickScan
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 18:38 . 2012-07-29 18:38 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEB81CDC-BCE7-432B-9B65-93CDBA84651F}\offreg.dll
2012-07-27 06:38 . 2012-04-11 07:23 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-27 06:38 . 2011-07-27 09:28 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-16 00:41 . 2012-07-29 13:33 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CEB81CDC-BCE7-432B-9B65-93CDBA84651F}\mpengine.dll
2012-06-15 07:51 . 2012-05-01 17:47 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-15 07:51 . 2012-05-01 17:47 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-06-15 07:51 . 2012-05-01 17:47 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-06-02 22:19 . 2012-06-19 08:25 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 08:25 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 08:25 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 08:25 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-19 08:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-19 08:25 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-19 08:25 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-19 08:24 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-19 08:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-22 08:26 . 2012-04-26 17:12 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-05-22 08:26 . 2012-04-26 17:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-05-22 08:26 . 2012-04-26 17:12 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-05-17 22:45 . 2012-06-14 07:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
2012-05-17 22:35 . 2012-06-14 07:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-05-17 22:35 . 2012-06-14 07:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-17 22:29 . 2012-06-14 07:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-05-17 22:24 . 2012-06-14 07:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-05-15 01:05 . 2012-06-14 07:22 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-05-01 04:44 . 2012-06-14 07:22 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-07-14 16:56 . 2011-07-26 19:59 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-04-19 2104696]
"AVMUSBFernanschluss"="c:\users\Jealous_Sound\AppData\Local\Apps\2.0\QWT9J1XB.8ME\Q9GDTMMP.7G0\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe" [2012-02-04 147456]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-09-30 203928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="e:\7 tools\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-24 7719456]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2011-12-07 220744]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2012-03-27 421736]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-23 827904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
.
c:\users\Jealous_Sound\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-05-21 20:38 3905920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 gtstusbser;Option210 USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\gtstusbser.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [x]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\hardwaretest\SiSoftware Sandra Lite 2011.SP4c\RpcAgentSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Jealous_Sound\Desktop\emsissoft\Run\a2ddax86.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys [x]
S3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\DRIVERS\mcvidrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [x]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 06:38]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 20:29]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-26 20:29]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.minilua.com/q/%s
IE: Free YouTube Download - c:\users\Jealous_Sound\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Jealous_Sound\AppData\Roaming\Mozilla\Firefox\Profiles\3znyjc2z.default\
FF - prefs.js: browser.search.selectedEngine - hxxp://www.google.com/search
FF - prefs.js: browser.startup.homepage - www.google.de
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Sentinel\ImagePath]
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3348)
c:\users\Jealous_Sound\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sdclt.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-29 20:50:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-29 18:50
ComboFix2.txt 2012-07-29 13:26
.
Vor Suchlauf: 2.011.275.264 Bytes frei
Nach Suchlauf: 1.827.381.248 Bytes frei
.
- - End Of File - - F3BEDC38C9E08DC4D4FAD875DF8DD44C
|
|
29.07.2012, 20:35
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2012, 16:54
| #29 |
| | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Sorry, dass das solange gedauert hat. Das lag zum Teil auch daran, dass die Programme mehrfache und recht lange Versuche gebraucht haben. Gmer ist z.B. mehrfach abgestürzt. Ich glaube aber, dass der angehängte Logfile von einem kompletten Durchlauf stammt. OSAM hat keine Probleme gemacht. Dafür aber aswMBR. Ich hab letztlich mit der AV scan "none" Variante gescannt. Ich hab alles als 7Zip in den Anhang kopiert. |
|
31.07.2012, 20:25
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. Die Logs bitte wie gehabt in CODE-Tags posten! Nur wenn sie zu groß sind sollen sie gezippt in den Anhang!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu sirefef.ah und sirefef.r auf Win7 (32bit) gefunden. Rechner fährt automatisch runter. |
| automatisch, automatische, autostart, browser, commandozeile, down, e-mail, internetbrowser, kritischer fehler, langsamer, lizenz, logfiles, microsoft, min, notebook, rechner, rum, runterfahren, scan, security, shutdown, sich automatisch, sirefef.ah, sirefef.r, software, system, tan, virenscanner, win, win7, windows 7 32bit |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
