| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.10.2011, 20:27
| #16 |
 |  Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Erstmal Danke, dass Du dir die Zeit für mein Problem nimmst. Ist ja nicht selbstverständlich! Habe Zone Alarm deinstalliert und die Windws-Firewall wieder aktiviert. Ich hoffe, die interne FW reicht aus...? Du meinst also, dass ich gar keine zusätzliche FW installieren soll? Nachdem ich OTL nochmal laufen gelassen habe, ergibt sich folgende LOG-Datei:OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.10.2011 21:03:15 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\carper\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 49,68% Memory free 4,23 Gb Paging File | 3,14 Gb Available in Paging File | 74,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 354,47 Gb Total Space | 251,32 Gb Free Space | 70,90% Space Free | Partition Type: NTFS Drive D: | 87,89 Gb Total Space | 7,20 Gb Free Space | 8,19% Space Free | Partition Type: NTFS Drive E: | 9,80 Gb Total Space | 0,04 Gb Free Space | 0,43% Space Free | Partition Type: NTFS Drive F: | 13,60 Gb Total Space | 8,24 Gb Free Space | 60,61% Space Free | Partition Type: NTFS Computer Name: CARPER-PC | User Name: carper | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.23 21:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\carper\Desktop\OTL.exe PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2009.10.26 14:46:54 | 001,458,176 | ---- | M] (Motorola Inc.) -- C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.09.15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe PRC - [2007.07.25 08:02:44 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Win32 Services (SafeList) ========== SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.08.30 18:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.07.08 08:54:50 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc) SRV - [2011.04.22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.03.21 13:21:24 | 000,632,832 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.07.25 08:02:44 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.03.05 11:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\WINDOWS\System32\PSIService.exe -- (ProtexisLicensing) ========== Driver Services (SafeList) ========== DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011.03.30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2011.02.21 22:42:19 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.12.02 15:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010.12.02 15:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010.12.02 15:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010.12.02 15:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010.12.02 13:36:42 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu) DRV - [2010.07.01 14:10:00 | 000,188,392 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2010.07.01 14:10:00 | 000,032,872 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2010.06.23 11:23:44 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\htcnprot.sys -- (htcnprot) DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\tap0901.sys -- (tap0901) DRV - [2010.01.28 11:12:20 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hotcore3.sys -- (hotcore3) DRV - [2009.10.26 15:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\smserial.sys -- (smserial) DRV - [2009.10.05 14:20:26 | 000,031,872 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009.10.03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.06.10 01:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2008.11.17 15:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.09.30 20:34:02 | 000,039,408 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Hp\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) DRV - [2007.09.18 01:17:36 | 000,098,816 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.07.11 11:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007.06.28 17:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007.03.21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\afc.sys -- (Afc) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..extensions.enabledItems: noia2_option@kk.noia:3.76 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2 FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: {91aa5abe-9de4-4347-b7b5-322c38dd9271}:3.1.4 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.736 FF - prefs.js..extensions.enabledItems: {eeeeeeee-aaaa-0000-aaaa-000000000000}:3.1.3 FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4 FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.76 FF - prefs.js..keyword.URL: "hxxp://www.google.de?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - prefs.js..keyword.enabled: false FF - user.js..browser.search.selectedEngine: "foxsearch" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..browser.search.defaultenginename: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.google.de?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011.01.22 19:16:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.10.17 21:19:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.01 21:20:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.08.06 23:56:38 | 000,000,000 | ---D | M] [2011.01.26 00:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carper\AppData\Roaming\mozilla\Extensions [2010.12.21 13:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carper\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.01.26 00:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carper\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.10.24 21:01:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\carper\AppData\Roaming\mozilla\Firefox\Profiles\fsrg54mk.default\extensions [2011.09.21 20:24:27 | 000,000,000 | ---D | M] (Clippings) -- C:\Users\carper\AppData\Roaming\mozilla\Firefox\Profiles\fsrg54mk.default\extensions\{91aa5abe-9de4-4347-b7b5-322c38dd9271} [2010.12.18 22:13:23 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\carper\AppData\Roaming\mozilla\Firefox\Profiles\fsrg54mk.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e} [2011.01.30 21:58:29 | 000,000,000 | ---D | M] (Fasterfox (EladKarako Mod)) -- C:\Users\carper\AppData\Roaming\mozilla\Firefox\Profiles\fsrg54mk.default\extensions\{eeeeeeee-aaaa-0000-aaaa-000000000000} [2010.12.18 22:13:25 | 000,000,000 | ---D | M] (Noia 2.0 eXtreme OPT) -- C:\Users\carper\AppData\Roaming\mozilla\Firefox\Profiles\fsrg54mk.default\extensions\noia2_option@kk.noia [2010.12.19 02:59:50 | 000,004,140 | ---- | M] () -- C:\Users\carper\AppData\Roaming\Mozilla\Firefox\Profiles\fsrg54mk.default\searchplugins\youtube.xml [2011.03.24 00:46:12 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.12.21 11:22:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.10.17 21:19:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{3D7EB24F-2740-49DF-8937-200B1CC08F8A}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{9AA46F4F-4DC7-4C06-97AF-5035170634FE}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{B0D70E72-2FC1-4B9F-A3D4-5921C854D906}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{C36177C0-224A-11DA-8CD6-0800200C9A91}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\NOIA4OPTIONS@ARIST2.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\NOIAFOXOPTION@DAVIDVINCENT.TLD.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\SMARTERWIKI@WIKIATIC.COM.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\SPAM@TRASHMAIL.NET.XPI () (No name found) -- C:\USERS\CARPER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\FSRG54MK.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI [2010.12.20 22:00:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.10.01 21:20:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.12.21 11:14:37 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll [2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.08.06 23:56:38 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6D4E63E-8621-4D7C-A6EB-71675363CC0D}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ] O33 - MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\Shell - "" = AutoRun O33 - MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\Shell - "" = AutoRun O33 - MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk - C:\Programme\phase6\phase6_19\WinStart\p6erinnerung.exe - (phase6) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ulead Kalendar Checker 4.0 SE.lnk - - File not found MsConfig - StartUpFolder: C:^Users^carper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk - C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe - (Adobe Systems, Inc.) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: HP Software Update - hkey= - key= - C:\Programme\Hp\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) MsConfig - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe () MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) MsConfig - StartUpReg: IR_SERVER - hkey= - key= - File not found MsConfig - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig - StartUpReg: NokiaMServer - hkey= - key= - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) MsConfig - StartUpReg: NokiaMusic FastStart - hkey= - key= - File not found MsConfig - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: NvSvc - hkey= - key= - File not found MsConfig - StartUpReg: OnScreenDisplay - hkey= - key= - C:\Programme\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe ( Hewlett-Packard Development Company, L.P.) MsConfig - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig - StartUpReg: QlbCtrl - hkey= - key= - File not found MsConfig - StartUpReg: QPService - hkey= - key= - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SMSERIAL - hkey= - key= - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.) MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) MsConfig - StartUpReg: TrayServer - hkey= - key= - File not found MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig - StartUpReg: Ulead AutoDetector v2 - hkey= - key= - File not found MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Windows Media Player 5.2 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F7F56E47-4308-2950-558A-B948CA705C00} - Microsoft Windows Media Player ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (hxxp://www.mp3dev.org/) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll () Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.24 21:00:33 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2011.10.24 20:47:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Application Data [2011.10.23 02:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos [2011.10.23 02:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos [2011.10.21 10:03:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.21 10:02:53 | 002,322,184 | ---- | C] (ESET) -- C:\Users\carper\Desktop\esetsmartinstaller_enu.exe [2011.10.19 18:46:04 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\carper\Desktop\OTL.exe [2011.10.19 18:28:52 | 000,000,000 | ---D | C] -- C:\Users\carper\AppData\Roaming\Malwarebytes [2011.10.19 18:28:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.19 18:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.19 18:28:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.19 18:28:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.19 18:27:41 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\carper\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.18 01:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.10.17 21:20:05 | 000,020,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys [2011.10.17 21:20:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011.10.17 21:20:04 | 000,320,856 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys [2011.10.17 21:20:02 | 000,034,392 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys [2011.10.17 21:20:01 | 000,442,200 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys [2011.10.17 21:20:01 | 000,052,568 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys [2011.10.17 21:20:00 | 000,054,616 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys [2011.10.17 21:18:59 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe [2011.10.17 21:18:59 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr [2011.10.17 21:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011.10.17 21:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2011.10.14 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2011.10.14 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\carper\AppData\Roaming\pdfforge [2011.10.14 12:56:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2011.10.11 16:28:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\phase6_19_Daten [2011.10.11 16:27:52 | 000,000,000 | ---D | C] -- C:\Program Files\phase6 [2011.07.02 16:32:54 | 005,775,429 | R--- | C] ( ) -- C:\Windows\System32\RTKISDBT.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.10.24 20:59:42 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.24 20:59:42 | 000,031,966 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.10.24 20:59:17 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.24 20:59:16 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.24 20:59:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.23 21:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\carper\Desktop\OTL.exe [2011.10.23 02:14:30 | 001,339,288 | ---- | M] () -- C:\Users\carper\Desktop\sar_15_sfx.exe [2011.10.21 23:09:58 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt [2011.10.21 10:02:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\carper\Desktop\esetsmartinstaller_enu.exe [2011.10.19 21:13:58 | 000,240,458 | ---- | M] () -- C:\Users\carper\Desktop\Dok2.zip [2011.10.19 20:33:11 | 000,054,883 | ---- | M] () -- C:\Users\carper\Desktop\Screenshot Avast.zip [2011.10.19 20:16:51 | 000,015,308 | ---- | M] () -- C:\Users\carper\Desktop\Gmer.zip [2011.10.19 20:16:41 | 000,009,492 | ---- | M] () -- C:\Users\carper\Desktop\Extras.zip [2011.10.19 19:26:14 | 000,302,592 | ---- | M] () -- C:\Users\carper\Desktop\oud2xo7r.exe [2011.10.19 18:42:06 | 000,000,000 | ---- | M] () -- C:\Users\carper\defogger_reenable [2011.10.19 18:41:11 | 000,050,477 | ---- | M] () -- C:\Users\carper\Desktop\Defogger.exe [2011.10.19 18:28:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.19 18:27:45 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\carper\Desktop\mbam-setup-1.51.2.1300.exe [2011.10.18 01:34:47 | 000,001,055 | ---- | M] () -- C:\Users\carper\Desktop\Spybot - Search & Destroy.lnk [2011.10.18 00:02:58 | 000,632,252 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.18 00:02:58 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.18 00:02:58 | 000,127,270 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.18 00:02:58 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.17 21:20:05 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.10.17 15:33:55 | 000,166,912 | ---- | M] () -- C:\Users\carper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.15 17:19:53 | 000,002,555 | ---- | M] () -- C:\Users\Public\Desktop\WBFS Manager 4.0.lnk [2011.10.14 12:45:00 | 000,000,369 | ---- | M] () -- C:\Users\carper\Desktop\Lanxess - Verknüpfung.lnk [2011.10.12 19:54:46 | 000,489,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.10.11 16:28:08 | 000,001,855 | ---- | M] () -- C:\Users\Public\Desktop\phase6_19.lnk [2011.10.09 12:22:28 | 002,416,337 | ---- | M] () -- C:\Users\carper\Desktop\Schichtplan 1-2012.jpg [2011.10.09 12:21:38 | 002,108,835 | ---- | M] () -- C:\Users\carper\Desktop\Schichtplan 2011.jpg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.10.23 02:14:28 | 001,339,288 | ---- | C] () -- C:\Users\carper\Desktop\sar_15_sfx.exe [2011.10.19 21:13:58 | 000,240,458 | ---- | C] () -- C:\Users\carper\Desktop\Dok2.zip [2011.10.19 20:33:10 | 000,054,883 | ---- | C] () -- C:\Users\carper\Desktop\Screenshot Avast.zip [2011.10.19 20:16:51 | 000,015,308 | ---- | C] () -- C:\Users\carper\Desktop\Gmer.zip [2011.10.19 20:16:41 | 000,009,492 | ---- | C] () -- C:\Users\carper\Desktop\Extras.zip [2011.10.19 19:26:10 | 000,302,592 | ---- | C] () -- C:\Users\carper\Desktop\oud2xo7r.exe [2011.10.19 18:42:06 | 000,000,000 | ---- | C] () -- C:\Users\carper\defogger_reenable [2011.10.19 18:41:08 | 000,050,477 | ---- | C] () -- C:\Users\carper\Desktop\Defogger.exe [2011.10.19 18:28:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.18 01:34:47 | 000,001,055 | ---- | C] () -- C:\Users\carper\Desktop\Spybot - Search & Destroy.lnk [2011.10.17 21:20:05 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011.10.14 12:45:00 | 000,000,369 | ---- | C] () -- C:\Users\carper\Desktop\Lanxess - Verknüpfung.lnk [2011.10.11 16:28:08 | 000,001,871 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\phase6_19.lnk [2011.10.11 16:28:08 | 000,001,855 | ---- | C] () -- C:\Users\Public\Desktop\phase6_19.lnk [2011.10.09 13:01:05 | 002,416,337 | ---- | C] () -- C:\Users\carper\Desktop\Schichtplan 1-2012.jpg [2011.10.09 13:01:05 | 002,108,835 | ---- | C] () -- C:\Users\carper\Desktop\Schichtplan 2011.jpg [2011.09.18 13:00:59 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.09.03 22:20:06 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.07.20 20:20:10 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.07.14 17:17:34 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI [2011.06.10 21:33:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll [2011.06.10 21:32:47 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll [2011.06.10 21:18:49 | 000,000,134 | ---- | C] () -- C:\Windows\magix.ini [2011.06.10 21:18:43 | 000,000,887 | ---- | C] () -- C:\Windows\mgxoschk.ini [2011.05.12 22:44:51 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini [2011.03.20 20:51:35 | 000,000,000 | ---- | C] () -- C:\Users\carper\AppData\Roaming\chrtmp [2011.02.10 20:31:23 | 000,000,034 | -H-- | C] () -- C:\Windows\System32\Converter_sysquict.dat [2011.02.10 20:29:03 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.02.10 20:29:00 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2011.02.10 20:28:59 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2011.02.10 20:28:59 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.12.31 00:02:45 | 000,000,680 | ---- | C] () -- C:\Users\carper\AppData\Local\d3d9caps.dat [2010.12.22 04:13:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.12.21 23:26:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.12.21 23:26:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.12.21 13:24:25 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.12.19 16:31:55 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.12.19 16:31:55 | 000,031,966 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.12.19 02:29:44 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.12.19 00:46:24 | 000,027,430 | ---- | C] () -- C:\Users\carper\AppData\Roaming\nvModes.001 [2010.12.19 00:03:11 | 000,027,430 | ---- | C] () -- C:\Users\carper\AppData\Roaming\nvModes.dat [2010.12.18 21:07:23 | 000,166,912 | ---- | C] () -- C:\Users\carper\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.17 17:33:24 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2008.03.17 17:33:24 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ0.dat [2008.03.17 17:32:54 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.11.26 22:18:49 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2007.11.26 22:18:49 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.11.26 22:18:48 | 000,632,252 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2007.11.26 22:18:48 | 000,127,270 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2006.11.02 20:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,489,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.04.21 11:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2006.03.10 00:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll ========== LOP Check ========== [2011.09.07 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Auslogics [2011.09.18 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\BOM [2010.12.21 12:59:56 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Canneverbe Limited [2011.09.03 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\CheckPoint [2011.10.14 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\DAEMON Tools Lite [2011.06.11 10:57:02 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\DVDVideoSoft [2011.09.21 19:50:20 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Foxit Software [2011.02.02 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\HTC [2011.02.02 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2011.02.23 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Lexware [2011.01.08 12:30:15 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\LG Electronics [2011.05.21 01:24:18 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\MyPhoneExplorer [2011.10.14 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\pdfforge [2010.12.19 04:55:23 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\S.A.D [2011.08.07 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\TeamViewer [2010.12.21 13:24:24 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Thunderbird [2011.01.26 00:05:31 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\TomTom [2011.10.21 22:57:29 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\UseNeXT [2011.10.24 20:58:14 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.09.25 22:32:25 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Adobe [2011.07.02 18:46:56 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\ArcSoft [2011.09.07 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Auslogics [2011.09.18 14:08:01 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\BOM [2010.12.21 12:59:56 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Canneverbe Limited [2011.09.03 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\CheckPoint [2011.07.01 15:00:26 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\CyberLink [2011.10.14 14:50:37 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\DAEMON Tools Lite [2011.01.11 21:46:23 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\DivX [2011.06.11 10:57:02 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\DVDVideoSoft [2011.09.21 19:50:20 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Foxit Software [2010.12.18 21:04:52 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Hewlett-Packard [2011.02.10 01:56:40 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\HP [2011.02.02 20:22:23 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\HTC [2011.02.02 20:17:28 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2010.12.18 21:03:46 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Identities [2011.07.02 16:31:14 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\InstallShield [2011.02.23 11:29:24 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Lexware [2011.01.08 12:30:15 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\LG Electronics [2010.12.18 21:02:54 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Macromedia [2011.10.19 18:28:52 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Media Center Programs [2011.02.10 20:32:46 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Media Player Classic [2011.09.23 16:31:22 | 000,000,000 | --SD | M] -- C:\Users\carper\AppData\Roaming\Microsoft [2010.12.18 21:48:40 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Mozilla [2011.05.21 01:24:18 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\MyPhoneExplorer [2011.10.14 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\pdfforge [2010.12.19 04:55:23 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\S.A.D [2010.12.18 21:32:04 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Symantec [2011.08.07 12:22:19 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\TeamViewer [2010.12.21 13:24:24 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\Thunderbird [2011.01.26 00:05:31 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\TomTom [2011.10.21 22:57:29 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\UseNeXT [2011.09.03 21:13:03 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\vlc [2010.12.19 22:08:35 | 000,000,000 | ---D | M] -- C:\Users\carper\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2011.06.05 19:41:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\carper\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.06.04 13:51:24 | 001,413,256 | R--- | M] () -- C:\Users\carper\AppData\Roaming\Microsoft\Windows\Templates\K\USBAutoRun.exe [2009.05.12 08:46:36 | 000,212,992 | R--- | M] () -- C:\Users\carper\AppData\Roaming\Microsoft\Windows\Templates\K\tools\LGSetCDROMAutoRun.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.11.26 15:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007.11.26 15:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007.11.26 15:33:30 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\WINDOWS\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\WINDOWS\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\drivers\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2010.12.19 16:45:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2010.12.19 16:45:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2010.12.19 16:45:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\WINDOWS\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 23:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\iastor.sys [2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\SWSETUP\Drivers\ITM\Winall\Driver\iastor.sys [2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\drivers\iaStor.sys [2007.07.13 06:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\WINDOWS\System32\DriverStore\FileRepository\iaahci.inf_cfa1dde4\iaStor.sys [2007.07.13 06:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\iastor.sys [2007.07.13 06:35:44 | 000,381,976 | ---- | M] (Intel Corporation) MD5=CEB53BB804B41C52AB0782505C8E2994 -- C:\SWSETUP\Drivers\ITM\Winall\Driver64\iastor.sys < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\WINDOWS\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\WINDOWS\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\WINDOWS\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\WINDOWS\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.11.26 14:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007.11.26 14:01:21 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\System32\wininit.exe [2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.01.19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2008.01.19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < End of report >
__________________ Gruß Marcus |
|
25.10.2011, 10:02
| #17 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun?Zitat:
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=81&bd=Pavilion&pf=laptop
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.google.de?client=mozilla-firefox&cd=UTF-8&search=1&q="
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - E:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\Shell - "" = AutoRun
O33 - MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\Shell\AutoRun\command - "" = "H:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\Shell\AutoRun\command - "" = H:\USBAutoRun.exe
[2011.10.24 21:00:33 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs
[2011.10.14 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\carper\AppData\Roaming\pdfforge
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
25.10.2011, 16:52
| #18 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Hallo Arne,
__________________habe mir das c`t Editorial durchgelesen. Danke. Hier mal das neue OTL-Logfile: All processes killed ========== OTL ========== HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully! HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "foxsearch" removed from browser.search.defaultenginename Prefs.js: "ZoneAlarm-Sicherheit Customized Web Search" removed from browser.search.defaultthis.engineName Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "foxsearch" removed from browser.search.order.1 Prefs.js: "foxsearch" removed from browser.search.selectedEngine C:\Users\carper\AppData\Roaming\Mozilla\FireFox\Profiles\fsrg54mk.default\user.js moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. E:\AUTOMODE moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4996b72-0ad4-11e0-b240-001e6831f32b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4996b72-0ad4-11e0-b240-001e6831f32b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4996b72-0ad4-11e0-b240-001e6831f32b}\ not found. File "H:\WD SmartWare.exe" autoplay=true not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8b6fab-0adb-11e0-a6e5-001e6831f32b}\ not found. File H:\USBAutoRun.exe not found. C:\Windows\Internet Logs folder moved successfully. C:\Users\carper\AppData\Roaming\pdfforge\Images2PDF folder moved successfully. C:\Users\carper\AppData\Roaming\pdfforge folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: carper ->Temp folder emptied: 6770023 bytes ->Temporary Internet Files folder emptied: 2734167 bytes ->Java cache emptied: 1112353 bytes ->FireFox cache emptied: 43259295 bytes ->Flash cache emptied: 56956 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56466 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 6849570 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 58,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.31.0 log created on 10252011_174025 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
__________________ |
|
25.10.2011, 18:13
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.10.2011, 19:05
| #20 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Hier der Report: 19:48:47.0141 5088 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21 19:48:47.0261 5088 ============================================================ 19:48:47.0261 5088 Current date / time: 2011/10/25 19:48:47.0261 19:48:47.0261 5088 SystemInfo: 19:48:47.0261 5088 19:48:47.0262 5088 OS Version: 6.0.6002 ServicePack: 2.0 19:48:47.0262 5088 Product type: Workstation 19:48:47.0262 5088 ComputerName: CARPER-PC 19:48:47.0262 5088 UserName: carper 19:48:47.0262 5088 Windows directory: C:\Windows 19:48:47.0262 5088 System windows directory: C:\Windows 19:48:47.0262 5088 Processor architecture: Intel x86 19:48:47.0262 5088 Number of processors: 2 19:48:47.0262 5088 Page size: 0x1000 19:48:47.0262 5088 Boot type: Normal boot 19:48:47.0262 5088 ============================================================ 19:48:47.0837 5088 Initialize success 19:49:16.0501 5916 ============================================================ 19:49:16.0501 5916 Scan started 19:49:16.0501 5916 Mode: Manual; SigCheck; TDLFS; 19:49:16.0501 5916 ============================================================ 19:49:16.0994 5916 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 19:49:17.0105 5916 ACPI - ok 19:49:17.0179 5916 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 19:49:17.0202 5916 adp94xx - ok 19:49:17.0236 5916 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 19:49:17.0253 5916 adpahci - ok 19:49:17.0286 5916 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 19:49:17.0297 5916 adpu160m - ok 19:49:17.0329 5916 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 19:49:17.0342 5916 adpu320 - ok 19:49:17.0391 5916 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 19:49:17.0424 5916 Afc - ok 19:49:17.0470 5916 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 19:49:17.0586 5916 AFD - ok 19:49:17.0603 5916 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 19:49:17.0614 5916 agp440 - ok 19:49:17.0653 5916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 19:49:17.0665 5916 aic78xx - ok 19:49:17.0698 5916 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 19:49:17.0708 5916 aliide - ok 19:49:17.0725 5916 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 19:49:17.0736 5916 amdagp - ok 19:49:17.0749 5916 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 19:49:17.0760 5916 amdide - ok 19:49:17.0779 5916 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 19:49:17.0929 5916 AmdK7 - ok 19:49:18.0028 5916 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 19:49:18.0095 5916 AmdK8 - ok 19:49:18.0114 5916 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 19:49:18.0126 5916 arc - ok 19:49:18.0138 5916 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 19:49:18.0149 5916 arcsas - ok 19:49:18.0194 5916 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys 19:49:18.0206 5916 aswFsBlk - ok 19:49:18.0237 5916 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys 19:49:18.0247 5916 aswMonFlt - ok 19:49:18.0262 5916 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys 19:49:18.0272 5916 aswRdr - ok 19:49:18.0297 5916 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys 19:49:18.0317 5916 aswSnx - ok 19:49:18.0347 5916 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys 19:49:18.0363 5916 aswSP - ok 19:49:18.0377 5916 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys 19:49:18.0388 5916 aswTdi - ok 19:49:18.0417 5916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 19:49:18.0525 5916 AsyncMac - ok 19:49:18.0553 5916 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 19:49:18.0563 5916 atapi - ok 19:49:18.0607 5916 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 19:49:18.0688 5916 BCM43XV - ok 19:49:18.0715 5916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 19:49:18.0756 5916 Beep - ok 19:49:18.0770 5916 blbdrive - ok 19:49:18.0803 5916 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 19:49:18.0843 5916 bowser - ok 19:49:18.0876 5916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 19:49:18.0954 5916 BrFiltLo - ok 19:49:18.0967 5916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 19:49:19.0005 5916 BrFiltUp - ok 19:49:19.0044 5916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 19:49:19.0095 5916 Brserid - ok 19:49:19.0112 5916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 19:49:19.0166 5916 BrSerWdm - ok 19:49:19.0183 5916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 19:49:19.0236 5916 BrUsbMdm - ok 19:49:19.0258 5916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 19:49:19.0321 5916 BrUsbSer - ok 19:49:19.0336 5916 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 19:49:19.0388 5916 BTHMODEM - ok 19:49:19.0431 5916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 19:49:19.0485 5916 cdfs - ok 19:49:19.0512 5916 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 19:49:19.0549 5916 cdrom - ok 19:49:19.0598 5916 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 19:49:19.0653 5916 circlass - ok 19:49:19.0689 5916 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 19:49:19.0705 5916 CLFS - ok 19:49:19.0748 5916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 19:49:19.0775 5916 CmBatt - ok 19:49:19.0798 5916 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 19:49:19.0808 5916 cmdide - ok 19:49:19.0841 5916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 19:49:19.0852 5916 Compbatt - ok 19:49:19.0872 5916 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 19:49:19.0883 5916 crcdisk - ok 19:49:19.0899 5916 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 19:49:19.0944 5916 Crusoe - ok 19:49:19.0985 5916 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 19:49:20.0023 5916 DfsC - ok 19:49:20.0067 5916 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 19:49:20.0078 5916 disk - ok 19:49:20.0111 5916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 19:49:20.0139 5916 drmkaud - ok 19:49:20.0178 5916 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 19:49:20.0191 5916 dtsoftbus01 - ok 19:49:20.0242 5916 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 19:49:20.0269 5916 DXGKrnl - ok 19:49:20.0309 5916 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 19:49:20.0369 5916 E100B - ok 19:49:20.0384 5916 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 19:49:20.0442 5916 E1G60 - ok 19:49:20.0482 5916 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 19:49:20.0495 5916 Ecache - ok 19:49:20.0546 5916 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 19:49:20.0563 5916 elxstor - ok 19:49:20.0611 5916 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 19:49:20.0651 5916 exfat - ok 19:49:20.0697 5916 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 19:49:20.0718 5916 fastfat - ok 19:49:20.0738 5916 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 19:49:20.0793 5916 fdc - ok 19:49:20.0826 5916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 19:49:20.0839 5916 FileInfo - ok 19:49:20.0875 5916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 19:49:20.0907 5916 Filetrace - ok 19:49:20.0947 5916 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 19:49:21.0004 5916 flpydisk - ok 19:49:21.0040 5916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 19:49:21.0054 5916 FltMgr - ok 19:49:21.0103 5916 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 19:49:21.0137 5916 Fs_Rec - ok 19:49:21.0175 5916 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 19:49:21.0190 5916 gagp30kx - ok 19:49:21.0227 5916 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 19:49:21.0297 5916 HdAudAddService - ok 19:49:21.0342 5916 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:49:21.0392 5916 HDAudBus - ok 19:49:21.0423 5916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 19:49:21.0483 5916 HidBth - ok 19:49:21.0506 5916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 19:49:21.0571 5916 HidIr - ok 19:49:21.0604 5916 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 19:49:21.0632 5916 HidUsb - ok 19:49:21.0662 5916 hotcore3 (86a41bab21b31f8a1b8f5fb93106b63f) C:\Windows\system32\DRIVERS\hotcore3.sys 19:49:21.0672 5916 hotcore3 - ok 19:49:21.0709 5916 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 19:49:21.0720 5916 HpCISSs - ok 19:49:21.0760 5916 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 19:49:21.0785 5916 HpqKbFiltr - ok 19:49:21.0802 5916 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 19:49:21.0821 5916 HpqRemHid - ok 19:49:21.0851 5916 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 19:49:21.0889 5916 HSFHWAZL - ok 19:49:21.0930 5916 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 19:49:21.0996 5916 HSF_DPV - ok 19:49:22.0036 5916 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys 19:49:22.0069 5916 HTCAND32 - ok 19:49:22.0096 5916 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys 19:49:22.0138 5916 htcnprot - ok 19:49:22.0169 5916 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 19:49:22.0214 5916 HTTP - ok 19:49:22.0234 5916 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 19:49:22.0245 5916 i2omp - ok 19:49:22.0277 5916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 19:49:22.0315 5916 i8042prt - ok 19:49:22.0368 5916 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 19:49:22.0471 5916 ialm - ok 19:49:22.0514 5916 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 19:49:22.0527 5916 iaStor - ok 19:49:22.0549 5916 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 19:49:22.0564 5916 iaStorV - ok 19:49:22.0605 5916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 19:49:22.0616 5916 iirsp - ok 19:49:22.0681 5916 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 19:49:22.0738 5916 IntcAzAudAddService - ok 19:49:22.0830 5916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 19:49:22.0841 5916 intelide - ok 19:49:22.0878 5916 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 19:49:22.0916 5916 intelppm - ok 19:49:22.0950 5916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:49:22.0983 5916 IpFilterDriver - ok 19:49:23.0008 5916 IpInIp - ok 19:49:23.0038 5916 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 19:49:23.0092 5916 IPMIDRV - ok 19:49:23.0118 5916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 19:49:23.0153 5916 IPNAT - ok 19:49:23.0186 5916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 19:49:23.0212 5916 IRENUM - ok 19:49:23.0236 5916 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 19:49:23.0247 5916 isapnp - ok 19:49:23.0276 5916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 19:49:23.0289 5916 iScsiPrt - ok 19:49:23.0303 5916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 19:49:23.0315 5916 iteatapi - ok 19:49:23.0346 5916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 19:49:23.0356 5916 iteraid - ok 19:49:23.0400 5916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 19:49:23.0411 5916 kbdclass - ok 19:49:23.0449 5916 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 19:49:23.0495 5916 kbdhid - ok 19:49:23.0542 5916 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 19:49:23.0564 5916 KSecDD - ok 19:49:23.0597 5916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 19:49:23.0629 5916 lltdio - ok 19:49:23.0678 5916 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 19:49:23.0690 5916 LSI_FC - ok 19:49:23.0708 5916 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 19:49:23.0720 5916 LSI_SAS - ok 19:49:23.0737 5916 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 19:49:23.0749 5916 LSI_SCSI - ok 19:49:23.0775 5916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 19:49:23.0814 5916 luafv - ok 19:49:23.0843 5916 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 19:49:23.0854 5916 megasas - ok 19:49:23.0888 5916 MEMSWEEP2 - ok 19:49:23.0932 5916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 19:49:23.0963 5916 Modem - ok 19:49:24.0015 5916 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys 19:49:24.0041 5916 MODEMCSA - ok 19:49:24.0076 5916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 19:49:24.0101 5916 monitor - ok 19:49:24.0136 5916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 19:49:24.0148 5916 mouclass - ok 19:49:24.0165 5916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 19:49:24.0206 5916 mouhid - ok 19:49:24.0242 5916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 19:49:24.0254 5916 MountMgr - ok 19:49:24.0282 5916 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 19:49:24.0294 5916 mpio - ok 19:49:24.0325 5916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 19:49:24.0346 5916 mpsdrv - ok 19:49:24.0379 5916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 19:49:24.0391 5916 Mraid35x - ok 19:49:24.0410 5916 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 19:49:24.0447 5916 MRxDAV - ok 19:49:24.0485 5916 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:49:24.0529 5916 mrxsmb - ok 19:49:24.0569 5916 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:49:24.0600 5916 mrxsmb10 - ok 19:49:24.0622 5916 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:49:24.0642 5916 mrxsmb20 - ok 19:49:24.0675 5916 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 19:49:24.0686 5916 msahci - ok 19:49:24.0702 5916 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 19:49:24.0714 5916 msdsm - ok 19:49:24.0752 5916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 19:49:24.0786 5916 Msfs - ok 19:49:24.0802 5916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 19:49:24.0814 5916 msisadrv - ok 19:49:24.0850 5916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 19:49:24.0890 5916 MSKSSRV - ok 19:49:24.0906 5916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 19:49:24.0945 5916 MSPCLOCK - ok 19:49:24.0963 5916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 19:49:25.0025 5916 MSPQM - ok 19:49:25.0131 5916 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 19:49:25.0174 5916 MsRPC - ok 19:49:25.0199 5916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 19:49:25.0211 5916 mssmbios - ok 19:49:25.0263 5916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 19:49:25.0305 5916 MSTEE - ok 19:49:25.0331 5916 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 19:49:25.0344 5916 Mup - ok 19:49:25.0393 5916 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 19:49:25.0410 5916 NativeWifiP - ok 19:49:25.0451 5916 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 19:49:25.0474 5916 NDIS - ok 19:49:25.0513 5916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 19:49:25.0552 5916 NdisTapi - ok 19:49:25.0589 5916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 19:49:25.0626 5916 Ndisuio - ok 19:49:25.0659 5916 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 19:49:25.0680 5916 NdisWan - ok 19:49:25.0715 5916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 19:49:25.0741 5916 NDProxy - ok 19:49:25.0771 5916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 19:49:25.0813 5916 NetBIOS - ok 19:49:25.0913 5916 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 19:49:25.0942 5916 netbt - ok 19:49:26.0029 5916 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys 19:49:26.0109 5916 NETw4v32 - ok 19:49:27.0119 5916 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 19:49:27.0257 5916 NETw5v32 - ok 19:49:27.0368 5916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 19:49:27.0379 5916 nfrd960 - ok 19:49:27.0481 5916 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys 19:49:27.0517 5916 nmwcd - ok 19:49:27.0560 5916 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys 19:49:27.0595 5916 nmwcdc - ok 19:49:27.0620 5916 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys 19:49:27.0659 5916 nmwcdnsu - ok 19:49:27.0683 5916 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 19:49:27.0701 5916 Npfs - ok 19:49:27.0751 5916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 19:49:27.0797 5916 nsiproxy - ok 19:49:27.0877 5916 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 19:49:27.0915 5916 Ntfs - ok 19:49:27.0945 5916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 19:49:27.0996 5916 ntrigdigi - ok 19:49:28.0015 5916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 19:49:28.0041 5916 Null - ok 19:49:28.0245 5916 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:49:28.0597 5916 nvlddmkm - ok 19:49:28.0702 5916 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 19:49:28.0716 5916 nvraid - ok 19:49:28.0742 5916 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 19:49:28.0754 5916 nvstor - ok 19:49:28.0795 5916 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 19:49:28.0808 5916 nv_agp - ok 19:49:28.0816 5916 NwlnkFlt - ok 19:49:28.0828 5916 NwlnkFwd - ok 19:49:28.0886 5916 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 19:49:28.0921 5916 ohci1394 - ok 19:49:28.0947 5916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 19:49:29.0000 5916 Parport - ok 19:49:29.0040 5916 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 19:49:29.0051 5916 partmgr - ok 19:49:29.0079 5916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 19:49:29.0148 5916 Parvdm - ok 19:49:29.0196 5916 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 19:49:29.0215 5916 pccsmcfd - ok 19:49:29.0240 5916 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 19:49:29.0253 5916 pci - ok 19:49:29.0277 5916 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 19:49:29.0288 5916 pciide - ok 19:49:29.0315 5916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 19:49:29.0328 5916 pcmcia - ok 19:49:29.0364 5916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 19:49:29.0454 5916 PEAUTH - ok 19:49:29.0528 5916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 19:49:29.0566 5916 PptpMiniport - ok 19:49:29.0598 5916 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 19:49:29.0656 5916 Processor - ok 19:49:29.0695 5916 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 19:49:29.0714 5916 PSched - ok 19:49:29.0748 5916 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 19:49:29.0782 5916 ql2300 - ok 19:49:29.0806 5916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 19:49:29.0820 5916 ql40xx - ok 19:49:29.0878 5916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 19:49:29.0904 5916 QWAVEdrv - ok 19:49:29.0932 5916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 19:49:29.0964 5916 RasAcd - ok 19:49:29.0991 5916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:49:30.0026 5916 Rasl2tp - ok 19:49:30.0058 5916 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 19:49:30.0092 5916 RasPppoe - ok 19:49:30.0120 5916 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 19:49:30.0133 5916 RasSstp - ok 19:49:30.0197 5916 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 19:49:30.0236 5916 rdbss - ok 19:49:30.0282 5916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:49:30.0307 5916 RDPCDD - ok 19:49:30.0354 5916 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 19:49:30.0399 5916 rdpdr - ok 19:49:30.0428 5916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 19:49:30.0466 5916 RDPENCDD - ok 19:49:30.0526 5916 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 19:49:30.0549 5916 RDPWD - ok 19:49:30.0586 5916 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 19:49:30.0611 5916 rimmptsk - ok 19:49:30.0620 5916 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 19:49:30.0656 5916 rimsptsk - ok 19:49:30.0675 5916 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 19:49:30.0697 5916 rismxdp - ok 19:49:30.0737 5916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 19:49:30.0777 5916 rspndr - ok 19:49:30.0815 5916 RTL2832UBDA (87fbe0aa5b7dfd003d4bc6b625a2b180) C:\Windows\system32\drivers\RTL2832UBDA.sys 19:49:30.0828 5916 RTL2832UBDA - ok 19:49:30.0855 5916 RTL2832UUSB (1e4462cea673a4f58a2adabb19344b93) C:\Windows\system32\Drivers\RTL2832UUSB.sys 19:49:30.0865 5916 RTL2832UUSB - ok 19:49:30.0878 5916 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 19:49:30.0896 5916 RTL2832U_IRHID - ok 19:49:30.0929 5916 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 19:49:30.0967 5916 RTL8169 - ok 19:49:30.0997 5916 SANDRA - ok 19:49:31.0041 5916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 19:49:31.0060 5916 sbp2port - ok 19:49:31.0145 5916 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 19:49:31.0179 5916 sdbus - ok 19:49:31.0203 5916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 19:49:31.0245 5916 secdrv - ok 19:49:31.0273 5916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 19:49:31.0331 5916 Serenum - ok 19:49:31.0357 5916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 19:49:31.0410 5916 Serial - ok 19:49:31.0446 5916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 19:49:31.0486 5916 sermouse - ok 19:49:31.0529 5916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 19:49:31.0563 5916 sffdisk - ok 19:49:31.0586 5916 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 19:49:31.0629 5916 sffp_mmc - ok 19:49:31.0646 5916 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 19:49:31.0679 5916 sffp_sd - ok 19:49:31.0706 5916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 19:49:31.0766 5916 sfloppy - ok 19:49:31.0811 5916 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 19:49:31.0822 5916 sisagp - ok 19:49:31.0841 5916 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 19:49:31.0852 5916 SiSRaid2 - ok 19:49:31.0877 5916 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 19:49:31.0889 5916 SiSRaid4 - ok 19:49:31.0925 5916 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 19:49:31.0945 5916 Smb - ok 19:49:31.0993 5916 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys 19:49:32.0064 5916 smserial - ok 19:49:32.0097 5916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 19:49:32.0109 5916 spldr - ok 19:49:32.0147 5916 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 19:49:32.0190 5916 srv - ok 19:49:32.0221 5916 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 19:49:32.0254 5916 srv2 - ok 19:49:32.0274 5916 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 19:49:32.0296 5916 srvnet - ok 19:49:32.0323 5916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 19:49:32.0335 5916 swenum - ok 19:49:32.0371 5916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 19:49:32.0382 5916 Symc8xx - ok 19:49:32.0393 5916 SymIMMP - ok 19:49:32.0411 5916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 19:49:32.0423 5916 Sym_hi - ok 19:49:32.0454 5916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 19:49:32.0465 5916 Sym_u3 - ok 19:49:32.0512 5916 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 19:49:32.0527 5916 SynTP - ok 19:49:32.0570 5916 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys 19:49:32.0602 5916 tap0901 - ok 19:49:32.0656 5916 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys 19:49:32.0691 5916 Tcpip - ok 19:49:32.0735 5916 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys 19:49:32.0764 5916 Tcpip6 - ok 19:49:32.0824 5916 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys 19:49:32.0862 5916 tcpipreg - ok 19:49:32.0897 5916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 19:49:32.0924 5916 TDPIPE - ok 19:49:32.0948 5916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 19:49:32.0983 5916 TDTCP - ok 19:49:33.0013 5916 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 19:49:33.0034 5916 tdx - ok 19:49:33.0072 5916 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys 19:49:33.0093 5916 teamviewervpn - ok 19:49:33.0124 5916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 19:49:33.0136 5916 TermDD - ok 19:49:33.0194 5916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:49:33.0233 5916 tssecsrv - ok 19:49:33.0263 5916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 19:49:33.0283 5916 tunmp - ok 19:49:33.0313 5916 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 19:49:33.0332 5916 tunnel - ok 19:49:33.0357 5916 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 19:49:33.0370 5916 uagp35 - ok 19:49:33.0410 5916 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 19:49:33.0432 5916 udfs - ok 19:49:33.0458 5916 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 19:49:33.0469 5916 uliagpkx - ok 19:49:33.0510 5916 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 19:49:33.0525 5916 uliahci - ok 19:49:33.0552 5916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 19:49:33.0565 5916 UlSata - ok 19:49:33.0585 5916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 19:49:33.0598 5916 ulsata2 - ok 19:49:33.0624 5916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 19:49:33.0663 5916 umbus - ok 19:49:33.0698 5916 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 19:49:33.0733 5916 upperdev - ok 19:49:33.0745 5916 usbbus - ok 19:49:33.0776 5916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 19:49:33.0796 5916 usbccgp - ok 19:49:33.0826 5916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 19:49:33.0883 5916 usbcir - ok 19:49:33.0894 5916 UsbDiag - ok 19:49:33.0927 5916 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 19:49:33.0959 5916 usbehci - ok 19:49:33.0985 5916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 19:49:34.0022 5916 usbhub - ok 19:49:34.0032 5916 USBModem - ok 19:49:34.0064 5916 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 19:49:34.0114 5916 usbohci - ok 19:49:34.0145 5916 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 19:49:34.0179 5916 usbprint - ok 19:49:34.0209 5916 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys 19:49:34.0228 5916 usbser - ok 19:49:34.0254 5916 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 19:49:34.0289 5916 UsbserFilt - ok 19:49:34.0316 5916 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:49:34.0336 5916 USBSTOR - ok 19:49:34.0369 5916 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 19:49:34.0402 5916 usbuhci - ok 19:49:34.0434 5916 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 19:49:34.0479 5916 usbvideo - ok 19:49:34.0518 5916 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 19:49:34.0537 5916 usb_rndisx - ok 19:49:34.0570 5916 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 19:49:34.0619 5916 vga - ok 19:49:34.0652 5916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 19:49:34.0693 5916 VgaSave - ok 19:49:34.0719 5916 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 19:49:34.0730 5916 viaagp - ok 19:49:34.0751 5916 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 19:49:34.0795 5916 ViaC7 - ok 19:49:34.0813 5916 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 19:49:34.0825 5916 viaide - ok 19:49:34.0858 5916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 19:49:34.0873 5916 volmgr - ok 19:49:34.0917 5916 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 19:49:34.0938 5916 volmgrx - ok 19:49:34.0971 5916 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 19:49:34.0988 5916 volsnap - ok 19:49:35.0042 5916 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 19:49:35.0056 5916 vsmraid - ok 19:49:35.0093 5916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 19:49:35.0135 5916 WacomPen - ok 19:49:35.0167 5916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 19:49:35.0187 5916 Wanarp - ok 19:49:35.0191 5916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 19:49:35.0210 5916 Wanarpv6 - ok 19:49:35.0231 5916 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 19:49:35.0241 5916 Wd - ok 19:49:35.0281 5916 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 19:49:35.0303 5916 Wdf01000 - ok 19:49:35.0368 5916 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 19:49:35.0421 5916 winachsf - ok 19:49:35.0533 5916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:49:35.0552 5916 WmiAcpi - ok 19:49:35.0600 5916 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 19:49:35.0613 5916 WpdUsb - ok 19:49:35.0646 5916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 19:49:35.0671 5916 ws2ifsl - ok 19:49:35.0702 5916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:49:35.0743 5916 WUDFRd - ok 19:49:35.0813 5916 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\QuickPlay\000.fcl 19:49:35.0823 5916 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok 19:49:35.0844 5916 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 19:49:35.0973 5916 \Device\Harddisk0\DR0 - ok 19:49:35.0977 5916 Boot (0x1200) (67e031a0d6d90e77e7840b7aeca0b470) \Device\Harddisk0\DR0\Partition0 19:49:35.0978 5916 \Device\Harddisk0\DR0\Partition0 - ok 19:49:36.0001 5916 Boot (0x1200) (01e8dab8beb0d7c575739eb2edf84d1a) \Device\Harddisk0\DR0\Partition1 19:49:36.0002 5916 \Device\Harddisk0\DR0\Partition1 - ok 19:49:36.0005 5916 Boot (0x1200) (5f5d37d02f25edcb702d1214c0d9c05c) \Device\Harddisk0\DR0\Partition2 19:49:36.0006 5916 \Device\Harddisk0\DR0\Partition2 - ok 19:49:36.0009 5916 Boot (0x1200) (f1e4bce2bf24f0aeb70baa6ebd917533) \Device\Harddisk0\DR0\Partition3 19:49:36.0010 5916 \Device\Harddisk0\DR0\Partition3 - ok 19:49:36.0011 5916 ============================================================ 19:49:36.0011 5916 Scan finished 19:49:36.0011 5916 ============================================================ 19:49:36.0033 5880 Detected object count: 0 19:49:36.0033 5880 Actual detected object count: 0 20:01:37.0639 4924 ============================================================ 20:01:37.0639 4924 Scan started 20:01:37.0639 4924 Mode: Manual; SigCheck; TDLFS; 20:01:37.0639 4924 ============================================================ 20:01:38.0270 4924 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 20:01:38.0295 4924 ACPI - ok 20:01:38.0344 4924 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 20:01:38.0415 4924 adp94xx - ok 20:01:38.0435 4924 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 20:01:38.0449 4924 adpahci - ok 20:01:38.0473 4924 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 20:01:38.0484 4924 adpu160m - ok 20:01:38.0505 4924 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 20:01:38.0516 4924 adpu320 - ok 20:01:38.0556 4924 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\Windows\system32\drivers\Afc.sys 20:01:38.0569 4924 Afc - ok 20:01:38.0624 4924 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 20:01:38.0640 4924 AFD - ok 20:01:38.0679 4924 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 20:01:38.0690 4924 agp440 - ok 20:01:38.0752 4924 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 20:01:38.0762 4924 aic78xx - ok 20:01:38.0818 4924 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 20:01:38.0829 4924 aliide - ok 20:01:38.0846 4924 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 20:01:38.0856 4924 amdagp - ok 20:01:38.0870 4924 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 20:01:38.0880 4924 amdide - ok 20:01:38.0900 4924 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 20:01:38.0941 4924 AmdK7 - ok 20:01:38.0960 4924 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 20:01:39.0001 4924 AmdK8 - ok 20:01:39.0024 4924 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 20:01:39.0034 4924 arc - ok 20:01:39.0048 4924 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 20:01:39.0058 4924 arcsas - ok 20:01:39.0093 4924 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys 20:01:39.0103 4924 aswFsBlk - ok 20:01:39.0124 4924 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys 20:01:39.0134 4924 aswMonFlt - ok 20:01:39.0150 4924 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys 20:01:39.0159 4924 aswRdr - ok 20:01:39.0184 4924 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys 20:01:39.0201 4924 aswSnx - ok 20:01:39.0246 4924 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys 20:01:39.0259 4924 aswSP - ok 20:01:39.0276 4924 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys 20:01:39.0285 4924 aswTdi - ok 20:01:39.0316 4924 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 20:01:39.0342 4924 AsyncMac - ok 20:01:39.0373 4924 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 20:01:39.0383 4924 atapi - ok 20:01:39.0428 4924 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys 20:01:39.0475 4924 BCM43XV - ok 20:01:39.0503 4924 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 20:01:39.0527 4924 Beep - ok 20:01:39.0540 4924 blbdrive - ok 20:01:39.0579 4924 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 20:01:39.0592 4924 bowser - ok 20:01:39.0608 4924 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 20:01:39.0626 4924 BrFiltLo - ok 20:01:39.0643 4924 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 20:01:39.0661 4924 BrFiltUp - ok 20:01:39.0687 4924 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 20:01:39.0728 4924 Brserid - ok 20:01:39.0744 4924 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 20:01:39.0787 4924 BrSerWdm - ok 20:01:39.0803 4924 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 20:01:39.0844 4924 BrUsbMdm - ok 20:01:39.0857 4924 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 20:01:39.0899 4924 BrUsbSer - ok 20:01:39.0924 4924 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 20:01:39.0965 4924 BTHMODEM - ok 20:01:39.0996 4924 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 20:01:40.0021 4924 cdfs - ok 20:01:40.0055 4924 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 20:01:40.0074 4924 cdrom - ok 20:01:40.0097 4924 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 20:01:40.0138 4924 circlass - ok 20:01:40.0176 4924 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 20:01:40.0189 4924 CLFS - ok 20:01:40.0225 4924 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 20:01:40.0250 4924 CmBatt - ok 20:01:40.0259 4924 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 20:01:40.0269 4924 cmdide - ok 20:01:40.0295 4924 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 20:01:40.0306 4924 Compbatt - ok 20:01:40.0337 4924 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 20:01:40.0347 4924 crcdisk - ok 20:01:40.0365 4924 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 20:01:40.0406 4924 Crusoe - ok 20:01:40.0450 4924 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 20:01:40.0463 4924 DfsC - ok 20:01:40.0488 4924 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 20:01:40.0498 4924 disk - ok 20:01:40.0532 4924 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 20:01:40.0549 4924 drmkaud - ok 20:01:40.0587 4924 dtsoftbus01 (555e54ac2f601a8821cef58961653991) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 20:01:40.0598 4924 dtsoftbus01 - ok 20:01:40.0641 4924 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 20:01:40.0664 4924 DXGKrnl - ok 20:01:40.0707 4924 E100B (c0b00e55cf82d122d25983c7a6a53dea) C:\Windows\system32\DRIVERS\e100b325.sys 20:01:40.0750 4924 E100B - ok 20:01:40.0771 4924 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 20:01:40.0815 4924 E1G60 - ok 20:01:40.0858 4924 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 20:01:40.0870 4924 Ecache - ok 20:01:40.0900 4924 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 20:01:40.0914 4924 elxstor - ok 20:01:40.0943 4924 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 20:01:40.0957 4924 exfat - ok 20:01:40.0985 4924 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 20:01:41.0004 4924 fastfat - ok 20:01:41.0026 4924 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 20:01:41.0067 4924 fdc - ok 20:01:41.0094 4924 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 20:01:41.0105 4924 FileInfo - ok 20:01:41.0140 4924 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 20:01:41.0167 4924 Filetrace - ok 20:01:41.0190 4924 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 20:01:41.0233 4924 flpydisk - ok 20:01:41.0272 4924 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 20:01:41.0284 4924 FltMgr - ok 20:01:41.0301 4924 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 20:01:41.0320 4924 Fs_Rec - ok 20:01:41.0341 4924 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 20:01:41.0352 4924 gagp30kx - ok 20:01:41.0381 4924 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 20:01:41.0425 4924 HdAudAddService - ok 20:01:41.0463 4924 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:01:41.0510 4924 HDAudBus - ok 20:01:41.0533 4924 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 20:01:41.0574 4924 HidBth - ok 20:01:41.0605 4924 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 20:01:41.0648 4924 HidIr - ok 20:01:41.0681 4924 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 20:01:41.0699 4924 HidUsb - ok 20:01:41.0727 4924 hotcore3 (86a41bab21b31f8a1b8f5fb93106b63f) C:\Windows\system32\DRIVERS\hotcore3.sys 20:01:41.0736 4924 hotcore3 - ok 20:01:41.0774 4924 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 20:01:41.0784 4924 HpCISSs - ok 20:01:41.0814 4924 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 20:01:41.0827 4924 HpqKbFiltr - ok 20:01:41.0845 4924 HpqRemHid (115c0933b3ed51dfbec4449348c8065b) C:\Windows\system32\DRIVERS\HpqRemHid.sys 20:01:41.0857 4924 HpqRemHid - ok 20:01:41.0883 4924 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 20:01:41.0910 4924 HSFHWAZL - ok 20:01:41.0951 4924 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 20:01:41.0990 4924 HSF_DPV - ok 20:01:42.0068 4924 HTCAND32 (cbd09ed9cf6822177ee85aea4d8816a2) C:\Windows\system32\Drivers\ANDROIDUSB.sys 20:01:42.0082 4924 HTCAND32 - ok 20:01:42.0117 4924 htcnprot (52395a94c127c0266d1c0f3cce8a4345) C:\Windows\system32\DRIVERS\htcnprot.sys 20:01:42.0129 4924 htcnprot - ok 20:01:42.0168 4924 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 20:01:42.0186 4924 HTTP - ok 20:01:42.0222 4924 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 20:01:42.0232 4924 i2omp - ok 20:01:42.0265 4924 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 20:01:42.0283 4924 i8042prt - ok 20:01:42.0333 4924 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys 20:01:42.0395 4924 ialm - ok 20:01:42.0446 4924 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys 20:01:42.0460 4924 iaStor - ok 20:01:42.0481 4924 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 20:01:42.0494 4924 iaStorV - ok 20:01:42.0526 4924 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 20:01:42.0537 4924 iirsp - ok 20:01:42.0601 4924 IntcAzAudAddService (9f5898ebd3bbe82eadf2efa595f02a72) C:\Windows\system32\drivers\RTKVHDA.sys 20:01:42.0649 4924 IntcAzAudAddService - ok 20:01:42.0740 4924 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys 20:01:42.0750 4924 intelide - ok 20:01:42.0799 4924 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 20:01:42.0823 4924 intelppm - ok 20:01:42.0859 4924 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:01:42.0884 4924 IpFilterDriver - ok 20:01:42.0895 4924 IpInIp - ok 20:01:42.0925 4924 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 20:01:42.0967 4924 IPMIDRV - ok 20:01:42.0995 4924 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 20:01:43.0021 4924 IPNAT - ok 20:01:43.0051 4924 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 20:01:43.0075 4924 IRENUM - ok 20:01:43.0090 4924 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 20:01:43.0100 4924 isapnp - ok 20:01:43.0130 4924 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 20:01:43.0142 4924 iScsiPrt - ok 20:01:43.0157 4924 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 20:01:43.0168 4924 iteatapi - ok 20:01:43.0189 4924 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 20:01:43.0199 4924 iteraid - ok 20:01:43.0232 4924 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 20:01:43.0242 4924 kbdclass - ok 20:01:43.0281 4924 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys 20:01:43.0299 4924 kbdhid - ok 20:01:43.0341 4924 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 20:01:43.0359 4924 KSecDD - ok 20:01:43.0407 4924 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 20:01:43.0433 4924 lltdio - ok 20:01:43.0465 4924 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 20:01:43.0476 4924 LSI_FC - ok 20:01:43.0496 4924 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 20:01:43.0507 4924 LSI_SAS - ok 20:01:43.0536 4924 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 20:01:43.0547 4924 LSI_SCSI - ok 20:01:43.0567 4924 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 20:01:43.0593 4924 luafv - ok 20:01:43.0619 4924 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 20:01:43.0632 4924 megasas - ok 20:01:43.0641 4924 MEMSWEEP2 - ok 20:01:43.0675 4924 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 20:01:43.0700 4924 Modem - ok 20:01:43.0735 4924 MODEMCSA (cbb59c41f19efea1a000793e08070a62) C:\Windows\system32\drivers\MODEMCSA.sys 20:01:43.0761 4924 MODEMCSA - ok 20:01:43.0797 4924 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 20:01:43.0823 4924 monitor - ok 20:01:43.0857 4924 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 20:01:43.0868 4924 mouclass - ok 20:01:43.0886 4924 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 20:01:43.0911 4924 mouhid - ok 20:01:43.0941 4924 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 20:01:43.0952 4924 MountMgr - ok 20:01:43.0981 4924 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 20:01:43.0992 4924 mpio - ok 20:01:44.0012 4924 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 20:01:44.0031 4924 mpsdrv - ok 20:01:44.0056 4924 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 20:01:44.0066 4924 Mraid35x - ok 20:01:44.0086 4924 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 20:01:44.0101 4924 MRxDAV - ok 20:01:44.0128 4924 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:01:44.0141 4924 mrxsmb - ok 20:01:44.0178 4924 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:01:44.0192 4924 mrxsmb10 - ok 20:01:44.0203 4924 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:01:44.0219 4924 mrxsmb20 - ok 20:01:44.0240 4924 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys 20:01:44.0250 4924 msahci - ok 20:01:44.0267 4924 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 20:01:44.0278 4924 msdsm - ok 20:01:44.0306 4924 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 20:01:44.0331 4924 Msfs - ok 20:01:44.0345 4924 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 20:01:44.0356 4924 msisadrv - ok 20:01:44.0394 4924 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 20:01:44.0419 4924 MSKSSRV - ok 20:01:44.0438 4924 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 20:01:44.0463 4924 MSPCLOCK - ok 20:01:44.0484 4924 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 20:01:44.0508 4924 MSPQM - ok 20:01:44.0552 4924 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 20:01:44.0565 4924 MsRPC - ok 20:01:44.0587 4924 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 20:01:44.0597 4924 mssmbios - ok 20:01:44.0606 4924 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 20:01:44.0634 4924 MSTEE - ok 20:01:44.0653 4924 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 20:01:44.0664 4924 Mup - ok 20:01:44.0703 4924 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 20:01:44.0718 4924 NativeWifiP - ok 20:01:44.0761 4924 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 20:01:44.0780 4924 NDIS - ok 20:01:44.0812 4924 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 20:01:44.0830 4924 NdisTapi - ok 20:01:44.0866 4924 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 20:01:44.0890 4924 Ndisuio - ok 20:01:44.0925 4924 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 20:01:44.0945 4924 NdisWan - ok 20:01:44.0970 4924 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 20:01:44.0988 4924 NDProxy - ok 20:01:45.0003 4924 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 20:01:45.0029 4924 NetBIOS - ok 20:01:45.0056 4924 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 20:01:45.0076 4924 netbt - ok 20:01:45.0150 4924 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys 20:01:45.0200 4924 NETw4v32 - ok 20:01:45.0396 4924 NETw5v32 (8de67bd902095a13329fd82c85a1fa09) C:\Windows\system32\DRIVERS\NETw5v32.sys 20:01:45.0468 4924 NETw5v32 - ok 20:01:45.0600 4924 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 20:01:45.0611 4924 nfrd960 - ok 20:01:45.0658 4924 nmwcd (712bc0c22ba00b2ba324c6b8df668ee7) C:\Windows\system32\drivers\ccdcmb.sys 20:01:45.0684 4924 nmwcd - ok 20:01:45.0715 4924 nmwcdc (7312987b6ccde6f6cee32c14bed1ca2e) C:\Windows\system32\drivers\ccdcmbo.sys 20:01:45.0741 4924 nmwcdc - ok 20:01:45.0774 4924 nmwcdnsu (99145c5d4b6c4d6f5ce83ee6abffe294) C:\Windows\system32\drivers\nmwcdnsu.sys 20:01:45.0801 4924 nmwcdnsu - ok 20:01:45.0826 4924 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 20:01:45.0845 4924 Npfs - ok 20:01:45.0883 4924 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 20:01:45.0908 4924 nsiproxy - ok 20:01:45.0965 4924 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 20:01:45.0995 4924 Ntfs - ok 20:01:46.0033 4924 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 20:01:46.0074 4924 ntrigdigi - ok 20:01:46.0083 4924 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 20:01:46.0108 4924 Null - ok 20:01:46.0321 4924 nvlddmkm (24000b817cc84ac1555f41929879af5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:01:46.0564 4924 nvlddmkm - ok 20:01:46.0668 4924 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 20:01:46.0680 4924 nvraid - ok 20:01:46.0697 4924 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 20:01:46.0707 4924 nvstor - ok 20:01:46.0728 4924 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 20:01:46.0739 4924 nv_agp - ok 20:01:46.0748 4924 NwlnkFlt - ok 20:01:46.0760 4924 NwlnkFwd - ok 20:01:46.0796 4924 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 20:01:46.0816 4924 ohci1394 - ok 20:01:46.0846 4924 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 20:01:46.0889 4924 Parport - ok 20:01:46.0928 4924 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 20:01:46.0939 4924 partmgr - ok 20:01:46.0955 4924 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 20:01:46.0997 4924 Parvdm - ok 20:01:47.0039 4924 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\Windows\system32\DRIVERS\pccsmcfd.sys 20:01:47.0051 4924 pccsmcfd - ok 20:01:47.0073 4924 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 20:01:47.0085 4924 pci - ok 20:01:47.0110 4924 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys 20:01:47.0120 4924 pciide - ok 20:01:47.0147 4924 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 20:01:47.0159 4924 pcmcia - ok 20:01:47.0197 4924 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 20:01:47.0254 4924 PEAUTH - ok 20:01:47.0316 4924 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 20:01:47.0341 4924 PptpMiniport - ok 20:01:47.0375 4924 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 20:01:47.0417 4924 Processor - ok 20:01:47.0449 4924 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 20:01:47.0468 4924 PSched - ok 20:01:47.0503 4924 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 20:01:47.0529 4924 ql2300 - ok 20:01:47.0561 4924 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 20:01:47.0572 4924 ql40xx - ok 20:01:47.0610 4924 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 20:01:47.0624 4924 QWAVEdrv - ok 20:01:47.0653 4924 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 20:01:47.0681 4924 RasAcd - ok 20:01:47.0712 4924 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:01:47.0737 4924 Rasl2tp - ok 20:01:47.0779 4924 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 20:01:47.0797 4924 RasPppoe - ok 20:01:47.0830 4924 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 20:01:47.0843 4924 RasSstp - ok 20:01:47.0874 4924 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 20:01:47.0894 4924 rdbss - ok 20:01:47.0914 4924 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:01:47.0939 4924 RDPCDD - ok 20:01:47.0975 4924 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 20:01:48.0019 4924 rdpdr - ok 20:01:48.0029 4924 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 20:01:48.0055 4924 RDPENCDD - ok 20:01:48.0092 4924 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 20:01:48.0111 4924 RDPWD - ok 20:01:48.0141 4924 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys 20:01:48.0153 4924 rimmptsk - ok 20:01:48.0192 4924 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys 20:01:48.0204 4924 rimsptsk - ok 20:01:48.0215 4924 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys 20:01:48.0228 4924 rismxdp - ok 20:01:48.0271 4924 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 20:01:48.0297 4924 rspndr - ok 20:01:48.0325 4924 RTL2832UBDA (87fbe0aa5b7dfd003d4bc6b625a2b180) C:\Windows\system32\drivers\RTL2832UBDA.sys 20:01:48.0337 4924 RTL2832UBDA - ok 20:01:48.0366 4924 RTL2832UUSB (1e4462cea673a4f58a2adabb19344b93) C:\Windows\system32\Drivers\RTL2832UUSB.sys 20:01:48.0375 4924 RTL2832UUSB - ok 20:01:48.0400 4924 RTL2832U_IRHID (636f046efd77b22f7c95716895d172e2) C:\Windows\system32\DRIVERS\RTL2832U_IRHID.sys 20:01:48.0411 4924 RTL2832U_IRHID - ok 20:01:48.0438 4924 RTL8169 (9a929308a64183d3d9dccbb6df4badae) C:\Windows\system32\DRIVERS\Rtlh86.sys 20:01:48.0458 4924 RTL8169 - ok 20:01:48.0485 4924 SANDRA - ok 20:01:48.0518 4924 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 20:01:48.0529 4924 sbp2port - ok 20:01:48.0567 4924 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys 20:01:48.0586 4924 sdbus - ok 20:01:48.0602 4924 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 20:01:48.0644 4924 secdrv - ok 20:01:48.0672 4924 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 20:01:48.0714 4924 Serenum - ok 20:01:48.0734 4924 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 20:01:48.0776 4924 Serial - ok 20:01:48.0811 4924 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 20:01:48.0837 4924 sermouse - ok 20:01:48.0884 4924 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys 20:01:48.0902 4924 sffdisk - ok 20:01:48.0918 4924 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 20:01:48.0961 4924 sffp_mmc - ok 20:01:48.0978 4924 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys 20:01:48.0996 4924 sffp_sd - ok 20:01:49.0028 4924 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 20:01:49.0069 4924 sfloppy - ok 20:01:49.0088 4924 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 20:01:49.0099 4924 sisagp - ok 20:01:49.0118 4924 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 20:01:49.0129 4924 SiSRaid2 - ok 20:01:49.0154 4924 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 20:01:49.0165 4924 SiSRaid4 - ok 20:01:49.0201 4924 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 20:01:49.0222 4924 Smb - ok 20:01:49.0270 4924 smserial (859e3adc59d1c89a66aa6492c14d379e) C:\Windows\system32\DRIVERS\smserial.sys 20:01:49.0298 4924 smserial - ok 20:01:49.0351 4924 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 20:01:49.0362 4924 spldr - ok 20:01:49.0402 4924 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 20:01:49.0417 4924 srv - ok 20:01:49.0442 4924 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 20:01:49.0456 4924 srv2 - ok 20:01:49.0474 4924 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 20:01:49.0487 4924 srvnet - ok 20:01:49.0511 4924 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 20:01:49.0522 4924 swenum - ok 20:01:49.0559 4924 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 20:01:49.0569 4924 Symc8xx - ok 20:01:49.0578 4924 SymIMMP - ok 20:01:49.0599 4924 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 20:01:49.0610 4924 Sym_hi - ok 20:01:49.0630 4924 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 20:01:49.0641 4924 Sym_u3 - ok 20:01:49.0678 4924 SynTP (067cb9d745407a8c1b26e89a6a2ce152) C:\Windows\system32\DRIVERS\SynTP.sys 20:01:49.0691 4924 SynTP - ok 20:01:49.0725 4924 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys 20:01:49.0736 4924 tap0901 - ok 20:01:49.0788 4924 Tcpip (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\drivers\tcpip.sys 20:01:49.0815 4924 Tcpip - ok 20:01:49.0838 4924 Tcpip6 (6647fce6fc4970daafe5c64c794513d3) C:\Windows\system32\DRIVERS\tcpip.sys 20:01:49.0865 4924 Tcpip6 - ok 20:01:49.0890 4924 tcpipreg (36606b165d04a397bdf613096986d85d) C:\Windows\system32\drivers\tcpipreg.sys 20:01:49.0902 4924 tcpipreg - ok 20:01:49.0940 4924 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 20:01:49.0965 4924 TDPIPE - ok 20:01:49.0980 4924 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 20:01:50.0005 4924 TDTCP - ok 20:01:50.0034 4924 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 20:01:50.0053 4924 tdx - ok 20:01:50.0082 4924 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys 20:01:50.0094 4924 teamviewervpn - ok 20:01:50.0123 4924 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 20:01:50.0133 4924 TermDD - ok 20:01:50.0171 4924 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:01:50.0197 4924 tssecsrv - ok 20:01:50.0229 4924 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 20:01:50.0242 4924 tunmp - ok 20:01:50.0279 4924 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 20:01:50.0291 4924 tunnel - ok 20:01:50.0323 4924 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 20:01:50.0334 4924 uagp35 - ok 20:01:50.0376 4924 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 20:01:50.0396 4924 udfs - ok 20:01:50.0424 4924 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 20:01:50.0435 4924 uliagpkx - ok 20:01:50.0453 4924 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 20:01:50.0467 4924 uliahci - ok 20:01:50.0485 4924 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 20:01:50.0496 4924 UlSata - ok 20:01:50.0517 4924 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 20:01:50.0530 4924 ulsata2 - ok 20:01:50.0557 4924 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 20:01:50.0582 4924 umbus - ok 20:01:50.0619 4924 upperdev (7062ed67a10f1c83b2ab951736e24f11) C:\Windows\system32\DRIVERS\usbser_lowerflt.sys 20:01:50.0645 4924 upperdev - ok 20:01:50.0657 4924 usbbus - ok 20:01:50.0697 4924 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 20:01:50.0716 4924 usbccgp - ok 20:01:50.0747 4924 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 20:01:50.0789 4924 usbcir - ok 20:01:50.0798 4924 UsbDiag - ok 20:01:50.0837 4924 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 20:01:50.0856 4924 usbehci - ok 20:01:50.0873 4924 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 20:01:50.0894 4924 usbhub - ok 20:01:50.0905 4924 USBModem - ok 20:01:50.0930 4924 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 20:01:50.0973 4924 usbohci - ok 20:01:51.0000 4924 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 20:01:51.0025 4924 usbprint - ok 20:01:51.0064 4924 usbser (d575246188f63de0accf6eac5fb59e6a) C:\Windows\system32\drivers\usbser.sys 20:01:51.0083 4924 usbser - ok 20:01:51.0109 4924 UsbserFilt (b76d8039f5b595c4ca551b3d5dd15a98) C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys 20:01:51.0135 4924 UsbserFilt - ok 20:01:51.0160 4924 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:01:51.0179 4924 USBSTOR - ok 20:01:51.0213 4924 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 20:01:51.0232 4924 usbuhci - ok 20:01:51.0266 4924 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys 20:01:51.0292 4924 usbvideo - ok 20:01:51.0328 4924 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 20:01:51.0346 4924 usb_rndisx - ok 20:01:51.0381 4924 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 20:01:51.0422 4924 vga - ok 20:01:51.0462 4924 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 20:01:51.0488 4924 VgaSave - ok 20:01:51.0507 4924 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 20:01:51.0518 4924 viaagp - ok 20:01:51.0539 4924 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 20:01:51.0581 4924 ViaC7 - ok 20:01:51.0602 4924 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 20:01:51.0612 4924 viaide - ok 20:01:51.0646 4924 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 20:01:51.0658 4924 volmgr - ok 20:01:51.0694 4924 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 20:01:51.0708 4924 volmgrx - ok 20:01:51.0748 4924 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 20:01:51.0761 4924 volsnap - ok 20:01:51.0797 4924 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 20:01:51.0809 4924 vsmraid - ok 20:01:51.0837 4924 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 20:01:51.0879 4924 WacomPen - ok 20:01:51.0911 4924 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:01:51.0930 4924 Wanarp - ok 20:01:51.0934 4924 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 20:01:51.0954 4924 Wanarpv6 - ok 20:01:51.0974 4924 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 20:01:51.0985 4924 Wd - ok 20:01:52.0025 4924 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 20:01:52.0043 4924 Wdf01000 - ok 20:01:52.0090 4924 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 20:01:52.0125 4924 winachsf - ok 20:01:52.0187 4924 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 20:01:52.0207 4924 WmiAcpi - ok 20:01:52.0243 4924 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys 20:01:52.0256 4924 WpdUsb - ok 20:01:52.0290 4924 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 20:01:52.0316 4924 ws2ifsl - ok 20:01:52.0357 4924 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:01:52.0384 4924 WUDFRd - ok 20:01:52.0457 4924 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (8903c6979ea677a9af3d36e0d3709203) C:\Program Files\HP\QuickPlay\000.fcl 20:01:52.0467 4924 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok 20:01:52.0488 4924 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0 20:01:52.0606 4924 \Device\Harddisk0\DR0 - ok 20:01:52.0609 4924 Boot (0x1200) (67e031a0d6d90e77e7840b7aeca0b470) \Device\Harddisk0\DR0\Partition0 20:01:52.0611 4924 \Device\Harddisk0\DR0\Partition0 - ok 20:01:52.0634 4924 Boot (0x1200) (01e8dab8beb0d7c575739eb2edf84d1a) \Device\Harddisk0\DR0\Partition1 20:01:52.0635 4924 \Device\Harddisk0\DR0\Partition1 - ok 20:01:52.0638 4924 Boot (0x1200) (5f5d37d02f25edcb702d1214c0d9c05c) \Device\Harddisk0\DR0\Partition2 20:01:52.0639 4924 \Device\Harddisk0\DR0\Partition2 - ok 20:01:52.0644 4924 Boot (0x1200) (f1e4bce2bf24f0aeb70baa6ebd917533) \Device\Harddisk0\DR0\Partition3 20:01:52.0645 4924 \Device\Harddisk0\DR0\Partition3 - ok 20:01:52.0645 4924 ============================================================ 20:01:52.0645 4924 Scan finished 20:01:52.0645 4924 ============================================================ 20:01:52.0652 4788 Detected object count: 0 20:01:52.0652 4788 Actual detected object count: 0
__________________ Gruß Marcus |
|
25.10.2011, 19:29
| #21 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ --> Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? |
|
25.10.2011, 21:39
| #22 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? So, habe CF jetzt durchlaufen gelassen: Combofix Logfile: Code:
ATTFilter ComboFix 11-10-25.04 - carper 25.10.2011 22:14:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1243 [GMT 2:00]
ausgeführt von:: c:\users\carper\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\carper\AppData\Roaming\chrtmp
c:\windows\system32\Inetde.dll
c:\windows\system32\KBL.LOG
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-25 bis 2011-10-25 ))))))))))))))))))))))))))))))
.
.
2011-10-25 17:23 . 2011-10-25 17:23 1556992 ----a-w- c:\windows\is-9VU3R.exe
2011-10-25 15:41 . 2011-10-25 15:41 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3FB0534-A01E-411A-8E67-97F2E095087F}\offreg.dll
2011-10-25 15:40 . 2011-10-25 15:40 -------- d-----w- C:\_OTL
2011-10-25 09:28 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D3FB0534-A01E-411A-8E67-97F2E095087F}\mpengine.dll
2011-10-23 00:15 . 2011-10-23 00:15 -------- d-----w- c:\program files\Sophos
2011-10-21 08:03 . 2011-10-21 08:03 -------- d-----w- c:\program files\ESET
2011-10-19 16:28 . 2011-10-19 16:28 -------- d-----w- c:\users\carper\AppData\Roaming\Malwarebytes
2011-10-19 16:28 . 2011-10-19 16:28 -------- d-----w- c:\programdata\Malwarebytes
2011-10-19 16:28 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-19 16:28 . 2011-10-19 16:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-17 19:20 . 2011-09-06 20:36 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-10-17 19:20 . 2011-09-06 20:37 320856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-10-17 19:20 . 2011-09-06 20:36 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-10-17 19:20 . 2011-09-06 20:38 442200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-10-17 19:20 . 2011-09-06 20:36 52568 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-10-17 19:20 . 2011-09-06 20:36 54616 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-10-17 19:18 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
2011-10-17 19:18 . 2011-09-06 20:45 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\programdata\AVAST Software
2011-10-17 19:18 . 2011-10-17 19:18 -------- d-----w- c:\program files\AVAST Software
2011-10-14 10:56 . 2004-03-08 23:00 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-10-14 10:56 . 1998-06-23 23:00 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-10-14 10:56 . 1998-07-06 16:55 64512 ----a-w- c:\windows\system32\MSCC2DE.DLL
2011-10-14 10:56 . 1998-07-05 23:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2011-10-12 13:34 . 2011-09-14 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-11 14:27 . 2011-10-11 14:27 -------- d-----w- c:\program files\phase6
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-15 16:35 . 2011-05-30 17:34 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-01 19:20 . 2011-03-23 22:38 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2009-10-26 1458176]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"InnoSetupRegFile.0000000001"="c:\windows\is-9VU3R.exe" [2011-10-25 1556992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
SafeBoot Registrierungsschlüssel muss repariert werden. Dieser PC kann nicht im abgesicherten Modus starten.
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^p6_19_erinnerung.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\p6_19_erinnerung.lnk
backup=c:\windows\pss\p6_19_erinnerung.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Ulead Kalendar Checker 4.0 SE.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Ulead Kalendar Checker 4.0 SE.lnk
backup=c:\windows\pss\Ulead Kalendar Checker 4.0 SE.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^carper^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\carper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 06:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 22:11 49152 ----a-w- c:\program files\Hp\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
2010-10-28 16:55 294912 ----a-w- c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-07-25 06:02 174616 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11 339312 ----a-w- c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-10-03 10:40 92776 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-10-03 10:40 887400 ----a-w- c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 12:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2010-12-21 10:53 1483264 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 13:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-09-30 18:34 181544 ----a-w- c:\program files\Hp\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-08-17 13:27 4702208 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 12:46 1458176 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-05-27 20:31 1721640 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-16 22:13 218408 ----a-w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4013078688-286465750-3905637220-1000]
"EnableNotificationsRef"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-06-09 24576]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\7963.tmp [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-12-02 137600]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys [2009-10-05 31872]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys [2010-07-01 188392]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys [2010-07-01 32872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-01-28 40560]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-09-30 39408]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-02-21 218688]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-03-30 25088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 09931249
*Deregistered* - 09931249
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
mStart Page =
mLocal Page =
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\carper\AppData\Roaming\Mozilla\Firefox\Profiles\fsrg54mk.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://google.de
FF - prefs.js: keyword.URL - hxxp://www.google.de?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: keyword.enabled - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-IR_SERVER - c:\progra~1\Realtek\REALTE~1\IR_SERVER.exe
MSConfigStartUp-NokiaMusic FastStart - c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe
MSConfigStartUp-NokiaOviSuite2 - c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
MSConfigStartUp-TrayServer - c:\program files\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-10-25 22:23
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\7963.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2011-10-25 22:26:34
ComboFix-quarantined-files.txt 2011-10-25 20:26
.
Vor Suchlauf: 10 Verzeichnis(se), 264.163.545.088 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 263.146.299.392 Bytes frei
.
- - End Of File - - 51B82076B927A80703C7DB1D08C5A741
__________________ Gruß Marcus |
|
26.10.2011, 11:06
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.10.2011, 15:38
| #24 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Hallo Arne, aswMBR.exe produziert einen Bluescreen mit der Meldung: DRIVER_IRQL_NOT_LESS_OR_EQUAL Stop: 0 x 000000D1 Ich versuche es jetzt nochmal... hier schonmal die LOGs von GMER und OSAM (als Anhang, da zu lang):
__________________ Gruß Marcus |
|
26.10.2011, 16:02
| #25 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? So, jetzt ist es durchgelaufen :-) Hier das Ergebnis: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-26 16:39:48 ----------------------------- 16:39:48.086 OS Version: Windows 6.0.6002 Service Pack 2 16:39:48.086 Number of processors: 2 586 0x1706 16:39:48.086 ComputerName: CARPER-PC UserName: carper 16:39:58.382 Initialize success 16:39:58.460 AVAST engine defs: 11102600 16:40:32.780 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 16:40:32.780 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3 16:40:32.998 Disk 0 MBR read successfully 16:40:33.014 Disk 0 MBR scan 16:40:33.014 Disk 0 unknown MBR code 16:40:33.123 Disk 0 scanning sectors +976769024 16:40:33.295 Disk 0 scanning C:\Windows\system32\drivers 16:41:23.339 Service scanning 16:41:24.634 Modules scanning 16:42:33.477 Disk 0 trace - called modules: 16:42:33.524 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 16:42:33.524 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8668a780] 16:42:33.524 3 CLASSPNP.SYS[88fad8b3] -> nt!IofCallDriver -> [0x85616798] 16:42:33.539 5 acpi.sys[886956bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85617030] 16:42:34.475 AVAST engine scan C:\Windows 16:44:42.255 AVAST engine scan C:\Windows\system32 16:47:08.131 AVAST engine scan C:\Windows\system32\drivers 16:47:17.335 AVAST engine scan C:\Users\carper 16:48:53.555 AVAST engine scan C:\ProgramData 17:00:25.462 Scan finished successfully 17:00:58.456 Disk 0 MBR has been saved successfully to "C:\Users\carper\Desktop\MBR.dat" 17:00:58.472 The log file has been saved successfully to "C:\Users\carper\Desktop\aswMBR.txt"
__________________ Gruß Marcus |
|
26.10.2011, 19:10
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.10.2011, 17:21
| #27 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Hallo Arne, der FIX ist problemlos gelaufen, hier die neue LOG-Datei: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-10-27 18:11:00 ----------------------------- 18:11:00.483 OS Version: Windows 6.0.6002 Service Pack 2 18:11:00.483 Number of processors: 2 586 0x1706 18:11:00.499 ComputerName: CARPER-PC UserName: carper 18:11:16.302 Initialize success 18:11:16.395 AVAST engine defs: 11102600 18:11:23.197 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 18:11:23.197 Disk 0 Vendor: SAMSUNG_ 2AC1 Size: 476940MB BusType: 3 18:11:23.228 Disk 0 MBR read successfully 18:11:23.228 Disk 0 MBR scan 18:11:23.228 Disk 0 Windows VISTA default MBR code 18:11:23.244 Disk 0 scanning sectors +976769024 18:11:23.337 Disk 0 scanning C:\Windows\system32\drivers 18:11:39.670 Service scanning 18:11:41.308 Modules scanning 18:11:55.785 Disk 0 trace - called modules: 18:11:55.816 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys 18:11:55.816 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866af968] 18:11:55.816 3 CLASSPNP.SYS[88faa8b3] -> nt!IofCallDriver -> [0x84c86178] 18:11:56.331 5 acpi.sys[886876bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85622030] 18:11:57.720 AVAST engine scan C:\Windows 18:12:03.351 AVAST engine scan C:\Windows\system32 18:13:51.756 AVAST engine scan C:\Windows\system32\drivers 18:14:15.904 AVAST engine scan C:\Users\carper 18:15:50.035 AVAST engine scan C:\ProgramData 18:18:23.274 Scan finished successfully 18:18:52.305 Disk 0 MBR has been saved successfully to "C:\Users\carper\Desktop\MBR.dat" 18:18:52.305 The log file has been saved successfully to "C:\Users\carper\Desktop\aswMBR.txt" 18:19:43.339 Disk 0 MBR has been saved successfully to "C:\Users\carper\Desktop\MBR.dat" 18:19:43.339 The log file has been saved successfully to "C:\Users\carper\Desktop\aswMBRneu.txt"
__________________ Gruß Marcus |
|
27.10.2011, 18:49
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.10.2011, 21:43
| #29 |
| | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? Hallo Arne, hier die LOGs: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8036 Windows 6.0.6002 Service Pack 2 Internet Explorer 7.0.6002.18005 28.10.2011 20:56:12 mbam-log-2011-10-28 (20-56-12).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 168447 Laufzeit: 5 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) SASW: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 10/28/2011 at 10:39 PM Application Version : 5.0.1134 Core Rules Database Version : 7865 Trace Rules Database Version: 5677 Scan type : Complete Scan Total Scan Time : 01:34:27 Operating System Information Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002) UAC On - Administrator Memory items scanned : 699 Memory threats detected : 0 Registry items scanned : 39272 Registry threats detected : 0 File items scanned : 207895 File threats detected : 2 Adware.Tracking Cookie C:\Users\carper\AppData\Roaming\Microsoft\Windows\Cookies\NVZUJ1O3.txt [ /forum.usenext.de ] C:\USERS\CARPER\Cookies\NVZUJ1O3.txt [ Cookie:carper@forum.usenext.de/ ]
__________________ Gruß Marcus |
|
28.10.2011, 22:18
| #30 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun?Zitat:
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Win32:Rootkit-gen (rtk) von Avast gefunden...was ist zu tun? |
| andere, antivir, avast, container, formatiere, formatieren, friert, gefunde, hallo zusammen, hilft, hoffe, immer wieder, lange, langsam, laptop, loszuwerden, möglichkeit, neustart., probleme, rootkit, schlau, verschoben, win, win32, win32:rootkit-gen, win32:rootkit-gen (rtk), zusammen |
Linear-Darstellung
