| |
| |||||||
Log-Analyse und Auswertung: Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.10.2011, 12:43
| #1 |
 |  Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Liebe Experten, hier meine Frage von gestern Nacht jetzt aber inklusive aller Logfiles und etwas sortierter als im Ursprungspost (ich habe schon um Löschung des alten Posts gebeten, der war übrigens im Forum "Plagegeister" und eigentlich sollte dieser Post auch in das Forum "Plagegeister", sollte also kein CrossPosting werden! Aber irgendwie bin ich verrutscht und vielleicht ist es ja auch hier richtig, da ich ja Logs poste? Sonst bitte verschieben, vielen Dank!!!): Situation: Habe Malware vermutet nach einem Firefox-Problem, daraufhin Malwarebytes Anti-Malware (MBAM) installiert (3 Logfiles MBAM und 2 Logfiles Antivir als Dateianhang in zip-Archiv anbei):
Habe die Schritte aus der "Anleitung für Hilfesuchende" befolgt: - Defogger - OTL (OTL und Extras) - GMER Am Ende poste ich alle Log-Dateien von OTL (2 Logs) und GMER, sofern es reinpasst. Jetzt noch meine Fragen: - Kann ich erkennen, wie lange der Backdoor und die Trojaner schon auf dem Notebook sind? (ich denke, noch nicht lange) - Wichtige Passwörter habe ich via Netbook schon geändert. MBAM findet nichts mehr. Ich würde gern ein Neuaufsetzen vermeiden. Ich WEISS, dass es schlauer wäre - aber ist es, nach meinen geposteten Logs, unumgänglich? - Ich verwende Antivir, die normale Windows-Firewall von WIN7 Professional und oft den CCleaner. - Wie kann ich prüfen, ob meine gespeicherten Daten infiziert sind? Kann ich das? Muss ich ALLE Passwörter ändern, auch wenn es gar keine Auffälligkeiten im Arbeiten am Notebook gab bis eben gestern Abend das Firefox-Problem? - Hijackthis hatte ich auch durchlaufen lassen - keine Auffälligkeiten, aber offensichtlich nicht mehr relevant. - Buttons wie "Add Evernote" und Nokia-Prozesse tauchen auf, obwohl die Programme längst schon deinstalliert sind, auch aus den Program Files. Vielen Dank für Eure Hilfe und Mühe und viele Grüße, Ann Jetzt die Logs (zusätzlich: die 3 MBAM- und 2 Antivir-Logs als Anhang im zip-Archiv anbei.) OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.10.2011 12:17:14 - Run 1 OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\ds\Desktop An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,91 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 72,71% Memory free 5,81 Gb Paging File | 4,97 Gb Available in Paging File | 85,50% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 286,09 Gb Total Space | 189,91 Gb Free Space | 66,38% Space Free | Partition Type: NTFS Computer Name: DS-PC | User Name: ds | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.05 12:06:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe PRC - [2011.08.05 12:29:56 | 000,159,456 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Zune\ZuneLauncher.exe PRC - [2011.07.01 07:46:39 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.04.28 10:23:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.05 12:05:42 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.09.05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\BASVC.exe PRC - [2009.09.05 10:17:52 | 003,567,616 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\PdtWzd.exe PRC - [2009.09.05 10:17:40 | 003,358,720 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.08.19 16:15:48 | 000,692,224 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.08.19 16:15:32 | 000,688,128 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.08.19 16:15:06 | 000,462,848 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.07.17 17:30:50 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009.07.17 17:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.04.11 19:31:14 | 000,249,600 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2009.04.08 13:28:22 | 001,067,528 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe PRC - [2009.03.23 13:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe PRC - [2009.03.16 16:14:00 | 000,565,248 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.11.19 11:19:00 | 000,128,352 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE PRC - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2011.05.22 19:21:36 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll MOD - [2009.09.04 23:15:06 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2009.07.17 17:31:00 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009.02.02 17:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2011.08.05 12:30:02 | 000,444,640 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:30:02 | 000,268,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:29:56 | 006,363,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2011.07.01 07:46:39 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.04.28 10:23:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.07.02 21:27:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2009.09.05 10:17:56 | 003,450,368 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.08.19 16:15:32 | 000,688,128 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.07.17 17:30:48 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.03.23 13:51:32 | 000,117,256 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.01.04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV - [2011.07.01 07:46:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.07.01 07:46:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.01.11 15:22:36 | 000,029,744 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2009.09.15 19:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2009.09.02 03:59:42 | 000,174,592 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.06.22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.06.22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev) DRV - [2009.05.25 22:12:36 | 000,122,368 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.29 15:37:26 | 000,025,088 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTERx86) DRV - [2009.04.24 08:29:28 | 000,163,840 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.10.01 05:50:50 | 000,010,504 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\GridVista\DPMemGridVista.sys -- (DPMemGridVista) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.05.02 12:12:36 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdm.sys -- (ssm_mdm) DRV - [2007.05.02 12:12:36 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_mdfl.sys -- (ssm_mdfl) DRV - [2007.05.02 12:12:34 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) DRV - [2007.04.17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi) DRV - [2006.07.24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vz32&d=0609&m=travelmate_8371 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.05 11:40:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.05 11:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ds\AppData\Roaming\mozilla\Extensions [2011.10.05 11:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ds\AppData\Roaming\mozilla\Firefox\Profiles\u4g6exj8.default\extensions [2011.10.05 11:47:35 | 000,000,000 | ---D | M] (WOT) -- C:\Users\ds\AppData\Roaming\mozilla\Firefox\Profiles\u4g6exj8.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.10.05 11:40:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions () (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\DS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U4G6EXJ8.DEFAULT\EXTENSIONS\ISREADITLATER@IDEASHOWER.COM.XPI [2010.01.11 14:17:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.09.29 09:09:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.29 03:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.29 03:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.29 03:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.29 03:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.29 03:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.29 03:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\Tracker Software\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - Reg Error: Key error. File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{65D0F387-5F47-487A-B214-41E7772584A4}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell - "" = AutoRun O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell\AutoRun\command - "" = D:\setup.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.05 12:06:41 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe [2011.10.05 11:40:17 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Mozilla [2011.10.05 11:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2011.10.05 00:44:50 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Malwarebytes [2011.10.05 00:44:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.05 00:44:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.05 00:44:19 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.05 00:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.05 00:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro [2011.10.05 00:21:48 | 000,000,000 | ---D | C] -- C:\Users\ds\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis [2011.10.04 20:34:55 | 000,000,000 | ---D | C] -- C:\Users\ds\mozilla-sicherung [2011.10.04 14:19:28 | 000,000,000 | -HSD | C] -- C:\Users\ds\AppData\Local\3b902557 [2011.09.27 20:09:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zune [2009.06.04 23:00:58 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.10.05 12:18:08 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.05 12:18:08 | 000,011,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.05 12:15:06 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.05 12:15:06 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.05 12:15:06 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.05 12:15:06 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.05 12:10:55 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.10.05 12:10:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.05 12:10:20 | 2339,512,320 | -HS- | M] () -- C:\hiberfil.sys [2011.10.05 12:08:23 | 000,000,000 | ---- | M] () -- C:\Users\ds\defogger_reenable [2011.10.05 12:06:44 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\ds\Desktop\OTL.exe [2011.10.05 11:49:02 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.05 11:40:08 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.10.05 01:16:48 | 000,050,477 | ---- | M] () -- C:\Users\ds\Desktop\Defogger.exe [2011.10.05 00:44:25 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.05 00:33:59 | 000,008,754 | ---- | M] () -- C:\Users\ds\Documents\hijackthis.xt [2011.10.05 00:32:35 | 000,008,730 | ---- | M] () -- C:\Users\ds\Documents\test201110 [2011.10.05 00:21:48 | 000,002,949 | ---- | M] () -- C:\Users\ds\Desktop\HiJackThis.lnk [2011.10.04 09:16:10 | 000,001,123 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2011.09.27 20:09:23 | 000,000,891 | ---- | M] () -- C:\Users\Public\Desktop\Zune.lnk [2011.09.21 16:11:00 | 000,002,306 | ---- | M] () -- C:\Users\ds\Documents\Fragenkatalog-Regio Köln-Bonn e.V..rtf ========== Files Created - No Company Name ========== [2011.10.05 12:08:23 | 000,000,000 | ---- | C] () -- C:\Users\ds\defogger_reenable [2011.10.05 11:40:08 | 000,001,076 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.10.05 11:40:08 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2011.10.05 01:16:48 | 000,050,477 | ---- | C] () -- C:\Users\ds\Desktop\Defogger.exe [2011.10.05 00:44:25 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.05 00:33:58 | 000,008,754 | ---- | C] () -- C:\Users\ds\Documents\hijackthis.xt [2011.10.05 00:32:34 | 000,008,730 | ---- | C] () -- C:\Users\ds\Documents\test201110 [2011.10.05 00:21:48 | 000,002,949 | ---- | C] () -- C:\Users\ds\Desktop\HiJackThis.lnk [2011.10.04 19:41:41 | 000,001,377 | ---- | C] () -- C:\Users\ds\Desktop\Internet Explorer.lnk [2011.09.27 20:09:23 | 000,000,891 | ---- | C] () -- C:\Users\Public\Desktop\Zune.lnk [2011.09.21 16:11:00 | 000,002,306 | ---- | C] () -- C:\Users\ds\Documents\Fragenkatalog-Regio Köln-Bonn e.V..rtf [2011.06.10 08:01:19 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.01.27 17:25:28 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2011.01.27 17:25:28 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.12.26 17:46:06 | 000,038,427 | ---- | C] () -- C:\Users\ds\AppData\Roaming\Kommagetrennte Werte (Windows).ADR [2010.12.26 17:05:40 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.12.26 16:58:11 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.10.24 15:28:50 | 000,007,608 | ---- | C] () -- C:\Users\ds\AppData\Local\Resmon.ResmonCfg [2010.07.21 18:55:05 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll [2010.07.21 18:55:05 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll [2010.07.01 15:17:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.20 11:12:17 | 000,011,264 | ---- | C] () -- C:\Users\ds\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.11 15:19:19 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.01.11 15:17:19 | 000,001,496 | R--- | C] () -- C:\Windows\System32\drivers\RtkAcerM.dat [2010.01.11 15:16:42 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2010.01.11 15:15:43 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2010.01.11 15:15:42 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2010.01.11 15:15:28 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2010.01.11 14:37:09 | 000,021,916 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat [2009.10.02 17:03:41 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.09.02 18:46:40 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.07.14 10:47:43 | 000,657,676 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.07.14 10:47:43 | 000,131,016 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 06:33:53 | 000,427,144 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009.07.14 04:05:48 | 000,618,912 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009.07.14 04:05:48 | 000,107,232 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009.06.29 21:49:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2009.06.29 21:31:40 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.06.29 21:31:40 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.06.29 21:31:40 | 000,000,323 | ---- | C] () -- C:\Windows\PidList.ini [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2009.06.04 22:59:56 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2009.06.04 15:05:21 | 000,123,780 | R--- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.06.04 15:05:21 | 000,000,728 | R--- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.06.04 15:05:21 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\SamSfPa.dat [2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.06.04 15:05:21 | 000,000,520 | R--- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.06.04 15:05:21 | 000,000,008 | R--- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.11.07 06:37:10 | 000,003,584 | ---- | C] () -- C:\Windows\System32\CNCFLfNL.DLL [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll ========== LOP Check ========== [2011.06.17 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Acer [2011.03.18 17:05:24 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Amazon [2011.05.18 10:45:35 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Canon [2011.10.04 09:22:22 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\elsterformular [2010.01.11 12:42:56 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\eSobi [2011.09.20 11:44:17 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\FileZilla [2011.02.28 11:22:58 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\FRITZ! [2011.04.22 21:44:34 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\GARMIN [2011.03.30 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\gtk-2.0 [2011.07.22 21:21:37 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\InterVideo [2011.01.17 22:56:35 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\IrfanView [2011.01.11 10:42:38 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Lexware [2010.01.11 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\OpenOffice.org [2011.03.16 19:10:44 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\PC Suite [2010.12.26 17:07:49 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Samsung [2011.06.29 13:00:25 | 000,000,000 | ---D | M] -- C:\Users\ds\AppData\Roaming\Tracker Software [2011.09.07 11:40:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.01.11 13:49:10 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2009.07.14 06:54:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.01.11 14:38:20 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2009.12.10 16:30:57 | 000,000,000 | -H-D | M] -- C:\ACER [2009.08.15 16:38:09 | 000,000,000 | ---D | M] -- C:\ACERNB [2009.08.15 16:38:06 | 000,000,000 | ---D | M] -- C:\ACERSW [2010.07.21 18:52:04 | 000,000,000 | ---D | M] -- C:\BlueByte [2009.06.04 15:52:49 | 000,000,000 | ---D | M] -- C:\book [2011.06.10 08:43:35 | 000,000,000 | -HSD | M] -- C:\Boot [2011.05.22 18:25:36 | 000,000,000 | ---D | M] -- C:\Daten [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.08.15 16:35:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.06.04 14:56:44 | 000,000,000 | ---D | M] -- C:\Intel [2010.05.09 13:47:13 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.12.10 12:54:52 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.05 11:40:05 | 000,000,000 | ---D | M] -- C:\Program Files [2011.10.05 00:44:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.08.15 16:35:17 | 000,000,000 | -HSD | M] -- C:\Programme [2010.01.11 15:00:13 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.10.05 12:19:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2010.01.11 14:31:51 | 000,000,000 | R--D | M] -- C:\Users [2011.10.05 01:02:22 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: REGEDIT.EXE > [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-04 14:08:25 < > < End of report > ___________________________________________________________________ OTL - Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.10.2011 12:17:14 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\ds\Desktop
An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,91 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 72,71% Memory free
5,81 Gb Paging File | 4,97 Gb Available in Paging File | 85,50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 189,91 Gb Free Space | 66,38% Space Free | Partition Type: NTFS
Computer Name: DS-PC | User Name: ds | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX850_series" = Canon MX850 series
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{2931F734-260D-4E83-87B3-A9FE8E873192}_is1" = PDF-XChange Shell Extensions
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3526C5B8-60EE-4199-BEFD-6BCC86F051B9}" = TAXMAN 2011
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{61356085-6C51-4DC9-99E6-33ED72304690}" = OmmWriter
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{67C331C0-B345-4617-85B8-AF3D803915D8}_is1" = Xpert-Timer LIGHT Version 1.7.0.526 (ENGLISH)
"{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1" = Poedit
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{6F3D2F66-F050-45E3-BEB1-6523FE6D6690}" = MotoHelper MergeModules
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7FC9307-374E-4017-8E9D-DE1154780480}" = System Requirements Lab for Intel
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Acer Screensaver" = Acer ScreenSaver
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ElsterFormular 11.5.0.4546" = ElsterFormular
"FileZilla Client" = FileZilla Client 3.5.0
"GPL Ghostscript 9.00" = GPL Ghostscript 9.00
"GridVista" = GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"MP Navigator EX 1.1" = Canon MP Navigator EX 1.1
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"WinGimp-2.0_is1" = GIMP 2.6.7
"Zune" = Zune
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.03.2011 13:00:40 | Computer Name = ds-PC | Source = Nokia Software Installer | ID = 1
Description = Nokia Software Installer 3.1.452 (NLib 0.7.487) Das System kann die
angegebene Datei nicht finden. errorcode: -2147024894 File: C:\Users\ds\AppData\Local\Temp\WPDNSE\{72017055-8E6B-5DF0-2D23-5CDB763B54CC}\Resources\icon_exclamation.png
Stack
trace: .\NSInstaller2.cpp(497) : wWinMain .\InstallerDlgDefAppearance.cpp(205) :
CInstallerDlgDefAppearance::LoadConfigFromXml .\NImage.cpp(51) : CNImage::Load .\NFileUtilities.cpp(132)
: CNFileUtilities::CheckFileExists .\NFileUtilities.cpp(128) : CNFileUtilities::CheckFileExists
Error - 16.03.2011 13:11:12 | Computer Name = ds-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: NokiaOviSuite.exe, Version: 3.0.0.290,
Zeitstempel: 0x4d46886f Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16624,
Zeitstempel: 0x4c297c56 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002f36a ID des fehlerhaften
Prozesses: 0x14e8 Startzeit der fehlerhaften Anwendung: 0x01cbe3fc766f8686 Pfad der
fehlerhaften Anwendung: C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\ole32.dll Berichtskennung: 64932327-4ff0-11e0-bd2f-001e331ed9e2
Error - 17.03.2011 07:12:41 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 17.03.2011 07:12:41 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 17.03.2011 07:13:29 | Computer Name = ds-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.03.2011 02:28:25 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2011 02:28:25 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2011 08:37:28 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2011 08:37:28 | Computer Name = ds-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 18.03.2011 08:38:20 | Computer Name = ds-PC | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 31.10.2010 09:36:23 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.11.2010 04:29:20 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2499
seconds with 1680 seconds of active time. This session ended with a crash.
Error - 18.11.2010 11:16:39 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12526
seconds with 180 seconds of active time. This session ended with a crash.
Error - 09.12.2010 17:28:14 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.
Error - 10.04.2011 10:03:16 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.
Error - 15.06.2011 07:59:55 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 568
seconds with 60 seconds of active time. This session ended with a crash.
Error - 01.07.2011 02:23:00 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 73
seconds with 0 seconds of active time. This session ended with a crash.
Error - 14.07.2011 01:18:54 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 113
seconds with 60 seconds of active time. This session ended with a crash.
Error - 22.09.2011 01:12:25 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 91
seconds with 0 seconds of active time. This session ended with a crash.
Error - 03.10.2011 14:41:14 | Computer Name = ds-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6423.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 124
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 04.10.2011 19:03:00 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 04.10.2011 19:45:18 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 05.10.2011 02:35:13 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 05.10.2011 02:35:15 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 05.10.2011 05:32:17 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 05.10.2011 05:33:35 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 05.10.2011 05:33:36 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 05.10.2011 06:09:32 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dritek WMI Service" wurde mit folgendem dienstspezifischem
Fehler beendet: %%0.
Error - 05.10.2011 06:10:55 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 05.10.2011 06:10:58 | Computer Name = ds-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SQL Server VSS Writer" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
< End of report >
______________________________________________________________ GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-10-05 12:58:04
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST932032 rev.0303
Running: 8bczpnb0.exe; Driver: C:\Users\ds\AppData\Local\Temp\pgtdapoc.sys
---- System - GMER 1.0.15 ----
SSDT 94253556 ZwCreateSection
SSDT 9425355B ZwSetContextThread
SSDT 942534F7 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKey + 13D1 83087349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830C0D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 830C7EAC 4 Bytes [56, 35, 25, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 830C824C 4 Bytes [5B, 35, 25, 94]
.text ntkrnlpa.exe!KeRemoveQueueEx + 166F 830C8324 4 Bytes [F7, 34, 25, 94]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f@c8df7c89236b 0x39 0x22 0x1B 0x12 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002556ef9a0f@78471da65bb7 0x14 0xF3 0x65 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f@c8df7c89236b 0x39 0x22 0x1B 0x12 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002556ef9a0f@78471da65bb7 0x14 0xF3 0x65 0x52 ...
---- EOF - GMER 1.0.15 ----
Geändert von Anneschdo (05.10.2011 um 12:46 Uhr) Grund: Forum verrutscht, soll kein CrossPosting sein, ggf. bitte verschieben, falls nicht richtig |
|
05.10.2011, 17:09
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Zitat:
 Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ |
|
06.10.2011, 06:59
| #3 |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Guten Morgen Arne,
__________________hier die log.txt von ESET. Festplatten sind C und D. D ist meine externe Festplatte, die ich nur als sporadisches Daten-Back-up nutze - deswegen sind fast alle Dateien identisch mit C (ich kopiere einfach rüber ab und an). Im Verzeichnis ds liegen auch alle Installationsdateien, auch wenn die Programme schon lang deinstalliert wurden. Jetzt bin ich gespannt, wie es weitergeht. Viele Grüße, Ann Log.txt ESET: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=149793c0dff5af4d9cd513afaa1864ca # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-10-06 05:42:18 # local_time=2011-10-06 07:42:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 65471 54375269 66981 0 # compatibility_mode=5893 16776574 100 94 25225 69466004 0 0 # compatibility_mode=8192 67108863 100 0 244 244 0 0 # scanned=419810 # found=9 # cleaned=0 # scan_time=44925 C:\Users\ds\Desktop\Downloads\cnet_XTInstLightEN_exe.exe a variant of Win32/InstallCore.C application (unable to clean) 00000000000000000000000000000000 I C:\Users\ds\Documents\DS\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I D:\System Volume Information\_restore{FA0CEAAD-9AC9-4161-8426-57672CB9C5D3}\RP464\A0049025.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I D:\System Volume Information\_restore{FA0CEAAD-9AC9-4161-8426-57672CB9C5D3}\RP464\A0049737.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I D:\System Volume Information\_restore{FA0CEAAD-9AC9-4161-8426-57672CB9C5D3}\RP496\A0055154.exe a variant of Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I D:\System Volume Information\_restore{FA0CEAAD-9AC9-4161-8426-57672CB9C5D3}\RP496\A0055310.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I D:\Documents\DS\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I D:\DS\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\c669a2-5b5ae9b2 multiple threats (unable to clean) 00000000000000000000000000000000 I D:\DS\Documents\DS\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I |
|
06.10.2011, 13:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.10.2011, 13:29
| #5 | |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Zitat:
hxxp://download.cnet.com/Xpert-Timer-LIGHT/3000-2076_4-75317208.html Das Programm sollte eigentlich sehr vertrauenswürdig sein, aber vielleicht nicht aus dieser Download-Quelle? Läuft seit Jahren bei mir auf dem PC und sollte jetzt aufs Netbook, darum schon mal runtergeladen. Habe die Lightversion allerdings im Netz fast nicht mehr gefunden (Vollversion unter hxxp://www.xperttimer.de/, brauche ich als Einplatznutzer nicht.) Viele Grüße, Ann |
|
06.10.2011, 14:21
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Ichfrag nach der Quelle, im besser einordnen zu können ob es ein Fehlalarm ist. Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell - "" = AutoRun
O33 - MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\Shell\AutoRun\command - "" = D:\setup.exe -a
[2011.10.04 14:19:28 | 000,000,000 | -HSD | C] -- C:\Users\ds\AppData\Local\3b902557
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? |
|
06.10.2011, 16:33
| #7 |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Eine Frage zu dem OTL-Fix: Vermutlich muss ich prinzipiell nicht nur Virenprogramm und Browser, sondern auch Windows Defender und Windows Firewall schließen, oder? Muss ich auch offline gehen? Also, ich mache das jetzt sowieso, aber würde mich interessieren, ob es nötig ist. Ja, das mit der Quelle hab ich so verstanden. Ich hab mich selbst gefragt (als ich die Datei als "infiziert" aufgeführt sah), ob es möglich ist, dass da irgendwas nicht mit stimmt. Eben weil es die Light-Version eigentlich nicht mehr zu geben scheint. Installiert ist das Programm aus dieser Datei noch nicht. Viele Grüße, Ann |
|
06.10.2011, 19:08
| #8 |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Hab den OTL-Fix gemacht. Hier ist das Log - sieht das gut aus?  Vielen Dank für Deine Mühe bis hierhin und schönen Abend! Ann All processes killed ========== OTL ========== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f769b4-1ded-11df-b693-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16f769b4-1ded-11df-b693-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16f769b4-1ded-11df-b693-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff78b-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff78b-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff78b-1c98-11df-b990-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff78e-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff78e-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff78e-1c98-11df-b990-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff794-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{261ff794-1c98-11df-b990-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{261ff794-1c98-11df-b990-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4af6d7b2-0ce4-11df-b683-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84f8c322-5d48-11df-89ea-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{84f8c322-5d48-11df-89ea-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{84f8c322-5d48-11df-89ea-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a9e2d4f4-5b5f-11df-b9c2-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce0bc62-1deb-11df-b997-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce0bc62-1deb-11df-b997-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce0bc62-1deb-11df-b997-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dce0bc6f-1deb-11df-b997-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dbe598-5b5b-11df-b6db-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4dbe5a9-5b5b-11df-b6db-001e331ed9e2}\ not found. File D:\AutoRun.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f7a7ed38-10ea-11e0-9d4a-001e331ed9e2}\ not found. File D:\setup.exe -a not found. C:\Users\ds\AppData\Local\3b902557\U folder moved successfully. C:\Users\ds\AppData\Local\3b902557 folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: ds ->Temp folder emptied: 86391089 bytes ->Temporary Internet Files folder emptied: 9517733 bytes ->Java cache emptied: 12523829 bytes ->FireFox cache emptied: 203296101 bytes ->Flash cache emptied: 2152 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 930 bytes RecycleBin emptied: 22 bytes Total Files Cleaned = 297,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.29.1 log created on 10062011_194743 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
07.10.2011, 15:46
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2011, 16:27
| #10 |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Hallo Arne, ich habe drei Fragen:
Es wäre nett, Du könntest mir beantworten, wie Du den Stand siehst. Ich würde zwar wirklich gern ein Neuaufsetzen vermeiden, aber wichtiger ist mir, dass ich sicher sein kann, dass alles ok ist. Hier kommt das Log des TDSSKillers (ganz unten). Ich hänge noch einen Screenshot der 2 gefundenen Bedrohungen an. Ich habe das voreingestellte "Skip" gelassen, also nichts in Quarantäne verschoben. Hoffe, das war ok. Das ist ja doch alles schwer zu durchschauen...  Viele Grüße, Ann Log Kaspersky: 17:12:23.0313 1188 TDSS rootkit removing tool 2.6.6.0 Oct 7 2011 12:45:24 17:12:23.0391 1188 ============================================================ 17:12:23.0391 1188 Current date / time: 2011/10/07 17:12:23.0391 17:12:23.0391 1188 SystemInfo: 17:12:23.0391 1188 17:12:23.0391 1188 OS Version: 6.1.7601 ServicePack: 1.0 17:12:23.0391 1188 Product type: Workstation 17:12:23.0391 1188 ComputerName: DS-PC 17:12:23.0391 1188 UserName: ds 17:12:23.0391 1188 Windows directory: C:\Windows 17:12:23.0391 1188 System windows directory: C:\Windows 17:12:23.0391 1188 Processor architecture: Intel x86 17:12:23.0391 1188 Number of processors: 1 17:12:23.0391 1188 Page size: 0x1000 17:12:23.0391 1188 Boot type: Normal boot 17:12:23.0391 1188 ============================================================ 17:12:24.0015 1188 Initialize success 17:12:35.0699 2800 ============================================================ 17:12:35.0699 2800 Scan started 17:12:35.0699 2800 Mode: Manual; SigCheck; TDLFS; 17:12:35.0699 2800 ============================================================ 17:12:36.0386 2800 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 17:12:36.0479 2800 1394ohci - ok 17:12:36.0604 2800 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 17:12:36.0635 2800 ACPI - ok 17:12:36.0729 2800 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 17:12:36.0760 2800 AcpiPmi - ok 17:12:36.0838 2800 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 17:12:36.0869 2800 adp94xx - ok 17:12:36.0916 2800 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 17:12:36.0932 2800 adpahci - ok 17:12:36.0963 2800 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 17:12:36.0979 2800 adpu320 - ok 17:12:37.0072 2800 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 17:12:37.0181 2800 AFD - ok 17:12:37.0291 2800 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 17:12:37.0306 2800 agp440 - ok 17:12:37.0400 2800 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 17:12:37.0431 2800 aic78xx - ok 17:12:37.0556 2800 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 17:12:37.0571 2800 aliide - ok 17:12:37.0618 2800 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 17:12:37.0649 2800 amdagp - ok 17:12:37.0665 2800 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 17:12:37.0681 2800 amdide - ok 17:12:37.0743 2800 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 17:12:37.0821 2800 AmdK8 - ok 17:12:37.0883 2800 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 17:12:37.0961 2800 AmdPPM - ok 17:12:38.0102 2800 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 17:12:38.0133 2800 amdsata - ok 17:12:38.0195 2800 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 17:12:38.0211 2800 amdsbs - ok 17:12:38.0242 2800 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 17:12:38.0258 2800 amdxata - ok 17:12:38.0507 2800 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 17:12:38.0617 2800 AppID - ok 17:12:38.0757 2800 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 17:12:38.0773 2800 arc - ok 17:12:38.0804 2800 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 17:12:38.0819 2800 arcsas - ok 17:12:38.0866 2800 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 17:12:38.0913 2800 AsyncMac - ok 17:12:39.0069 2800 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 17:12:39.0085 2800 atapi - ok 17:12:39.0147 2800 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 17:12:39.0178 2800 avgntflt - ok 17:12:39.0303 2800 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 17:12:39.0319 2800 avipbb - ok 17:12:39.0412 2800 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 17:12:39.0475 2800 b06bdrv - ok 17:12:39.0584 2800 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 17:12:39.0615 2800 b57nd60x - ok 17:12:39.0662 2800 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 17:12:39.0740 2800 Beep - ok 17:12:39.0818 2800 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 17:12:39.0849 2800 blbdrive - ok 17:12:39.0880 2800 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 17:12:39.0927 2800 bowser - ok 17:12:39.0989 2800 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:12:40.0005 2800 BrFiltLo - ok 17:12:40.0052 2800 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:12:40.0114 2800 BrFiltUp - ok 17:12:40.0161 2800 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 17:12:40.0223 2800 Brserid - ok 17:12:40.0286 2800 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 17:12:40.0333 2800 BrSerWdm - ok 17:12:40.0395 2800 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:12:40.0426 2800 BrUsbMdm - ok 17:12:40.0442 2800 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 17:12:40.0551 2800 BrUsbSer - ok 17:12:40.0629 2800 BTCFilterService - ok 17:12:40.0691 2800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 17:12:40.0754 2800 BthEnum - ok 17:12:40.0894 2800 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 17:12:40.0957 2800 BTHMODEM - ok 17:12:41.0019 2800 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 17:12:41.0050 2800 BthPan - ok 17:12:41.0159 2800 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 17:12:41.0206 2800 BTHPORT - ok 17:12:41.0284 2800 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 17:12:41.0300 2800 BTHUSB - ok 17:12:41.0378 2800 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys 17:12:41.0393 2800 btwaudio - ok 17:12:41.0440 2800 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys 17:12:41.0456 2800 btwavdt - ok 17:12:41.0627 2800 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 17:12:41.0627 2800 btwl2cap - ok 17:12:41.0659 2800 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys 17:12:41.0674 2800 btwrchid - ok 17:12:41.0752 2800 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 17:12:41.0815 2800 cdfs - ok 17:12:41.0971 2800 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 17:12:41.0986 2800 cdrom - ok 17:12:42.0049 2800 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 17:12:42.0095 2800 circlass - ok 17:12:42.0158 2800 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 17:12:42.0173 2800 CLFS - ok 17:12:42.0361 2800 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 17:12:42.0376 2800 CmBatt - ok 17:12:42.0470 2800 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 17:12:42.0485 2800 cmdide - ok 17:12:42.0532 2800 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 17:12:42.0563 2800 CNG - ok 17:12:42.0595 2800 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 17:12:42.0610 2800 Compbatt - ok 17:12:42.0719 2800 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 17:12:42.0735 2800 CompositeBus - ok 17:12:42.0829 2800 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 17:12:42.0844 2800 crcdisk - ok 17:12:42.0969 2800 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 17:12:43.0000 2800 CSC - ok 17:12:43.0156 2800 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 17:12:43.0203 2800 DfsC - ok 17:12:43.0297 2800 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 17:12:43.0343 2800 discache - ok 17:12:43.0453 2800 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 17:12:43.0484 2800 Disk - ok 17:12:43.0562 2800 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 17:12:43.0577 2800 DKbFltr - ok 17:12:43.0702 2800 DPMemGridVista (2b3d2909393a3e35f930b78c5f260a2a) C:\Program Files\GridVista\DPMemGridVista.sys 17:12:43.0718 2800 DPMemGridVista - ok 17:12:43.0874 2800 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 17:12:43.0952 2800 drmkaud - ok 17:12:44.0155 2800 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 17:12:44.0186 2800 DXGKrnl - ok 17:12:44.0342 2800 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 17:12:44.0467 2800 ebdrv - ok 17:12:44.0513 2800 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 17:12:44.0545 2800 elxstor - ok 17:12:44.0716 2800 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 17:12:44.0747 2800 ErrDev - ok 17:12:44.0825 2800 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 17:12:44.0872 2800 exfat - ok 17:12:44.0903 2800 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 17:12:44.0950 2800 fastfat - ok 17:12:45.0075 2800 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 17:12:45.0106 2800 fdc - ok 17:12:45.0153 2800 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 17:12:45.0169 2800 FileInfo - ok 17:12:45.0184 2800 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 17:12:45.0278 2800 Filetrace - ok 17:12:45.0387 2800 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 17:12:45.0418 2800 flpydisk - ok 17:12:45.0465 2800 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 17:12:45.0496 2800 FltMgr - ok 17:12:45.0543 2800 FPSensor (6230fbbb9ad4c5990588e6a2ff8814d0) C:\Windows\system32\Drivers\FPSensor.sys 17:12:45.0559 2800 FPSensor - ok 17:12:45.0605 2800 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 17:12:45.0621 2800 FsDepends - ok 17:12:45.0652 2800 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 17:12:45.0668 2800 Fs_Rec - ok 17:12:45.0777 2800 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 17:12:45.0808 2800 fvevol - ok 17:12:45.0902 2800 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:12:45.0917 2800 gagp30kx - ok 17:12:45.0964 2800 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:12:45.0964 2800 GEARAspiWDM - ok 17:12:46.0089 2800 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys 17:12:46.0120 2800 grmnusb - ok 17:12:46.0307 2800 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 17:12:46.0339 2800 hcw85cir - ok 17:12:46.0432 2800 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 17:12:46.0495 2800 HDAudBus - ok 17:12:46.0541 2800 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 17:12:46.0573 2800 HidBatt - ok 17:12:46.0604 2800 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 17:12:46.0635 2800 HidBth - ok 17:12:46.0760 2800 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 17:12:46.0791 2800 HidIr - ok 17:12:46.0994 2800 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 17:12:47.0009 2800 HidUsb - ok 17:12:47.0087 2800 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 17:12:47.0103 2800 HpSAMD - ok 17:12:47.0259 2800 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 17:12:47.0321 2800 HTTP - ok 17:12:47.0462 2800 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys 17:12:47.0540 2800 hwdatacard - ok 17:12:47.0602 2800 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 17:12:47.0618 2800 hwpolicy - ok 17:12:47.0665 2800 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys 17:12:47.0727 2800 hwusbdev - ok 17:12:47.0930 2800 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 17:12:47.0977 2800 i8042prt - ok 17:12:48.0070 2800 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys 17:12:48.0086 2800 iaStor - ok 17:12:48.0195 2800 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 17:12:48.0226 2800 iaStorV - ok 17:12:48.0429 2800 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:12:48.0663 2800 igfx - ok 17:12:48.0803 2800 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 17:12:48.0819 2800 iirsp - ok 17:12:48.0881 2800 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys 17:12:48.0897 2800 int15 ( UnsignedFile.Multi.Generic ) - warning 17:12:48.0897 2800 int15 - detected UnsignedFile.Multi.Generic (1) 17:12:49.0022 2800 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys 17:12:49.0100 2800 IntcAzAudAddService - ok 17:12:49.0147 2800 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys 17:12:49.0162 2800 IntcHdmiAddService - ok 17:12:49.0349 2800 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 17:12:49.0365 2800 intelide - ok 17:12:49.0474 2800 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 17:12:49.0490 2800 intelppm - ok 17:12:49.0537 2800 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:12:49.0615 2800 IpFilterDriver - ok 17:12:49.0849 2800 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 17:12:49.0864 2800 IPMIDRV - ok 17:12:49.0927 2800 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 17:12:50.0005 2800 IPNAT - ok 17:12:50.0223 2800 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 17:12:50.0254 2800 IRENUM - ok 17:12:50.0348 2800 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 17:12:50.0364 2800 isapnp - ok 17:12:50.0442 2800 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 17:12:50.0473 2800 iScsiPrt - ok 17:12:50.0613 2800 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 17:12:50.0629 2800 kbdclass - ok 17:12:50.0722 2800 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 17:12:50.0754 2800 kbdhid - ok 17:12:50.0878 2800 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 17:12:50.0894 2800 KMWDFILTERx86 - ok 17:12:50.0972 2800 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 17:12:50.0988 2800 KSecDD - ok 17:12:51.0112 2800 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 17:12:51.0128 2800 KSecPkg - ok 17:12:51.0268 2800 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 17:12:51.0346 2800 lltdio - ok 17:12:51.0580 2800 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:12:51.0596 2800 LSI_FC - ok 17:12:51.0658 2800 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:12:51.0674 2800 LSI_SAS - ok 17:12:51.0736 2800 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:12:51.0752 2800 LSI_SAS2 - ok 17:12:51.0799 2800 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:12:51.0814 2800 LSI_SCSI - ok 17:12:51.0908 2800 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 17:12:51.0986 2800 luafv - ok 17:12:52.0189 2800 MBAMSwissArmy - ok 17:12:52.0267 2800 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 17:12:52.0298 2800 megasas - ok 17:12:52.0329 2800 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 17:12:52.0345 2800 MegaSR - ok 17:12:52.0376 2800 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 17:12:52.0438 2800 Modem - ok 17:12:52.0485 2800 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 17:12:52.0516 2800 monitor - ok 17:12:52.0610 2800 motandroidusb - ok 17:12:52.0641 2800 motccgp - ok 17:12:52.0657 2800 motccgpfl - ok 17:12:52.0672 2800 motmodem - ok 17:12:52.0688 2800 MotoSwitchService - ok 17:12:52.0704 2800 Motousbnet - ok 17:12:52.0735 2800 motusbdevice - ok 17:12:52.0828 2800 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 17:12:52.0844 2800 mouclass - ok 17:12:52.0922 2800 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 17:12:52.0984 2800 mouhid - ok 17:12:53.0109 2800 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 17:12:53.0125 2800 mountmgr - ok 17:12:53.0234 2800 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 17:12:53.0250 2800 mpio - ok 17:12:53.0296 2800 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 17:12:53.0359 2800 mpsdrv - ok 17:12:53.0468 2800 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 17:12:53.0484 2800 MRxDAV - ok 17:12:53.0593 2800 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:12:53.0608 2800 mrxsmb - ok 17:12:53.0702 2800 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:12:53.0733 2800 mrxsmb10 - ok 17:12:53.0842 2800 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:12:53.0905 2800 mrxsmb20 - ok 17:12:53.0952 2800 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 17:12:53.0967 2800 msahci - ok 17:12:54.0061 2800 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 17:12:54.0092 2800 msdsm - ok 17:12:54.0232 2800 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 17:12:54.0279 2800 Msfs - ok 17:12:54.0295 2800 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 17:12:54.0388 2800 mshidkmdf - ok 17:12:54.0451 2800 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 17:12:54.0466 2800 msisadrv - ok 17:12:54.0544 2800 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 17:12:54.0591 2800 MSKSSRV - ok 17:12:54.0607 2800 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 17:12:54.0654 2800 MSPCLOCK - ok 17:12:54.0732 2800 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 17:12:54.0825 2800 MSPQM - ok 17:12:54.0903 2800 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 17:12:54.0919 2800 MsRPC - ok 17:12:55.0044 2800 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 17:12:55.0059 2800 mssmbios - ok 17:12:55.0122 2800 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 17:12:55.0168 2800 MSTEE - ok 17:12:55.0200 2800 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 17:12:55.0215 2800 MTConfig - ok 17:12:55.0262 2800 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 17:12:55.0278 2800 Mup - ok 17:12:55.0356 2800 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 17:12:55.0387 2800 NativeWifiP - ok 17:12:55.0496 2800 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 17:12:55.0543 2800 NDIS - ok 17:12:55.0605 2800 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 17:12:55.0683 2800 NdisCap - ok 17:12:55.0746 2800 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 17:12:55.0808 2800 NdisTapi - ok 17:12:55.0886 2800 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 17:12:55.0917 2800 Ndisuio - ok 17:12:56.0011 2800 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 17:12:56.0089 2800 NdisWan - ok 17:12:56.0167 2800 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 17:12:56.0214 2800 NDProxy - ok 17:12:56.0292 2800 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 17:12:56.0338 2800 NetBIOS - ok 17:12:56.0432 2800 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 17:12:56.0510 2800 NetBT - ok 17:12:56.0853 2800 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys 17:12:57.0103 2800 NETw5s32 - ok 17:12:57.0243 2800 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 17:12:57.0430 2800 netw5v32 - ok 17:12:57.0540 2800 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 17:12:57.0555 2800 nfrd960 - ok 17:12:57.0602 2800 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 17:12:57.0664 2800 Npfs - ok 17:12:57.0696 2800 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 17:12:57.0742 2800 nsiproxy - ok 17:12:57.0805 2800 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 17:12:57.0883 2800 Ntfs - ok 17:12:57.0992 2800 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys 17:12:58.0008 2800 NTIDrvr - ok 17:12:58.0070 2800 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 17:12:58.0117 2800 Null - ok 17:12:58.0148 2800 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 17:12:58.0164 2800 nvraid - ok 17:12:58.0195 2800 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 17:12:58.0226 2800 nvstor - ok 17:12:58.0304 2800 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 17:12:58.0320 2800 nv_agp - ok 17:12:58.0491 2800 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 17:12:58.0538 2800 ohci1394 - ok 17:12:58.0725 2800 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 17:12:58.0772 2800 Parport - ok 17:12:58.0866 2800 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 17:12:58.0881 2800 partmgr - ok 17:12:58.0912 2800 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 17:12:58.0944 2800 Parvdm - ok 17:12:59.0068 2800 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 17:12:59.0131 2800 pccsmcfd - ok 17:12:59.0193 2800 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 17:12:59.0209 2800 pci - ok 17:12:59.0302 2800 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 17:12:59.0318 2800 pciide - ok 17:12:59.0380 2800 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 17:12:59.0396 2800 pcmcia - ok 17:12:59.0427 2800 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 17:12:59.0443 2800 pcw - ok 17:12:59.0474 2800 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 17:12:59.0568 2800 PEAUTH - ok 17:12:59.0661 2800 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 17:12:59.0724 2800 PptpMiniport - ok 17:12:59.0770 2800 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 17:12:59.0833 2800 Processor - ok 17:13:00.0020 2800 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 17:13:00.0082 2800 Psched - ok 17:13:00.0160 2800 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 17:13:00.0254 2800 ql2300 - ok 17:13:00.0285 2800 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 17:13:00.0301 2800 ql40xx - ok 17:13:00.0332 2800 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 17:13:00.0348 2800 QWAVEdrv - ok 17:13:00.0379 2800 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 17:13:00.0410 2800 RasAcd - ok 17:13:00.0457 2800 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:13:00.0488 2800 RasAgileVpn - ok 17:13:00.0519 2800 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:13:00.0582 2800 Rasl2tp - ok 17:13:00.0628 2800 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 17:13:00.0675 2800 RasPppoe - ok 17:13:00.0691 2800 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 17:13:00.0738 2800 RasSstp - ok 17:13:00.0847 2800 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 17:13:00.0894 2800 rdbss - ok 17:13:00.0940 2800 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 17:13:00.0972 2800 rdpbus - ok 17:13:01.0065 2800 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:13:01.0143 2800 RDPCDD - ok 17:13:01.0221 2800 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 17:13:01.0268 2800 RDPDR - ok 17:13:01.0408 2800 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 17:13:01.0455 2800 RDPENCDD - ok 17:13:01.0502 2800 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 17:13:01.0580 2800 RDPREFMP - ok 17:13:01.0658 2800 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 17:13:01.0689 2800 RDPWD - ok 17:13:01.0830 2800 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 17:13:01.0845 2800 rdyboost - ok 17:13:01.0876 2800 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 17:13:01.0892 2800 regi - ok 17:13:02.0032 2800 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 17:13:02.0110 2800 RFCOMM - ok 17:13:02.0329 2800 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 17:13:02.0407 2800 rspndr - ok 17:13:02.0516 2800 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys 17:13:02.0547 2800 RSUSBSTOR - ok 17:13:02.0641 2800 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 17:13:02.0688 2800 RTL8167 - ok 17:13:02.0750 2800 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys 17:13:02.0781 2800 RTL8169 - ok 17:13:02.0859 2800 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 17:13:02.0890 2800 s3cap - ok 17:13:02.0968 2800 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 17:13:02.0984 2800 sbp2port - ok 17:13:03.0093 2800 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 17:13:03.0156 2800 scfilter - ok 17:13:03.0312 2800 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:13:03.0374 2800 secdrv - ok 17:13:03.0421 2800 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 17:13:03.0483 2800 Serenum - ok 17:13:03.0546 2800 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 17:13:03.0608 2800 Serial - ok 17:13:03.0748 2800 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 17:13:03.0811 2800 sermouse - ok 17:13:04.0076 2800 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 17:13:04.0138 2800 sffdisk - ok 17:13:04.0185 2800 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 17:13:04.0263 2800 sffp_mmc - ok 17:13:04.0310 2800 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 17:13:04.0357 2800 sffp_sd - ok 17:13:04.0419 2800 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 17:13:04.0466 2800 sfloppy - ok 17:13:04.0638 2800 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 17:13:04.0653 2800 sisagp - ok 17:13:04.0700 2800 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:13:04.0731 2800 SiSRaid2 - ok 17:13:04.0762 2800 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 17:13:04.0778 2800 SiSRaid4 - ok 17:13:04.0903 2800 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 17:13:04.0950 2800 Smb - ok 17:13:05.0059 2800 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 17:13:05.0074 2800 spldr - ok 17:13:05.0152 2800 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 17:13:05.0184 2800 srv - ok 17:13:05.0277 2800 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 17:13:05.0308 2800 srv2 - ok 17:13:05.0433 2800 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 17:13:05.0496 2800 srvnet - ok 17:13:05.0714 2800 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 17:13:05.0714 2800 ssmdrv - ok 17:13:05.0792 2800 ssm_bus (14622ae81c72b08691eedaabc1d4a129) C:\Windows\system32\DRIVERS\ssm_bus.sys 17:13:05.0808 2800 ssm_bus - ok 17:13:05.0854 2800 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\Windows\system32\DRIVERS\ssm_mdfl.sys 17:13:05.0870 2800 ssm_mdfl - ok 17:13:05.0901 2800 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\Windows\system32\DRIVERS\ssm_mdm.sys 17:13:05.0917 2800 ssm_mdm - ok 17:13:06.0010 2800 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys 17:13:06.0010 2800 StarOpen ( UnsignedFile.Multi.Generic ) - warning 17:13:06.0010 2800 StarOpen - detected UnsignedFile.Multi.Generic (1) 17:13:06.0073 2800 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 17:13:06.0088 2800 stexstor - ok 17:13:06.0120 2800 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 17:13:06.0182 2800 StillCam - ok 17:13:06.0260 2800 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 17:13:06.0276 2800 storflt - ok 17:13:06.0416 2800 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 17:13:06.0432 2800 storvsc - ok 17:13:06.0541 2800 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 17:13:06.0556 2800 swenum - ok 17:13:06.0650 2800 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys 17:13:06.0666 2800 SynTP - ok 17:13:06.0759 2800 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys 17:13:06.0822 2800 Tcpip - ok 17:13:06.0915 2800 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys 17:13:06.0962 2800 TCPIP6 - ok 17:13:07.0071 2800 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 17:13:07.0134 2800 tcpipreg - ok 17:13:07.0243 2800 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 17:13:07.0305 2800 TDPIPE - ok 17:13:07.0446 2800 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 17:13:07.0492 2800 TDTCP - ok 17:13:07.0586 2800 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 17:13:07.0648 2800 tdx - ok 17:13:07.0789 2800 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 17:13:07.0804 2800 TermDD - ok 17:13:07.0945 2800 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:13:08.0007 2800 tssecsrv - ok 17:13:08.0163 2800 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 17:13:08.0194 2800 TsUsbFlt - ok 17:13:08.0413 2800 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 17:13:08.0491 2800 tunnel - ok 17:13:08.0569 2800 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 17:13:08.0584 2800 uagp35 - ok 17:13:08.0678 2800 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 17:13:08.0725 2800 udfs - ok 17:13:08.0912 2800 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 17:13:08.0928 2800 uliagpkx - ok 17:13:09.0037 2800 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 17:13:09.0068 2800 umbus - ok 17:13:09.0193 2800 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 17:13:09.0255 2800 UmPass - ok 17:13:09.0349 2800 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 17:13:09.0380 2800 USBAAPL - ok 17:13:09.0427 2800 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 17:13:09.0474 2800 usbccgp - ok 17:13:09.0536 2800 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 17:13:09.0583 2800 usbcir - ok 17:13:09.0661 2800 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 17:13:09.0754 2800 usbehci - ok 17:13:09.0801 2800 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 17:13:09.0864 2800 usbhub - ok 17:13:09.0926 2800 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 17:13:09.0957 2800 usbohci - ok 17:13:10.0082 2800 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 17:13:10.0113 2800 usbprint - ok 17:13:10.0160 2800 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 17:13:10.0207 2800 usbscan - ok 17:13:10.0394 2800 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys 17:13:10.0456 2800 usbser - ok 17:13:10.0534 2800 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS 17:13:10.0550 2800 USBSTOR - ok 17:13:10.0597 2800 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 17:13:10.0628 2800 usbuhci - ok 17:13:10.0800 2800 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 17:13:10.0846 2800 usbvideo - ok 17:13:10.0956 2800 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 17:13:10.0971 2800 vdrvroot - ok 17:13:11.0034 2800 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 17:13:11.0112 2800 vga - ok 17:13:11.0158 2800 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 17:13:11.0205 2800 VgaSave - ok 17:13:11.0299 2800 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 17:13:11.0330 2800 vhdmp - ok 17:13:11.0424 2800 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 17:13:11.0439 2800 viaagp - ok 17:13:11.0470 2800 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 17:13:11.0502 2800 ViaC7 - ok 17:13:11.0595 2800 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 17:13:11.0611 2800 viaide - ok 17:13:11.0704 2800 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 17:13:11.0720 2800 vmbus - ok 17:13:11.0798 2800 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 17:13:11.0860 2800 VMBusHID - ok 17:13:11.0923 2800 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 17:13:11.0938 2800 volmgr - ok 17:13:12.0001 2800 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 17:13:12.0032 2800 volmgrx - ok 17:13:12.0126 2800 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 17:13:12.0157 2800 volsnap - ok 17:13:12.0204 2800 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 17:13:12.0219 2800 vsmraid - ok 17:13:12.0266 2800 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 17:13:12.0297 2800 vwifibus - ok 17:13:12.0391 2800 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 17:13:12.0422 2800 VWiFiFlt - ok 17:13:12.0469 2800 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 17:13:12.0484 2800 vwifimp - ok 17:13:12.0562 2800 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 17:13:12.0594 2800 WacomPen - ok 17:13:12.0750 2800 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:13:12.0796 2800 WANARP - ok 17:13:12.0812 2800 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:13:12.0843 2800 Wanarpv6 - ok 17:13:12.0968 2800 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 17:13:12.0984 2800 Wd - ok 17:13:13.0030 2800 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 17:13:13.0062 2800 Wdf01000 - ok 17:13:13.0218 2800 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 17:13:13.0264 2800 WfpLwf - ok 17:13:13.0296 2800 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 17:13:13.0311 2800 WIMMount - ok 17:13:13.0530 2800 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 17:13:13.0545 2800 WinUsb - ok 17:13:13.0732 2800 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 17:13:13.0764 2800 WmiAcpi - ok 17:13:14.0029 2800 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 17:13:14.0076 2800 ws2ifsl - ok 17:13:14.0185 2800 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 17:13:14.0247 2800 WudfPf - ok 17:13:14.0372 2800 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:13:14.0419 2800 WUDFRd - ok 17:13:14.0512 2800 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:13:14.0637 2800 \Device\Harddisk0\DR0 - ok 17:13:14.0637 2800 Boot (0x1200) (efac8ac2bfe0b0931fec0cd111c67a64) \Device\Harddisk0\DR0\Partition0 17:13:14.0637 2800 \Device\Harddisk0\DR0\Partition0 - ok 17:13:14.0653 2800 ============================================================ 17:13:14.0653 2800 Scan finished 17:13:14.0653 2800 ============================================================ 17:13:14.0668 2584 Detected object count: 2 17:13:14.0668 2584 Actual detected object count: 2 17:15:04.0725 2584 int15 ( UnsignedFile.Multi.Generic ) - skipped by user 17:15:04.0725 2584 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:15:04.0741 2584 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 17:15:04.0741 2584 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:15:15.0864 3572 ============================================================ 17:15:15.0864 3572 Scan started 17:15:15.0864 3572 Mode: Manual; SigCheck; TDLFS; 17:15:15.0864 3572 ============================================================ 17:15:16.0488 3572 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 17:15:16.0519 3572 1394ohci - ok 17:15:16.0613 3572 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 17:15:16.0644 3572 ACPI - ok 17:15:16.0737 3572 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 17:15:16.0769 3572 AcpiPmi - ok 17:15:16.0831 3572 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 17:15:16.0862 3572 adp94xx - ok 17:15:16.0893 3572 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 17:15:16.0925 3572 adpahci - ok 17:15:16.0956 3572 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 17:15:16.0971 3572 adpu320 - ok 17:15:17.0034 3572 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 17:15:17.0049 3572 AFD - ok 17:15:17.0143 3572 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 17:15:17.0159 3572 agp440 - ok 17:15:17.0252 3572 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 17:15:17.0283 3572 aic78xx - ok 17:15:17.0455 3572 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 17:15:17.0471 3572 aliide - ok 17:15:17.0486 3572 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 17:15:17.0517 3572 amdagp - ok 17:15:17.0533 3572 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 17:15:17.0549 3572 amdide - ok 17:15:17.0611 3572 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 17:15:17.0627 3572 AmdK8 - ok 17:15:17.0658 3572 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 17:15:17.0673 3572 AmdPPM - ok 17:15:17.0720 3572 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 17:15:17.0736 3572 amdsata - ok 17:15:17.0767 3572 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 17:15:17.0783 3572 amdsbs - ok 17:15:17.0814 3572 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 17:15:17.0829 3572 amdxata - ok 17:15:17.0923 3572 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 17:15:17.0970 3572 AppID - ok 17:15:18.0032 3572 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 17:15:18.0048 3572 arc - ok 17:15:18.0079 3572 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 17:15:18.0095 3572 arcsas - ok 17:15:18.0126 3572 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 17:15:18.0157 3572 AsyncMac - ok 17:15:18.0251 3572 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 17:15:18.0266 3572 atapi - ok 17:15:18.0313 3572 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys 17:15:18.0344 3572 avgntflt - ok 17:15:18.0375 3572 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys 17:15:18.0391 3572 avipbb - ok 17:15:18.0453 3572 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 17:15:18.0485 3572 b06bdrv - ok 17:15:18.0516 3572 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 17:15:18.0547 3572 b57nd60x - ok 17:15:18.0578 3572 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 17:15:18.0625 3572 Beep - ok 17:15:18.0656 3572 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 17:15:18.0672 3572 blbdrive - ok 17:15:18.0703 3572 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 17:15:18.0719 3572 bowser - ok 17:15:18.0781 3572 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 17:15:18.0797 3572 BrFiltLo - ok 17:15:18.0828 3572 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 17:15:18.0843 3572 BrFiltUp - ok 17:15:18.0906 3572 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 17:15:18.0921 3572 Brserid - ok 17:15:18.0953 3572 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 17:15:18.0984 3572 BrSerWdm - ok 17:15:19.0015 3572 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 17:15:19.0031 3572 BrUsbMdm - ok 17:15:19.0046 3572 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 17:15:19.0062 3572 BrUsbSer - ok 17:15:19.0077 3572 BTCFilterService - ok 17:15:19.0124 3572 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys 17:15:19.0140 3572 BthEnum - ok 17:15:19.0171 3572 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 17:15:19.0187 3572 BTHMODEM - ok 17:15:19.0233 3572 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 17:15:19.0249 3572 BthPan - ok 17:15:19.0296 3572 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys 17:15:19.0327 3572 BTHPORT - ok 17:15:19.0374 3572 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys 17:15:19.0389 3572 BTHUSB - ok 17:15:19.0436 3572 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\Windows\system32\drivers\btwaudio.sys 17:15:19.0436 3572 btwaudio - ok 17:15:19.0467 3572 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\Windows\system32\drivers\btwavdt.sys 17:15:19.0483 3572 btwavdt - ok 17:15:19.0514 3572 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\Windows\system32\DRIVERS\btwl2cap.sys 17:15:19.0530 3572 btwl2cap - ok 17:15:19.0545 3572 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\Windows\system32\DRIVERS\btwrchid.sys 17:15:19.0561 3572 btwrchid - ok 17:15:19.0623 3572 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 17:15:19.0670 3572 cdfs - ok 17:15:19.0873 3572 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 17:15:19.0889 3572 cdrom - ok 17:15:20.0029 3572 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 17:15:20.0060 3572 circlass - ok 17:15:20.0123 3572 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 17:15:20.0138 3572 CLFS - ok 17:15:20.0185 3572 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 17:15:20.0201 3572 CmBatt - ok 17:15:20.0279 3572 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 17:15:20.0294 3572 cmdide - ok 17:15:20.0325 3572 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 17:15:20.0357 3572 CNG - ok 17:15:20.0403 3572 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 17:15:20.0419 3572 Compbatt - ok 17:15:20.0513 3572 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 17:15:20.0528 3572 CompositeBus - ok 17:15:20.0591 3572 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 17:15:20.0606 3572 crcdisk - ok 17:15:20.0715 3572 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 17:15:20.0747 3572 CSC - ok 17:15:20.0856 3572 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 17:15:20.0887 3572 DfsC - ok 17:15:20.0934 3572 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 17:15:20.0965 3572 discache - ok 17:15:20.0996 3572 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 17:15:21.0012 3572 Disk - ok 17:15:21.0059 3572 DKbFltr (c701324c9e0c25dd9d60311bd87fbc84) C:\Windows\system32\DRIVERS\DKbFltr.sys 17:15:21.0074 3572 DKbFltr - ok 17:15:21.0183 3572 DPMemGridVista (2b3d2909393a3e35f930b78c5f260a2a) C:\Program Files\GridVista\DPMemGridVista.sys 17:15:21.0199 3572 DPMemGridVista - ok 17:15:21.0355 3572 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 17:15:21.0386 3572 drmkaud - ok 17:15:21.0464 3572 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 17:15:21.0495 3572 DXGKrnl - ok 17:15:21.0636 3572 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 17:15:21.0698 3572 ebdrv - ok 17:15:21.0776 3572 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 17:15:21.0807 3572 elxstor - ok 17:15:21.0917 3572 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 17:15:21.0932 3572 ErrDev - ok 17:15:22.0010 3572 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 17:15:22.0057 3572 exfat - ok 17:15:22.0088 3572 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 17:15:22.0119 3572 fastfat - ok 17:15:22.0151 3572 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 17:15:22.0166 3572 fdc - ok 17:15:22.0197 3572 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 17:15:22.0213 3572 FileInfo - ok 17:15:22.0244 3572 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 17:15:22.0291 3572 Filetrace - ok 17:15:22.0322 3572 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 17:15:22.0338 3572 flpydisk - ok 17:15:22.0369 3572 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 17:15:22.0385 3572 FltMgr - ok 17:15:22.0494 3572 FPSensor (6230fbbb9ad4c5990588e6a2ff8814d0) C:\Windows\system32\Drivers\FPSensor.sys 17:15:22.0494 3572 FPSensor - ok 17:15:22.0556 3572 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 17:15:22.0572 3572 FsDepends - ok 17:15:22.0587 3572 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 17:15:22.0619 3572 Fs_Rec - ok 17:15:22.0712 3572 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 17:15:22.0728 3572 fvevol - ok 17:15:22.0790 3572 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 17:15:22.0806 3572 gagp30kx - ok 17:15:22.0853 3572 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 17:15:22.0853 3572 GEARAspiWDM - ok 17:15:22.0946 3572 grmnusb (6003bc70f1a8307262bd3c941bda0b7e) C:\Windows\system32\drivers\grmnusb.sys 17:15:22.0962 3572 grmnusb - ok 17:15:23.0040 3572 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 17:15:23.0055 3572 hcw85cir - ok 17:15:23.0149 3572 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 17:15:23.0165 3572 HDAudBus - ok 17:15:23.0196 3572 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 17:15:23.0211 3572 HidBatt - ok 17:15:23.0243 3572 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 17:15:23.0258 3572 HidBth - ok 17:15:23.0289 3572 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 17:15:23.0321 3572 HidIr - ok 17:15:23.0414 3572 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 17:15:23.0430 3572 HidUsb - ok 17:15:23.0477 3572 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 17:15:23.0492 3572 HpSAMD - ok 17:15:23.0601 3572 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 17:15:23.0648 3572 HTTP - ok 17:15:23.0757 3572 hwdatacard (348c3a9d01e68a0222a246346924aa55) C:\Windows\system32\DRIVERS\ewusbmdm.sys 17:15:23.0789 3572 hwdatacard - ok 17:15:23.0882 3572 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 17:15:23.0898 3572 hwpolicy - ok 17:15:23.0929 3572 hwusbdev (460b1945c3e6b0419a76e1b507b90b71) C:\Windows\system32\DRIVERS\ewusbdev.sys 17:15:23.0960 3572 hwusbdev - ok 17:15:24.0054 3572 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 17:15:24.0069 3572 i8042prt - ok 17:15:24.0147 3572 iaStor (d483687eace0c065ee772481a96e05f5) C:\Windows\system32\DRIVERS\iaStor.sys 17:15:24.0163 3572 iaStor - ok 17:15:24.0210 3572 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 17:15:24.0241 3572 iaStorV - ok 17:15:24.0491 3572 igfx (36cc40b02ae593d6152ac8bd657720af) C:\Windows\system32\DRIVERS\igdkmd32.sys 17:15:24.0600 3572 igfx - ok 17:15:24.0662 3572 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 17:15:24.0678 3572 iirsp - ok 17:15:24.0740 3572 int15 (4d8d5b1c895ea0f2a721b98a7ce198f1) C:\Windows\system32\drivers\int15.sys 17:15:24.0756 3572 int15 ( UnsignedFile.Multi.Generic ) - warning 17:15:24.0756 3572 int15 - detected UnsignedFile.Multi.Generic (1) 17:15:24.0865 3572 IntcAzAudAddService (f2baa4ff548f7f0317f7638951c1cd9c) C:\Windows\system32\drivers\RTKVHDA.sys 17:15:24.0943 3572 IntcAzAudAddService - ok 17:15:24.0974 3572 IntcHdmiAddService (e63cd0d9aa8d406cabde5aa718936f40) C:\Windows\system32\drivers\IntcHdmi.sys 17:15:24.0990 3572 IntcHdmiAddService - ok 17:15:25.0083 3572 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 17:15:25.0099 3572 intelide - ok 17:15:25.0161 3572 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 17:15:25.0193 3572 intelppm - ok 17:15:25.0239 3572 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 17:15:25.0271 3572 IpFilterDriver - ok 17:15:25.0364 3572 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 17:15:25.0395 3572 IPMIDRV - ok 17:15:25.0442 3572 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 17:15:25.0489 3572 IPNAT - ok 17:15:25.0536 3572 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 17:15:25.0551 3572 IRENUM - ok 17:15:25.0629 3572 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 17:15:25.0645 3572 isapnp - ok 17:15:25.0739 3572 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 17:15:25.0754 3572 iScsiPrt - ok 17:15:25.0848 3572 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 17:15:25.0879 3572 kbdclass - ok 17:15:25.0957 3572 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 17:15:25.0973 3572 kbdhid - ok 17:15:26.0019 3572 KMWDFILTERx86 (4476fe98aaf505acdcd3ee6360aabec1) C:\Windows\system32\DRIVERS\KMWDFILTER.sys 17:15:26.0019 3572 KMWDFILTERx86 - ok 17:15:26.0082 3572 KSecDD (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys 17:15:26.0113 3572 KSecDD - ok 17:15:26.0175 3572 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 17:15:26.0191 3572 KSecPkg - ok 17:15:26.0238 3572 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 17:15:26.0300 3572 lltdio - ok 17:15:26.0347 3572 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 17:15:26.0363 3572 LSI_FC - ok 17:15:26.0394 3572 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 17:15:26.0409 3572 LSI_SAS - ok 17:15:26.0425 3572 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 17:15:26.0441 3572 LSI_SAS2 - ok 17:15:26.0472 3572 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 17:15:26.0487 3572 LSI_SCSI - ok 17:15:26.0519 3572 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 17:15:26.0565 3572 luafv - ok 17:15:26.0581 3572 MBAMSwissArmy - ok 17:15:26.0612 3572 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 17:15:26.0628 3572 megasas - ok 17:15:26.0643 3572 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 17:15:26.0675 3572 MegaSR - ok 17:15:26.0690 3572 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 17:15:26.0737 3572 Modem - ok 17:15:26.0768 3572 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 17:15:26.0799 3572 monitor - ok 17:15:26.0815 3572 motandroidusb - ok 17:15:26.0831 3572 motccgp - ok 17:15:26.0846 3572 motccgpfl - ok 17:15:26.0862 3572 motmodem - ok 17:15:26.0877 3572 MotoSwitchService - ok 17:15:26.0893 3572 Motousbnet - ok 17:15:26.0909 3572 motusbdevice - ok 17:15:27.0002 3572 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 17:15:27.0033 3572 mouclass - ok 17:15:27.0080 3572 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 17:15:27.0096 3572 mouhid - ok 17:15:27.0174 3572 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 17:15:27.0189 3572 mountmgr - ok 17:15:27.0283 3572 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 17:15:27.0299 3572 mpio - ok 17:15:27.0330 3572 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 17:15:27.0377 3572 mpsdrv - ok 17:15:27.0470 3572 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 17:15:27.0486 3572 MRxDAV - ok 17:15:27.0595 3572 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 17:15:27.0611 3572 mrxsmb - ok 17:15:27.0657 3572 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 17:15:27.0673 3572 mrxsmb10 - ok 17:15:27.0782 3572 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 17:15:27.0798 3572 mrxsmb20 - ok 17:15:27.0891 3572 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 17:15:27.0907 3572 msahci - ok 17:15:28.0001 3572 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 17:15:28.0016 3572 msdsm - ok 17:15:28.0094 3572 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 17:15:28.0141 3572 Msfs - ok 17:15:28.0172 3572 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 17:15:28.0203 3572 mshidkmdf - ok 17:15:28.0313 3572 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 17:15:28.0328 3572 msisadrv - ok 17:15:28.0437 3572 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 17:15:28.0469 3572 MSKSSRV - ok 17:15:28.0500 3572 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 17:15:28.0531 3572 MSPCLOCK - ok 17:15:28.0547 3572 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 17:15:28.0593 3572 MSPQM - ok 17:15:28.0609 3572 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 17:15:28.0625 3572 MsRPC - ok 17:15:28.0734 3572 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 17:15:28.0749 3572 mssmbios - ok 17:15:28.0796 3572 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 17:15:28.0843 3572 MSTEE - ok 17:15:28.0874 3572 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 17:15:28.0890 3572 MTConfig - ok 17:15:28.0921 3572 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 17:15:28.0937 3572 Mup - ok 17:15:28.0999 3572 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 17:15:29.0030 3572 NativeWifiP - ok 17:15:29.0124 3572 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 17:15:29.0171 3572 NDIS - ok 17:15:29.0233 3572 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 17:15:29.0264 3572 NdisCap - ok 17:15:29.0295 3572 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 17:15:29.0342 3572 NdisTapi - ok 17:15:29.0420 3572 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 17:15:29.0467 3572 Ndisuio - ok 17:15:29.0561 3572 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 17:15:29.0607 3572 NdisWan - ok 17:15:29.0701 3572 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 17:15:29.0748 3572 NDProxy - ok 17:15:29.0795 3572 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 17:15:29.0841 3572 NetBIOS - ok 17:15:29.0935 3572 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 17:15:29.0982 3572 NetBT - ok 17:15:30.0185 3572 NETw5s32 (ef51b405ad8acaae6f0231290d20f516) C:\Windows\system32\DRIVERS\NETw5s32.sys 17:15:30.0309 3572 NETw5s32 - ok 17:15:30.0450 3572 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 17:15:30.0528 3572 netw5v32 - ok 17:15:30.0590 3572 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 17:15:30.0606 3572 nfrd960 - ok 17:15:30.0653 3572 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 17:15:30.0699 3572 Npfs - ok 17:15:30.0731 3572 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 17:15:30.0762 3572 nsiproxy - ok 17:15:30.0824 3572 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 17:15:30.0871 3572 Ntfs - ok 17:15:30.0918 3572 NTIDrvr (6dcaa65f49ef3b97a5cffc0cb5de1c2f) C:\Windows\system32\Drivers\NTIDrvr.sys 17:15:30.0918 3572 NTIDrvr - ok 17:15:30.0965 3572 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 17:15:31.0011 3572 Null - ok 17:15:31.0043 3572 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 17:15:31.0058 3572 nvraid - ok 17:15:31.0089 3572 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 17:15:31.0105 3572 nvstor - ok 17:15:31.0183 3572 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 17:15:31.0214 3572 nv_agp - ok 17:15:31.0308 3572 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 17:15:31.0339 3572 ohci1394 - ok 17:15:31.0417 3572 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 17:15:31.0433 3572 Parport - ok 17:15:31.0542 3572 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys 17:15:31.0557 3572 partmgr - ok 17:15:31.0573 3572 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 17:15:31.0604 3572 Parvdm - ok 17:15:31.0651 3572 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 17:15:31.0667 3572 pccsmcfd - ok 17:15:31.0760 3572 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 17:15:31.0776 3572 pci - ok 17:15:31.0823 3572 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 17:15:31.0838 3572 pciide - ok 17:15:31.0885 3572 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 17:15:31.0916 3572 pcmcia - ok 17:15:31.0947 3572 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 17:15:31.0963 3572 pcw - ok 17:15:31.0994 3572 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 17:15:32.0041 3572 PEAUTH - ok 17:15:32.0135 3572 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 17:15:32.0166 3572 PptpMiniport - ok 17:15:32.0197 3572 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 17:15:32.0213 3572 Processor - ok 17:15:32.0291 3572 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 17:15:32.0337 3572 Psched - ok 17:15:32.0415 3572 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 17:15:32.0462 3572 ql2300 - ok 17:15:32.0478 3572 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 17:15:32.0509 3572 ql40xx - ok 17:15:32.0540 3572 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 17:15:32.0556 3572 QWAVEdrv - ok 17:15:32.0587 3572 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 17:15:32.0618 3572 RasAcd - ok 17:15:32.0665 3572 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 17:15:32.0696 3572 RasAgileVpn - ok 17:15:32.0774 3572 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 17:15:32.0805 3572 Rasl2tp - ok 17:15:32.0837 3572 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 17:15:32.0883 3572 RasPppoe - ok 17:15:32.0915 3572 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 17:15:32.0946 3572 RasSstp - ok 17:15:33.0039 3572 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 17:15:33.0086 3572 rdbss - ok 17:15:33.0133 3572 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 17:15:33.0164 3572 rdpbus - ok 17:15:33.0242 3572 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 17:15:33.0289 3572 RDPCDD - ok 17:15:33.0383 3572 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 17:15:33.0414 3572 RDPDR - ok 17:15:33.0461 3572 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 17:15:33.0492 3572 RDPENCDD - ok 17:15:33.0523 3572 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 17:15:33.0554 3572 RDPREFMP - ok 17:15:33.0663 3572 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys 17:15:33.0695 3572 RDPWD - ok 17:15:33.0788 3572 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 17:15:33.0804 3572 rdyboost - ok 17:15:33.0851 3572 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys 17:15:33.0866 3572 regi - ok 17:15:33.0913 3572 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 17:15:33.0944 3572 RFCOMM - ok 17:15:34.0007 3572 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 17:15:34.0053 3572 rspndr - ok 17:15:34.0100 3572 RSUSBSTOR (f9541f3b59da30423f2f76ef443c07fc) C:\Windows\system32\Drivers\RtsUStor.sys 17:15:34.0116 3572 RSUSBSTOR - ok 17:15:34.0163 3572 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 17:15:34.0194 3572 RTL8167 - ok 17:15:34.0241 3572 RTL8169 (470253597930e765dd08b30e723c1fa2) C:\Windows\system32\DRIVERS\Rtlh86.sys 17:15:34.0287 3572 RTL8169 - ok 17:15:34.0365 3572 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 17:15:34.0381 3572 s3cap - ok 17:15:34.0490 3572 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 17:15:34.0506 3572 sbp2port - ok 17:15:34.0615 3572 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 17:15:34.0646 3572 scfilter - ok 17:15:34.0709 3572 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 17:15:34.0755 3572 secdrv - ok 17:15:34.0787 3572 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 17:15:34.0818 3572 Serenum - ok 17:15:34.0849 3572 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 17:15:34.0865 3572 Serial - ok 17:15:34.0958 3572 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 17:15:34.0974 3572 sermouse - ok 17:15:35.0130 3572 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 17:15:35.0161 3572 sffdisk - ok 17:15:35.0192 3572 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 17:15:35.0208 3572 sffp_mmc - ok 17:15:35.0239 3572 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 17:15:35.0255 3572 sffp_sd - ok 17:15:35.0317 3572 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 17:15:35.0348 3572 sfloppy - ok 17:15:35.0442 3572 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 17:15:35.0473 3572 sisagp - ok 17:15:35.0504 3572 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 17:15:35.0520 3572 SiSRaid2 - ok 17:15:35.0551 3572 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 17:15:35.0567 3572 SiSRaid4 - ok 17:15:35.0598 3572 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 17:15:35.0645 3572 Smb - ok 17:15:35.0691 3572 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 17:15:35.0707 3572 spldr - ok 17:15:35.0769 3572 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 17:15:35.0785 3572 srv - ok 17:15:35.0847 3572 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 17:15:35.0863 3572 srv2 - ok 17:15:35.0894 3572 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 17:15:35.0910 3572 srvnet - ok 17:15:36.0003 3572 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 17:15:36.0003 3572 ssmdrv - ok 17:15:36.0050 3572 ssm_bus (14622ae81c72b08691eedaabc1d4a129) C:\Windows\system32\DRIVERS\ssm_bus.sys 17:15:36.0066 3572 ssm_bus - ok 17:15:36.0097 3572 ssm_mdfl (43ee5e9fda61a5e0eac4c1de699e6e4d) C:\Windows\system32\DRIVERS\ssm_mdfl.sys 17:15:36.0113 3572 ssm_mdfl - ok 17:15:36.0144 3572 ssm_mdm (918cfd32c7feb174f356a0a6fad11f4b) C:\Windows\system32\DRIVERS\ssm_mdm.sys 17:15:36.0159 3572 ssm_mdm - ok 17:15:36.0206 3572 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys 17:15:36.0222 3572 StarOpen ( UnsignedFile.Multi.Generic ) - warning 17:15:36.0222 3572 StarOpen - detected UnsignedFile.Multi.Generic (1) 17:15:36.0269 3572 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 17:15:36.0300 3572 stexstor - ok 17:15:36.0331 3572 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys 17:15:36.0347 3572 StillCam - ok 17:15:36.0456 3572 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 17:15:36.0471 3572 storflt - ok 17:15:36.0581 3572 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 17:15:36.0596 3572 storvsc - ok 17:15:36.0690 3572 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 17:15:36.0705 3572 swenum - ok 17:15:36.0768 3572 SynTP (47183e3520c88fadd5b0c87d57040da5) C:\Windows\system32\DRIVERS\SynTP.sys 17:15:36.0783 3572 SynTP - ok 17:15:36.0861 3572 Tcpip (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\drivers\tcpip.sys 17:15:36.0908 3572 Tcpip - ok 17:15:36.0971 3572 TCPIP6 (04e4a7d53a7ace02e8c55b17a498f631) C:\Windows\system32\DRIVERS\tcpip.sys 17:15:37.0017 3572 TCPIP6 - ok 17:15:37.0111 3572 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 17:15:37.0158 3572 tcpipreg - ok 17:15:37.0345 3572 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 17:15:37.0376 3572 TDPIPE - ok 17:15:37.0470 3572 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys 17:15:37.0517 3572 TDTCP - ok 17:15:37.0610 3572 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 17:15:37.0641 3572 tdx - ok 17:15:37.0735 3572 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 17:15:37.0766 3572 TermDD - ok 17:15:37.0813 3572 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 17:15:37.0860 3572 tssecsrv - ok 17:15:37.0938 3572 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 17:15:37.0953 3572 TsUsbFlt - ok 17:15:38.0063 3572 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 17:15:38.0094 3572 tunnel - ok 17:15:38.0156 3572 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 17:15:38.0172 3572 uagp35 - ok 17:15:38.0265 3572 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 17:15:38.0312 3572 udfs - ok 17:15:38.0437 3572 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 17:15:38.0453 3572 uliagpkx - ok 17:15:38.0546 3572 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys 17:15:38.0562 3572 umbus - ok 17:15:38.0702 3572 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 17:15:38.0718 3572 UmPass - ok 17:15:38.0780 3572 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys 17:15:38.0796 3572 USBAAPL - ok 17:15:38.0843 3572 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 17:15:38.0858 3572 usbccgp - ok 17:15:38.0952 3572 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 17:15:38.0967 3572 usbcir - ok 17:15:38.0999 3572 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys 17:15:39.0030 3572 usbehci - ok 17:15:39.0061 3572 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 17:15:39.0092 3572 usbhub - ok 17:15:39.0123 3572 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys 17:15:39.0139 3572 usbohci - ok 17:15:39.0186 3572 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 17:15:39.0217 3572 usbprint - ok 17:15:39.0264 3572 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 17:15:39.0279 3572 usbscan - ok 17:15:39.0373 3572 usbser (31181de6190b39fc8007dffd1a48ffd6) C:\Windows\system32\drivers\usbser.sys 17:15:39.0404 3572 usbser - ok 17:15:39.0451 3572 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS 17:15:39.0467 3572 USBSTOR - ok 17:15:39.0513 3572 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 17:15:39.0529 3572 usbuhci - ok 17:15:39.0623 3572 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys 17:15:39.0654 3572 usbvideo - ok 17:15:39.0747 3572 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 17:15:39.0763 3572 vdrvroot - ok 17:15:39.0841 3572 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 17:15:39.0857 3572 vga - ok 17:15:39.0903 3572 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 17:15:39.0950 3572 VgaSave - ok 17:15:40.0059 3572 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 17:15:40.0075 3572 vhdmp - ok 17:15:40.0169 3572 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 17:15:40.0184 3572 viaagp - ok 17:15:40.0215 3572 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 17:15:40.0231 3572 ViaC7 - ok 17:15:40.0325 3572 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 17:15:40.0340 3572 viaide - ok 17:15:40.0449 3572 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 17:15:40.0465 3572 vmbus - ok 17:15:40.0559 3572 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 17:15:40.0574 3572 VMBusHID - ok 17:15:40.0668 3572 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 17:15:40.0683 3572 volmgr - ok 17:15:40.0746 3572 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 17:15:40.0761 3572 volmgrx - ok 17:15:40.0871 3572 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 17:15:40.0886 3572 volsnap - ok 17:15:40.0933 3572 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 17:15:40.0949 3572 vsmraid - ok 17:15:40.0980 3572 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 17:15:40.0995 3572 vwifibus - ok 17:15:41.0027 3572 VWiFiFlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 17:15:41.0058 3572 VWiFiFlt - ok 17:15:41.0089 3572 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys 17:15:41.0105 3572 vwifimp - ok 17:15:41.0136 3572 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 17:15:41.0151 3572 WacomPen - ok 17:15:41.0261 3572 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:15:41.0307 3572 WANARP - ok 17:15:41.0323 3572 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 17:15:41.0385 3572 Wanarpv6 - ok 17:15:41.0495 3572 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 17:15:41.0510 3572 Wd - ok 17:15:41.0557 3572 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 17:15:41.0573 3572 Wdf01000 - ok 17:15:41.0635 3572 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 17:15:41.0682 3572 WfpLwf - ok 17:15:41.0697 3572 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 17:15:41.0713 3572 WIMMount - ok 17:15:41.0838 3572 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 17:15:41.0869 3572 WinUsb - ok 17:15:41.0963 3572 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 17:15:41.0978 3572 WmiAcpi - ok 17:15:42.0072 3572 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 17:15:42.0119 3572 ws2ifsl - ok 17:15:42.0228 3572 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 17:15:42.0275 3572 WudfPf - ok 17:15:42.0368 3572 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 17:15:42.0415 3572 WUDFRd - ok 17:15:42.0493 3572 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 17:15:42.0602 3572 \Device\Harddisk0\DR0 - ok 17:15:42.0618 3572 Boot (0x1200) (efac8ac2bfe0b0931fec0cd111c67a64) \Device\Harddisk0\DR0\Partition0 17:15:42.0618 3572 \Device\Harddisk0\DR0\Partition0 - ok 17:15:42.0618 3572 ============================================================ 17:15:42.0618 3572 Scan finished 17:15:42.0618 3572 ============================================================ 17:15:42.0633 3140 Detected object count: 2 17:15:42.0633 3140 Actual detected object count: 2 17:15:49.0872 3140 int15 ( UnsignedFile.Multi.Generic ) - skipped by user 17:15:49.0872 3140 int15 ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:15:49.0872 3140 StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user 17:15:49.0872 3140 StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
07.10.2011, 16:55
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2011, 18:16
| #12 |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Hm. Naja, fängt ja schon bei ebay und Amazon an. Zusätzlich arbeite ich z.T. online. Aber ich bin auch noch nicht durch mit der Reinigung, oder doch? Bei dem Kaspersky-Tool hab ich nur "geskipped" und nichts entfernt (soll ich das?) und in Malwarebytes liegt der Backdoor in Quarantäne. Soll ich den löschen? Schönen Abend! Viele Grüße, Ann |
|
07.10.2011, 21:48
| #13 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung?Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
08.10.2011, 11:21
| #14 | |
| | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Hallo Arne, Zitat:
Deswegen war ich ja so froh, dass es dieses Board und Eure Unterstützung gibt. Ich kenne mich damit nicht aus. Aber klar muss ich's dann am Ende entscheiden, nur weiß ich grad nicht, an welchem Punkt die Reinigung ist. Nach Deinen Antworten wusste ich grad auch nicht, ob Du zuerst eine Reaktion von mir abwartest, bis Du Dich wieder meldest, deswegen schreib ich nochmals und schreib Dir auch meine wichtigsten Fragen nochmals. Ich weiß nicht, ob der Rechner Deiner Einschätzung nach sauber ist/sein könnte oder wie es aussieht. Ich würde mich riesig freuen, wenn Du mir den Stand aus Deiner Sicht durchgibst, also ob die Infektion nach dem, was Du aus den Logs gelesen hast, schwerwiegend war, ob die neuen Logs besser sind und ob aus Deiner Sicht die Reinigung abgeschlossen ist. Ich weiß auch nicht, ob ich diesen Defogger wieder "disablen" soll und was das bedeutet? Ich weiß nicht, ob ich die Funde aus dem Kaspersky-Tool entfernen soll? Es wäre super nett, wenn Du mir hier noch weiterhelfen könntest. Ganz herzlichen Dank und schöne Grüße, Ann |
|
08.10.2011, 17:05
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? Ich versuch es mal so zu erklären: Die Bereinigung ist nur eine Art Kompromiss, damit reine Computerbenutzer keine komplette Neuinstallation durchführen müssen. Nach "meiner" Bereinigung sind alle Logs unauffällig und der Computer verhält sich wieder so wie er auch soll. Bekanntlich gibt es aber KEINE 100% Sicherheit. Wenn du sichergehen willst, dass der Schädling auch weg ist, muss du formatieren. Nur für viele ist sowas eben das Grauen hoch drei. Die Funde vom TDSS-Killer sind harmlos. Willst du nun weitermachen oder eine Neuinstallation durchführen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Backdoor.papras + verschiedene Trojaner entdeckt - MBAM hat entfernt - geht es ohne Neuaufsetzung? |
| 7-zip, adobe, antivir, application/pdf, application/pdf:, autorun, avira, backdoor.papras, bho, c:\windows\system32\rundll32.exe, canon, dateianhang, defender, error, excel, explorer, format, frage, ftp, hijack, hijackthis, install.exe, locker, malware, microsoft office 2003, microsoft office word, neuaufsetzung, office 2007, plug-in, popup, prüfen, realtek, registry, rundll, security, software, studio, tracker, trojaner, usb 2.0, version=1.0, webcheck, windows-firewall, winlogon.exe, ändern |
Linear-Darstellung
