| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojan-Downloader.Win32.Agent.gyaiWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.02.2012, 11:02
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Trojan-Downloader.Win32.Agent.gyai Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.02.2012, 13:49
| #17 |
 | Trojan-Downloader.Win32.Agent.gyai Während des scans:
__________________- Kasperky aus - Inetverbindung getrennt OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.02.2012 13:13:46 - Run 5 OTL by OldTimer - Version 3.2.33.2 Folder = C:\Users\Admin\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,08% Memory free 6,19 Gb Paging File | 5,30 Gb Available in Paging File | 85,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 268,79 Gb Total Space | 103,72 Gb Free Space | 38,59% Space Free | Partition Type: NTFS Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32 Computer Name: AKOYA | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () PRC - C:\Windows\tsnp2uvc.exe () PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Windows\System32\PSIService.exe () ========== Modules (No Company Name) ========== MOD - C:\Users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.dll () MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Windows\tsnp2uvc.exe () ========== Win32 Services (SafeList) ========== SRV - (AVP) -- C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe () SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe () ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (WINIO) -- C:\Windows\System32\WinIo.sys () DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO) DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net) DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.order.1: "" FF - prefs.js..browser.search.param.yahoo-fr: "" FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.22 01:23:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:50:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 16:32:15 | 000,000,000 | ---D | M] [2009.08.12 13:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.02.11 21:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions [2010.04.27 16:12:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.10.15 18:52:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.11 21:23:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2011.12.25 00:42:47 | 000,000,000 | ---D | M] (stream_player_addon) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\jid1-sVZC3jSUSB1KxYw@jetpack [2012.02.16 22:50:18 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jbi9blw3.default\searchplugins\icqplugin.xml [2012.02.18 09:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.02.18 09:50:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.02.16 22:55:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.05.18 11:18:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.18 11:18:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.18 11:18:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.18 11:18:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe () O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe () O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.178.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - File not found O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ] O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: ANT Agent - hkey= - key= - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Skype - hkey= - key= - File not found MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) MsConfig - State: "services" - 0 MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.div2 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !) Drivers32: vidc.div3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !) Drivers32: vidc.div4 - C:\Windows\System32\divxc32f.dll (Hacked with Joy ! ) Drivers32: vidc.divx - C:\Windows\System32\divx.dll (DivXNetworks, Inc.) Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.ir21 - C:\Windows\System32\IR21_R.DLL () Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv40 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg21.dll (Pegasus Imaging Corporation) Drivers32: vidc.rt21 - C:\Windows\System32\IR21_R.DLL () Drivers32: vidc.vifp - C:\Windows\System32\vfcodec.dll () Drivers32: vidc.xvid - C:\Windows\System32\XviD.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll () CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.21 21:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.02.21 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.02.20 20:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.02.16 22:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.02.15 18:20:53 | 000,000,000 | ---D | C] -- C:\sh4ldr [2012.02.15 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2012.02.15 18:05:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.02.15 18:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.01.31 01:20:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PDF24 [2012.01.31 01:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24 [2012.01.31 01:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24 [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.22 13:11:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.02.22 13:11:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.02.22 13:11:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.02.22 13:11:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.02.22 13:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.02.22 13:05:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.02.22 13:05:19 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 13:05:18 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.22 13:05:17 | 000,093,883 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.02.22 13:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.22 13:05:08 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys [2012.02.21 11:17:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.02.20 15:43:24 | 000,169,984 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.18 07:58:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.02.15 18:57:02 | 000,329,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.15 18:05:53 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.15 11:25:26 | 000,000,886 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk [2012.01.31 01:19:37 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.01.26 21:41:39 | 000,093,883 | ---- | M] () -- C:\ProgramData\nvModes.dat [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.21 14:35:20 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys [2012.02.18 07:58:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.02.15 18:05:53 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.15 11:25:26 | 000,000,886 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk [2012.01.31 01:19:37 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk [2012.01.18 23:17:36 | 000,017,408 | ---- | C] () -- C:\Users\Admin\AppData\Local\WebpageIcons.db [2012.01.18 23:15:46 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat [2012.01.18 23:15:46 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat [2011.07.13 22:17:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{B4E86C1C-E603-4636-A094-707E0F4A0010} [2011.04.18 13:58:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys [2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat [2011.01.17 22:13:19 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini [2011.01.14 22:07:07 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe [2011.01.06 08:42:13 | 000,000,298 | ---- | C] () -- C:\Windows\pwc63u.INI [2010.11.26 23:37:18 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.05.20 16:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2010.05.20 16:04:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS6l.DLL [2010.03.14 01:16:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.03.12 01:06:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.02.26 08:45:18 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat [2010.02.25 10:14:48 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.02.25 09:58:33 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll [2010.02.25 09:58:33 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL [2010.02.25 09:58:33 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll [2010.02.25 09:58:29 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll [2010.02.25 09:58:29 | 000,039,936 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll ========== LOP Check ========== [2011.10.09 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon [2009.11.18 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2010.12.29 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2010.05.20 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CD-LabelPrint [2011.01.14 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dBpoweramp [2011.10.15 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.10.15 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.09 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exif Viewer [2011.12.01 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Garmin [2010.02.08 23:42:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Helios [2010.01.26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiMD [2011.03.02 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JonDo [2011.01.15 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2010.01.21 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking [2010.03.16 17:18:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot [2011.01.06 08:36:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template [2010.11.19 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UDC Profiles [2011.01.17 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue [2010.06.09 11:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView [2012.02.22 09:17:39 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.01.14 22:07:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AccurateRip [2009.08.16 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe [2011.10.09 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon [2011.05.22 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer [2010.03.11 23:39:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVS4YOU [2009.11.18 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service [2010.12.29 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon [2010.05.20 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CD-LabelPrint [2010.07.30 01:24:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel [2009.08.16 20:04:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CorelHomeOffice [2011.10.05 13:36:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink [2011.01.14 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dBpoweramp [2011.10.15 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2011.10.15 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.09 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exif Viewer [2011.12.01 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Garmin [2009.08.12 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google [2010.02.08 23:42:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Helios [2010.01.26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiMD [2009.08.08 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities [2009.11.18 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield [2011.03.02 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JonDo [2011.01.15 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech [2009.08.11 22:43:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia [2011.01.16 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs [2011.01.17 23:05:56 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft [2009.08.12 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla [2011.01.14 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software [2010.03.31 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero [2010.01.21 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking [2010.03.28 11:27:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real [2010.03.16 17:18:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot [2010.01.26 20:28:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Corporation [2011.09.02 08:46:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com [2011.01.06 08:36:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template [2010.11.19 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UDC Profiles [2011.01.17 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue [2010.06.28 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR [2010.06.09 11:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_07B8CB1215D09586053D68.exe [2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_6FEFF9B68218417F98F549.exe [2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_97B6D21A83C51C13B8E998.exe [2010.05.23 17:08:10 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\setup3.11\setup.exe [2011.01.27 08:18:50 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.11.18 16:37:54 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2009.02.11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys [2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > [2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys [2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys [2012.01.18 23:12:31 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys [2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.04.07 21:38:22 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.04.07 21:38:22 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll < End of report > |
|
22.02.2012, 15:19
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Sieht ziemlich unauffällig aus.
__________________Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
22.02.2012, 16:06
| #19 |
| | Trojan-Downloader.Win32.Agent.gyai hier der/die/das log des tdss-killers: (den fund hab ich mit "skip" behandelt) Code:
ATTFilter 15:55:53.0763 3372 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:55:53.0797 3372 ============================================================
15:55:53.0797 3372 Current date / time: 2012/02/22 15:55:53.0797
15:55:53.0797 3372 SystemInfo:
15:55:53.0797 3372
15:55:53.0797 3372 OS Version: 6.0.6002 ServicePack: 2.0
15:55:53.0797 3372 Product type: Workstation
15:55:53.0797 3372 ComputerName: AKOYA
15:55:53.0798 3372 UserName: Admin
15:55:53.0798 3372 Windows directory: C:\Windows
15:55:53.0798 3372 System windows directory: C:\Windows
15:55:53.0798 3372 Processor architecture: Intel x86
15:55:53.0798 3372 Number of processors: 2
15:55:53.0798 3372 Page size: 0x1000
15:55:53.0798 3372 Boot type: Normal boot
15:55:53.0798 3372 ============================================================
15:55:54.0238 3372 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:54.0250 3372 \Device\Harddisk0\DR0:
15:55:54.0250 3372 MBR used
15:55:54.0250 3372 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x21996800
15:55:54.0250 3372 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x21997000, BlocksNum 0x3A97000
15:55:54.0315 3372 Initialize success
15:55:54.0315 3372 ============================================================
15:57:27.0466 2840 ============================================================
15:57:27.0466 2840 Scan started
15:57:27.0466 2840 Mode: Manual; SigCheck; TDLFS;
15:57:27.0466 2840 ============================================================
15:57:27.0782 2840 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:57:27.0883 2840 ACPI - ok
15:57:27.0977 2840 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:57:28.0002 2840 adp94xx - ok
15:57:28.0027 2840 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:57:28.0043 2840 adpahci - ok
15:57:28.0070 2840 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:57:28.0083 2840 adpu160m - ok
15:57:28.0123 2840 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:57:28.0136 2840 adpu320 - ok
15:57:28.0223 2840 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:57:28.0335 2840 AFD - ok
15:57:28.0419 2840 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:57:28.0430 2840 agp440 - ok
15:57:28.0456 2840 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:57:28.0469 2840 aic78xx - ok
15:57:28.0493 2840 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:57:28.0504 2840 aliide - ok
15:57:28.0534 2840 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:57:28.0545 2840 amdagp - ok
15:57:28.0567 2840 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:57:28.0577 2840 amdide - ok
15:57:28.0614 2840 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:57:28.0770 2840 AmdK7 - ok
15:57:28.0880 2840 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:57:28.0937 2840 AmdK8 - ok
15:57:29.0059 2840 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:57:29.0070 2840 arc - ok
15:57:29.0114 2840 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:57:29.0126 2840 arcsas - ok
15:57:29.0190 2840 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:29.0241 2840 AsyncMac - ok
15:57:29.0368 2840 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:57:29.0380 2840 atapi - ok
15:57:29.0513 2840 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:57:29.0575 2840 Beep - ok
15:57:29.0666 2840 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:57:29.0707 2840 blbdrive - ok
15:57:29.0780 2840 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:57:29.0821 2840 bowser - ok
15:57:29.0859 2840 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:57:29.0913 2840 BrFiltLo - ok
15:57:29.0934 2840 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:57:29.0998 2840 BrFiltUp - ok
15:57:30.0098 2840 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:57:30.0284 2840 Brserid - ok
15:57:30.0408 2840 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:57:30.0475 2840 BrSerWdm - ok
15:57:30.0512 2840 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:57:30.0567 2840 BrUsbMdm - ok
15:57:30.0603 2840 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:57:30.0660 2840 BrUsbSer - ok
15:57:30.0721 2840 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:57:30.0786 2840 BTHMODEM - ok
15:57:30.0865 2840 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:57:30.0908 2840 cdfs - ok
15:57:30.0992 2840 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:57:31.0051 2840 cdrom - ok
15:57:31.0089 2840 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:57:31.0147 2840 circlass - ok
15:57:31.0215 2840 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:57:31.0231 2840 CLFS - ok
15:57:31.0305 2840 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:31.0353 2840 CmBatt - ok
15:57:31.0396 2840 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:57:31.0406 2840 cmdide - ok
15:57:31.0428 2840 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:57:31.0439 2840 Compbatt - ok
15:57:31.0450 2840 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:57:31.0462 2840 crcdisk - ok
15:57:31.0479 2840 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:57:31.0505 2840 Crusoe - ok
15:57:31.0539 2840 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:57:31.0594 2840 DfsC - ok
15:57:31.0666 2840 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:57:31.0678 2840 disk - ok
15:57:31.0740 2840 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:57:31.0781 2840 drmkaud - ok
15:57:31.0846 2840 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:31.0872 2840 DXGKrnl - ok
15:57:31.0933 2840 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:57:31.0994 2840 E1G60 - ok
15:57:32.0050 2840 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:57:32.0066 2840 Ecache - ok
15:57:32.0120 2840 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:57:32.0139 2840 elxstor - ok
15:57:32.0175 2840 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:57:32.0235 2840 ErrDev - ok
15:57:32.0322 2840 esgiguard - ok
15:57:32.0362 2840 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:57:32.0407 2840 exfat - ok
15:57:32.0441 2840 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:57:32.0488 2840 fastfat - ok
15:57:32.0549 2840 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:57:32.0591 2840 fdc - ok
15:57:32.0605 2840 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:57:32.0618 2840 FileInfo - ok
15:57:32.0637 2840 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:57:32.0689 2840 Filetrace - ok
15:57:32.0720 2840 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:32.0758 2840 flpydisk - ok
15:57:32.0787 2840 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:57:32.0803 2840 FltMgr - ok
15:57:32.0891 2840 fspad_wlh32 (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
15:57:32.0909 2840 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - warning
15:57:32.0909 2840 fspad_wlh32 - detected UnsignedFile.Multi.Generic (1)
15:57:32.0946 2840 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:32.0972 2840 Fs_Rec - ok
15:57:33.0002 2840 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:57:33.0013 2840 gagp30kx - ok
15:57:33.0063 2840 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:57:33.0072 2840 GEARAspiWDM - ok
15:57:33.0166 2840 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:57:33.0217 2840 HdAudAddService - ok
15:57:33.0263 2840 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:33.0311 2840 HDAudBus - ok
15:57:33.0361 2840 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:57:33.0428 2840 HidBth - ok
15:57:33.0462 2840 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:57:33.0518 2840 HidIr - ok
15:57:33.0560 2840 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:57:33.0605 2840 HidUsb - ok
15:57:33.0647 2840 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:57:33.0658 2840 HpCISSs - ok
15:57:33.0699 2840 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:57:33.0752 2840 HTTP - ok
15:57:33.0769 2840 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:57:33.0779 2840 i2omp - ok
15:57:33.0822 2840 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:33.0862 2840 i8042prt - ok
15:57:33.0933 2840 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:57:33.0996 2840 iaStor - ok
15:57:34.0029 2840 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:57:34.0044 2840 iaStorV - ok
15:57:34.0081 2840 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:57:34.0091 2840 iirsp - ok
15:57:34.0204 2840 IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
15:57:34.0355 2840 IntcAzAudAddService - ok
15:57:34.0400 2840 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:57:34.0411 2840 intelide - ok
15:57:34.0441 2840 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:34.0473 2840 intelppm - ok
15:57:34.0499 2840 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:34.0540 2840 IpFilterDriver - ok
15:57:34.0552 2840 IpInIp - ok
15:57:34.0575 2840 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:57:34.0612 2840 IPMIDRV - ok
15:57:34.0631 2840 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:57:34.0662 2840 IPNAT - ok
15:57:34.0686 2840 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:57:34.0717 2840 IRENUM - ok
15:57:34.0734 2840 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:57:34.0746 2840 isapnp - ok
15:57:34.0791 2840 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:57:34.0805 2840 iScsiPrt - ok
15:57:34.0821 2840 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:57:34.0832 2840 iteatapi - ok
15:57:34.0881 2840 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:57:34.0891 2840 iteraid - ok
15:57:34.0943 2840 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:34.0954 2840 kbdclass - ok
15:57:34.0985 2840 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:35.0015 2840 kbdhid - ok
15:57:35.0072 2840 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
15:57:35.0085 2840 KL1 - ok
15:57:35.0105 2840 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
15:57:35.0114 2840 kl2 - ok
15:57:35.0155 2840 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
15:57:35.0181 2840 KLIF - ok
15:57:35.0197 2840 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
15:57:35.0208 2840 KLIM6 - ok
15:57:35.0226 2840 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:57:35.0236 2840 klmouflt - ok
15:57:35.0287 2840 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:57:35.0329 2840 KSecDD - ok
15:57:35.0412 2840 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
15:57:35.0460 2840 libusb0 - ok
15:57:35.0496 2840 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:35.0538 2840 lltdio - ok
15:57:35.0579 2840 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:57:35.0591 2840 LSI_FC - ok
15:57:35.0610 2840 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:57:35.0622 2840 LSI_SAS - ok
15:57:35.0643 2840 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:57:35.0655 2840 LSI_SCSI - ok
15:57:35.0678 2840 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:57:35.0717 2840 luafv - ok
15:57:35.0748 2840 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:57:35.0759 2840 megasas - ok
15:57:35.0789 2840 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:57:35.0818 2840 MegaSR - ok
15:57:35.0862 2840 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:57:35.0887 2840 Modem - ok
15:57:35.0920 2840 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:57:35.0952 2840 monitor - ok
15:57:35.0967 2840 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:57:35.0978 2840 mouclass - ok
15:57:35.0999 2840 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:57:36.0036 2840 mouhid - ok
15:57:36.0057 2840 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:57:36.0068 2840 MountMgr - ok
15:57:36.0100 2840 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:57:36.0112 2840 mpio - ok
15:57:36.0135 2840 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:57:36.0173 2840 mpsdrv - ok
15:57:36.0200 2840 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:57:36.0211 2840 Mraid35x - ok
15:57:36.0250 2840 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:57:36.0287 2840 MRxDAV - ok
15:57:36.0311 2840 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:36.0368 2840 mrxsmb - ok
15:57:36.0436 2840 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:36.0473 2840 mrxsmb10 - ok
15:57:36.0485 2840 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:36.0527 2840 mrxsmb20 - ok
15:57:36.0565 2840 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:57:36.0577 2840 msahci - ok
15:57:36.0624 2840 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:57:36.0636 2840 msdsm - ok
15:57:36.0659 2840 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:57:36.0708 2840 Msfs - ok
15:57:36.0746 2840 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:57:36.0757 2840 msisadrv - ok
15:57:36.0798 2840 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:57:36.0829 2840 MSKSSRV - ok
15:57:36.0863 2840 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:36.0893 2840 MSPCLOCK - ok
15:57:36.0913 2840 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:57:36.0938 2840 MSPQM - ok
15:57:36.0977 2840 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:57:36.0990 2840 MsRPC - ok
15:57:37.0006 2840 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:57:37.0017 2840 mssmbios - ok
15:57:37.0034 2840 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:57:37.0070 2840 MSTEE - ok
15:57:37.0084 2840 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:57:37.0096 2840 Mup - ok
15:57:37.0150 2840 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:57:37.0168 2840 NativeWifiP - ok
15:57:37.0212 2840 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:57:37.0234 2840 NDIS - ok
15:57:37.0299 2840 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:37.0319 2840 NdisTapi - ok
15:57:37.0332 2840 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:37.0357 2840 Ndisuio - ok
15:57:37.0374 2840 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:37.0407 2840 NdisWan - ok
15:57:37.0425 2840 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:57:37.0452 2840 NDProxy - ok
15:57:37.0468 2840 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:57:37.0506 2840 NetBIOS - ok
15:57:37.0532 2840 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:57:37.0555 2840 netbt - ok
15:57:37.0593 2840 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:57:37.0606 2840 nfrd960 - ok
15:57:37.0644 2840 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:57:37.0671 2840 Npfs - ok
15:57:37.0691 2840 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:57:37.0730 2840 nsiproxy - ok
15:57:37.0775 2840 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:57:37.0848 2840 Ntfs - ok
15:57:37.0899 2840 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:57:37.0948 2840 ntrigdigi - ok
15:57:37.0957 2840 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:57:37.0985 2840 Null - ok
15:57:38.0032 2840 NVHDA (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
15:57:38.0043 2840 NVHDA - ok
15:57:38.0240 2840 nvlddmkm (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:57:38.0524 2840 nvlddmkm - ok
15:57:38.0550 2840 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:57:38.0561 2840 nvraid - ok
15:57:38.0584 2840 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:57:38.0595 2840 nvstor - ok
15:57:38.0618 2840 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:57:38.0630 2840 nv_agp - ok
15:57:38.0639 2840 NwlnkFlt - ok
15:57:38.0650 2840 NwlnkFwd - ok
15:57:38.0678 2840 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:57:38.0730 2840 ohci1394 - ok
15:57:38.0772 2840 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:57:38.0815 2840 Parport - ok
15:57:38.0847 2840 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:57:38.0859 2840 partmgr - ok
15:57:38.0904 2840 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:57:38.0971 2840 Parvdm - ok
15:57:39.0007 2840 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:57:39.0020 2840 pci - ok
15:57:39.0043 2840 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:57:39.0054 2840 pciide - ok
15:57:39.0082 2840 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:57:39.0094 2840 pcmcia - ok
15:57:39.0147 2840 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:57:39.0231 2840 PEAUTH - ok
15:57:39.0284 2840 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:57:39.0350 2840 PptpMiniport - ok
15:57:39.0381 2840 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:57:39.0432 2840 Processor - ok
15:57:39.0502 2840 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:57:39.0549 2840 PSched - ok
15:57:39.0604 2840 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:57:39.0621 2840 PxHelp20 - ok
15:57:39.0692 2840 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:57:39.0775 2840 ql2300 - ok
15:57:39.0819 2840 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:57:39.0830 2840 ql40xx - ok
15:57:39.0853 2840 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:57:39.0902 2840 QWAVEdrv - ok
15:57:39.0926 2840 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:57:39.0974 2840 RasAcd - ok
15:57:40.0005 2840 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:40.0051 2840 Rasl2tp - ok
15:57:40.0094 2840 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:40.0115 2840 RasPppoe - ok
15:57:40.0125 2840 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:57:40.0151 2840 RasSstp - ok
15:57:40.0189 2840 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:57:40.0222 2840 rdbss - ok
15:57:40.0252 2840 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:40.0286 2840 RDPCDD - ok
15:57:40.0312 2840 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:57:40.0341 2840 rdpdr - ok
15:57:40.0357 2840 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:57:40.0389 2840 RDPENCDD - ok
15:57:40.0430 2840 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:57:40.0451 2840 RDPWD - ok
15:57:40.0524 2840 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:57:40.0574 2840 rspndr - ok
15:57:40.0623 2840 RTL8169 (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:57:40.0692 2840 RTL8169 - ok
15:57:40.0733 2840 rtl8192se (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:57:40.0757 2840 rtl8192se - ok
15:57:40.0806 2840 RTSTOR (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
15:57:40.0859 2840 RTSTOR - ok
15:57:40.0912 2840 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:57:40.0923 2840 sbp2port - ok
15:57:40.0961 2840 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:57:41.0004 2840 secdrv - ok
15:57:41.0029 2840 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:57:41.0094 2840 Serenum - ok
15:57:41.0119 2840 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:57:41.0184 2840 Serial - ok
15:57:41.0212 2840 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:57:41.0262 2840 sermouse - ok
15:57:41.0283 2840 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:57:41.0314 2840 sffdisk - ok
15:57:41.0344 2840 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:57:41.0392 2840 sffp_mmc - ok
15:57:41.0426 2840 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:57:41.0461 2840 sffp_sd - ok
15:57:41.0483 2840 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:57:41.0532 2840 sfloppy - ok
15:57:41.0553 2840 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:57:41.0564 2840 sisagp - ok
15:57:41.0589 2840 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:57:41.0600 2840 SiSRaid2 - ok
15:57:41.0616 2840 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:57:41.0627 2840 SiSRaid4 - ok
15:57:41.0665 2840 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:57:41.0686 2840 Smb - ok
15:57:41.0777 2840 SNP2UVC (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:57:41.0907 2840 SNP2UVC - ok
15:57:41.0941 2840 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:57:41.0951 2840 spldr - ok
15:57:41.0989 2840 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:57:42.0044 2840 srv - ok
15:57:42.0084 2840 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:57:42.0121 2840 srv2 - ok
15:57:42.0156 2840 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:42.0187 2840 srvnet - ok
15:57:42.0248 2840 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:57:42.0258 2840 swenum - ok
15:57:42.0284 2840 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:57:42.0294 2840 Symc8xx - ok
15:57:42.0311 2840 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:57:42.0322 2840 Sym_hi - ok
15:57:42.0336 2840 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:57:42.0347 2840 Sym_u3 - ok
15:57:42.0416 2840 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:57:42.0484 2840 Tcpip - ok
15:57:42.0505 2840 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:42.0562 2840 Tcpip6 - ok
15:57:42.0602 2840 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:57:42.0651 2840 tcpipreg - ok
15:57:42.0677 2840 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:57:42.0702 2840 TDPIPE - ok
15:57:42.0726 2840 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:57:42.0767 2840 TDTCP - ok
15:57:42.0798 2840 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:57:42.0841 2840 tdx - ok
15:57:42.0890 2840 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:57:42.0902 2840 TermDD - ok
15:57:42.0939 2840 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:42.0972 2840 tssecsrv - ok
15:57:42.0997 2840 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:57:43.0047 2840 tunmp - ok
15:57:43.0073 2840 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:43.0110 2840 tunnel - ok
15:57:43.0135 2840 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:57:43.0146 2840 uagp35 - ok
15:57:43.0171 2840 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:57:43.0195 2840 udfs - ok
15:57:43.0216 2840 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:57:43.0227 2840 uliagpkx - ok
15:57:43.0250 2840 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:57:43.0268 2840 uliahci - ok
15:57:43.0294 2840 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:57:43.0306 2840 UlSata - ok
15:57:43.0324 2840 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:57:43.0336 2840 ulsata2 - ok
15:57:43.0359 2840 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:57:43.0392 2840 umbus - ok
15:57:43.0476 2840 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:57:43.0521 2840 USBAAPL - ok
15:57:43.0555 2840 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:43.0597 2840 usbccgp - ok
15:57:43.0639 2840 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:57:43.0703 2840 usbcir - ok
15:57:43.0751 2840 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:57:43.0771 2840 usbehci - ok
15:57:43.0790 2840 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:43.0828 2840 usbhub - ok
15:57:43.0844 2840 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:57:43.0907 2840 usbohci - ok
15:57:43.0948 2840 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:57:43.0996 2840 usbprint - ok
15:57:44.0053 2840 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:57:44.0091 2840 usbscan - ok
15:57:44.0135 2840 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:44.0173 2840 USBSTOR - ok
15:57:44.0211 2840 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:44.0239 2840 usbuhci - ok
15:57:44.0288 2840 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:57:44.0335 2840 usbvideo - ok
15:57:44.0392 2840 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:44.0438 2840 vga - ok
15:57:44.0459 2840 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:57:44.0485 2840 VgaSave - ok
15:57:44.0509 2840 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:57:44.0520 2840 viaagp - ok
15:57:44.0543 2840 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:57:44.0584 2840 ViaC7 - ok
15:57:44.0604 2840 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:57:44.0614 2840 viaide - ok
15:57:44.0635 2840 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:57:44.0646 2840 volmgr - ok
15:57:44.0709 2840 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:57:44.0726 2840 volmgrx - ok
15:57:44.0760 2840 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:57:44.0776 2840 volsnap - ok
15:57:44.0810 2840 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:57:44.0823 2840 vsmraid - ok
15:57:44.0864 2840 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:57:44.0919 2840 WacomPen - ok
15:57:44.0939 2840 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:44.0977 2840 Wanarp - ok
15:57:44.0981 2840 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:45.0002 2840 Wanarpv6 - ok
15:57:45.0039 2840 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:57:45.0049 2840 Wd - ok
15:57:45.0076 2840 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:57:45.0106 2840 Wdf01000 - ok
15:57:45.0168 2840 WINIO - ok
15:57:45.0201 2840 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:45.0245 2840 WmiAcpi - ok
15:57:45.0311 2840 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:57:45.0363 2840 WpdUsb - ok
15:57:45.0384 2840 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:45.0411 2840 ws2ifsl - ok
15:57:45.0451 2840 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:45.0487 2840 WUDFRd - ok
15:57:45.0516 2840 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:57:45.0658 2840 \Device\Harddisk0\DR0 - ok
15:57:45.0662 2840 Boot (0x1200) (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
15:57:45.0663 2840 \Device\Harddisk0\DR0\Partition0 - ok
15:57:45.0682 2840 Boot (0x1200) (a15a16879fa9e5db0f2295689336535c) \Device\Harddisk0\DR0\Partition1
15:57:45.0682 2840 \Device\Harddisk0\DR0\Partition1 - ok
15:57:45.0683 2840 ============================================================
15:57:45.0683 2840 Scan finished
15:57:45.0683 2840 ============================================================
15:57:45.0696 2764 Detected object count: 1
15:57:45.0696 2764 Actual detected object count: 1
15:58:35.0910 2764 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:35.0910 2764 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:46.0218 3704 ============================================================
15:58:46.0218 3704 Scan started
15:58:46.0218 3704 Mode: Manual; SigCheck; TDLFS;
15:58:46.0218 3704 ============================================================
15:58:46.0418 3704 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:58:46.0444 3704 ACPI - ok
15:58:46.0513 3704 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:58:46.0533 3704 adp94xx - ok
15:58:46.0563 3704 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:58:46.0577 3704 adpahci - ok
15:58:46.0606 3704 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:58:46.0618 3704 adpu160m - ok
15:58:46.0648 3704 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:58:46.0660 3704 adpu320 - ok
15:58:46.0715 3704 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:58:46.0734 3704 AFD - ok
15:58:46.0755 3704 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:58:46.0766 3704 agp440 - ok
15:58:46.0792 3704 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:58:46.0804 3704 aic78xx - ok
15:58:46.0840 3704 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:58:46.0851 3704 aliide - ok
15:58:46.0903 3704 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:58:46.0915 3704 amdagp - ok
15:58:46.0958 3704 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:58:46.0970 3704 amdide - ok
15:58:46.0994 3704 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:58:47.0020 3704 AmdK7 - ok
15:58:47.0038 3704 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:58:47.0063 3704 AmdK8 - ok
15:58:47.0079 3704 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:58:47.0091 3704 arc - ok
15:58:47.0100 3704 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:58:47.0112 3704 arcsas - ok
15:58:47.0126 3704 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:47.0151 3704 AsyncMac - ok
15:58:47.0181 3704 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:58:47.0193 3704 atapi - ok
15:58:47.0212 3704 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:58:47.0240 3704 Beep - ok
15:58:47.0268 3704 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:58:47.0293 3704 blbdrive - ok
15:58:47.0327 3704 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:58:47.0342 3704 bowser - ok
15:58:47.0361 3704 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:58:47.0382 3704 BrFiltLo - ok
15:58:47.0403 3704 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:58:47.0423 3704 BrFiltUp - ok
15:58:47.0444 3704 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:58:47.0488 3704 Brserid - ok
15:58:47.0521 3704 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:58:47.0565 3704 BrSerWdm - ok
15:58:47.0580 3704 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:58:47.0623 3704 BrUsbMdm - ok
15:58:47.0638 3704 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:58:47.0681 3704 BrUsbSer - ok
15:58:47.0700 3704 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:58:47.0744 3704 BTHMODEM - ok
15:58:47.0766 3704 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:47.0792 3704 cdfs - ok
15:58:47.0827 3704 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:47.0847 3704 cdrom - ok
15:58:47.0869 3704 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:58:47.0894 3704 circlass - ok
15:58:47.0917 3704 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:58:47.0934 3704 CLFS - ok
15:58:47.0962 3704 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:47.0989 3704 CmBatt - ok
15:58:48.0008 3704 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:58:48.0019 3704 cmdide - ok
15:58:48.0041 3704 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:48.0052 3704 Compbatt - ok
15:58:48.0066 3704 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:58:48.0078 3704 crcdisk - ok
15:58:48.0102 3704 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:58:48.0128 3704 Crusoe - ok
15:58:48.0162 3704 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:58:48.0177 3704 DfsC - ok
15:58:48.0223 3704 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:58:48.0236 3704 disk - ok
15:58:48.0275 3704 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:58:48.0295 3704 drmkaud - ok
15:58:48.0359 3704 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:48.0383 3704 DXGKrnl - ok
15:58:48.0424 3704 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:58:48.0450 3704 E1G60 - ok
15:58:48.0484 3704 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:58:48.0498 3704 Ecache - ok
15:58:48.0532 3704 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:58:48.0549 3704 elxstor - ok
15:58:48.0576 3704 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:58:48.0601 3704 ErrDev - ok
15:58:48.0645 3704 esgiguard - ok
15:58:48.0685 3704 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:58:48.0716 3704 exfat - ok
15:58:48.0742 3704 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:58:48.0764 3704 fastfat - ok
15:58:48.0795 3704 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:58:48.0820 3704 fdc - ok
15:58:48.0835 3704 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:58:48.0846 3704 FileInfo - ok
15:58:48.0871 3704 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:58:48.0897 3704 Filetrace - ok
15:58:48.0910 3704 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:58:48.0937 3704 flpydisk - ok
15:58:48.0955 3704 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:58:48.0969 3704 FltMgr - ok
15:58:49.0003 3704 fspad_wlh32 (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
15:58:49.0007 3704 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - warning
15:58:49.0007 3704 fspad_wlh32 - detected UnsignedFile.Multi.Generic (1)
15:58:49.0025 3704 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:49.0045 3704 Fs_Rec - ok
15:58:49.0070 3704 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:58:49.0081 3704 gagp30kx - ok
15:58:49.0104 3704 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:49.0114 3704 GEARAspiWDM - ok
15:58:49.0167 3704 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:58:49.0184 3704 HdAudAddService - ok
15:58:49.0231 3704 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:49.0259 3704 HDAudBus - ok
15:58:49.0306 3704 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:58:49.0349 3704 HidBth - ok
15:58:49.0363 3704 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:58:49.0405 3704 HidIr - ok
15:58:49.0439 3704 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:49.0459 3704 HidUsb - ok
15:58:49.0482 3704 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:58:49.0493 3704 HpCISSs - ok
15:58:49.0533 3704 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:58:49.0553 3704 HTTP - ok
15:58:49.0581 3704 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:58:49.0592 3704 i2omp - ok
15:58:49.0612 3704 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:58:49.0634 3704 i8042prt - ok
15:58:49.0678 3704 iaStor (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:58:49.0697 3704 iaStor - ok
15:58:49.0730 3704 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:58:49.0744 3704 iaStorV - ok
15:58:49.0771 3704 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:58:49.0781 3704 iirsp - ok
15:58:49.0861 3704 IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
15:58:49.0946 3704 IntcAzAudAddService - ok
15:58:49.0968 3704 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:58:49.0981 3704 intelide - ok
15:58:49.0998 3704 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:50.0023 3704 intelppm - ok
15:58:50.0044 3704 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:50.0072 3704 IpFilterDriver - ok
15:58:50.0082 3704 IpInIp - ok
15:58:50.0098 3704 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:58:50.0124 3704 IPMIDRV - ok
15:58:50.0143 3704 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:58:50.0170 3704 IPNAT - ok
15:58:50.0187 3704 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:58:50.0214 3704 IRENUM - ok
15:58:50.0235 3704 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:58:50.0247 3704 isapnp - ok
15:58:50.0280 3704 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:50.0294 3704 iScsiPrt - ok
15:58:50.0311 3704 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:58:50.0321 3704 iteatapi - ok
15:58:50.0337 3704 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:58:50.0348 3704 iteraid - ok
15:58:50.0366 3704 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:50.0377 3704 kbdclass - ok
15:58:50.0408 3704 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:50.0430 3704 kbdhid - ok
15:58:50.0472 3704 KL1 (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
15:58:50.0486 3704 KL1 - ok
15:58:50.0516 3704 kl2 (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
15:58:50.0526 3704 kl2 - ok
15:58:50.0567 3704 KLIF (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
15:58:50.0590 3704 KLIF - ok
15:58:50.0609 3704 KLIM6 (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
15:58:50.0620 3704 KLIM6 - ok
15:58:50.0638 3704 klmouflt (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:58:50.0648 3704 klmouflt - ok
15:58:50.0711 3704 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:58:50.0733 3704 KSecDD - ok
15:58:50.0780 3704 libusb0 (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
15:58:50.0792 3704 libusb0 - ok
15:58:50.0819 3704 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:50.0844 3704 lltdio - ok
15:58:50.0880 3704 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:58:50.0891 3704 LSI_FC - ok
15:58:50.0910 3704 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:58:50.0922 3704 LSI_SAS - ok
15:58:50.0944 3704 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:58:50.0955 3704 LSI_SCSI - ok
15:58:50.0979 3704 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:58:51.0005 3704 luafv - ok
15:58:51.0027 3704 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:58:51.0038 3704 megasas - ok
15:58:51.0067 3704 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:58:51.0094 3704 MegaSR - ok
15:58:51.0151 3704 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:58:51.0176 3704 Modem - ok
15:58:51.0198 3704 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:58:51.0224 3704 monitor - ok
15:58:51.0246 3704 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:51.0256 3704 mouclass - ok
15:58:51.0277 3704 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:51.0303 3704 mouhid - ok
15:58:51.0324 3704 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:58:51.0337 3704 MountMgr - ok
15:58:51.0356 3704 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:58:51.0368 3704 mpio - ok
15:58:51.0391 3704 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:58:51.0412 3704 mpsdrv - ok
15:58:51.0434 3704 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:58:51.0445 3704 Mraid35x - ok
15:58:51.0468 3704 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:58:51.0486 3704 MRxDAV - ok
15:58:51.0512 3704 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:51.0527 3704 mrxsmb - ok
15:58:51.0581 3704 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:51.0597 3704 mrxsmb10 - ok
15:58:51.0607 3704 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:51.0622 3704 mrxsmb20 - ok
15:58:51.0654 3704 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:58:51.0666 3704 msahci - ok
15:58:51.0703 3704 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:58:51.0714 3704 msdsm - ok
15:58:51.0748 3704 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:58:51.0773 3704 Msfs - ok
15:58:51.0791 3704 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:58:51.0801 3704 msisadrv - ok
15:58:51.0820 3704 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:51.0846 3704 MSKSSRV - ok
15:58:51.0864 3704 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:51.0889 3704 MSPCLOCK - ok
15:58:51.0903 3704 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:58:51.0928 3704 MSPQM - ok
15:58:51.0966 3704 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:58:51.0980 3704 MsRPC - ok
15:58:52.0007 3704 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:52.0018 3704 mssmbios - ok
15:58:52.0034 3704 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:58:52.0060 3704 MSTEE - ok
15:58:52.0073 3704 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:58:52.0087 3704 Mup - ok
15:58:52.0117 3704 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:52.0133 3704 NativeWifiP - ok
15:58:52.0162 3704 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:58:52.0183 3704 NDIS - ok
15:58:52.0222 3704 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:52.0243 3704 NdisTapi - ok
15:58:52.0255 3704 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:52.0280 3704 Ndisuio - ok
15:58:52.0297 3704 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:52.0318 3704 NdisWan - ok
15:58:52.0336 3704 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:58:52.0356 3704 NDProxy - ok
15:58:52.0379 3704 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:58:52.0405 3704 NetBIOS - ok
15:58:52.0422 3704 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:58:52.0443 3704 netbt - ok
15:58:52.0471 3704 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:58:52.0482 3704 nfrd960 - ok
15:58:52.0522 3704 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:58:52.0542 3704 Npfs - ok
15:58:52.0558 3704 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:58:52.0583 3704 nsiproxy - ok
15:58:52.0623 3704 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:58:52.0682 3704 Ntfs - ok
15:58:52.0710 3704 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:58:52.0753 3704 ntrigdigi - ok
15:58:52.0762 3704 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:58:52.0788 3704 Null - ok
15:58:52.0821 3704 NVHDA (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
15:58:52.0832 3704 NVHDA - ok
15:58:53.0074 3704 nvlddmkm (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:58:53.0323 3704 nvlddmkm - ok
15:58:53.0362 3704 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:58:53.0374 3704 nvraid - ok
15:58:53.0396 3704 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:58:53.0407 3704 nvstor - ok
15:58:53.0430 3704 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:58:53.0442 3704 nv_agp - ok
15:58:53.0450 3704 NwlnkFlt - ok
15:58:53.0461 3704 NwlnkFwd - ok
15:58:53.0490 3704 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:58:53.0533 3704 ohci1394 - ok
15:58:53.0573 3704 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:58:53.0616 3704 Parport - ok
15:58:53.0647 3704 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:58:53.0659 3704 partmgr - ok
15:58:53.0671 3704 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:58:53.0714 3704 Parvdm - ok
15:58:53.0740 3704 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:58:53.0754 3704 pci - ok
15:58:53.0777 3704 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:58:53.0787 3704 pciide - ok
15:58:53.0816 3704 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:58:53.0828 3704 pcmcia - ok
15:58:53.0870 3704 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:58:53.0953 3704 PEAUTH - ok
15:58:54.0007 3704 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:54.0033 3704 PptpMiniport - ok
15:58:54.0059 3704 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:58:54.0084 3704 Processor - ok
15:58:54.0125 3704 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:58:54.0146 3704 PSched - ok
15:58:54.0182 3704 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:58:54.0200 3704 PxHelp20 - ok
15:58:54.0267 3704 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:58:54.0337 3704 ql2300 - ok
15:58:54.0386 3704 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:58:54.0397 3704 ql40xx - ok
15:58:54.0420 3704 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:58:54.0433 3704 QWAVEdrv - ok
15:58:54.0448 3704 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:54.0474 3704 RasAcd - ok
15:58:54.0494 3704 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:54.0520 3704 Rasl2tp - ok
15:58:54.0550 3704 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:54.0570 3704 RasPppoe - ok
15:58:54.0580 3704 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:54.0595 3704 RasSstp - ok
15:58:54.0622 3704 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:54.0644 3704 rdbss - ok
15:58:54.0663 3704 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:54.0689 3704 RDPCDD - ok
15:58:54.0712 3704 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:58:54.0742 3704 rdpdr - ok
15:58:54.0751 3704 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:58:54.0777 3704 RDPENCDD - ok
15:58:54.0819 3704 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:58:54.0840 3704 RDPWD - ok
15:58:54.0902 3704 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:54.0927 3704 rspndr - ok
15:58:54.0957 3704 RTL8169 (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:58:54.0983 3704 RTL8169 - ok
15:58:55.0022 3704 rtl8192se (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:58:55.0042 3704 rtl8192se - ok
15:58:55.0084 3704 RTSTOR (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
15:58:55.0097 3704 RTSTOR - ok
15:58:55.0134 3704 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:58:55.0145 3704 sbp2port - ok
15:58:55.0172 3704 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:58:55.0215 3704 secdrv - ok
15:58:55.0241 3704 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:58:55.0283 3704 Serenum - ok
15:58:55.0308 3704 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:58:55.0351 3704 Serial - ok
15:58:55.0367 3704 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:58:55.0393 3704 sermouse - ok
15:58:55.0413 3704 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:58:55.0434 3704 sffdisk - ok
15:58:55.0455 3704 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:58:55.0480 3704 sffp_mmc - ok
15:58:55.0493 3704 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:58:55.0518 3704 sffp_sd - ok
15:58:55.0539 3704 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:58:55.0581 3704 sfloppy - ok
15:58:55.0608 3704 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:58:55.0619 3704 sisagp - ok
15:58:55.0644 3704 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:58:55.0655 3704 SiSRaid2 - ok
15:58:55.0671 3704 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:58:55.0682 3704 SiSRaid4 - ok
15:58:55.0721 3704 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:58:55.0742 3704 Smb - ok
15:58:55.0821 3704 SNP2UVC (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:58:55.0891 3704 SNP2UVC - ok
15:58:55.0929 3704 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:58:55.0940 3704 spldr - ok
15:58:55.0977 3704 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:58:55.0995 3704 srv - ok
15:58:56.0039 3704 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:58:56.0054 3704 srv2 - ok
15:58:56.0090 3704 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:56.0105 3704 srvnet - ok
15:58:56.0136 3704 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:58:56.0147 3704 swenum - ok
15:58:56.0172 3704 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:58:56.0183 3704 Symc8xx - ok
15:58:56.0200 3704 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:58:56.0211 3704 Sym_hi - ok
15:58:56.0225 3704 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:58:56.0245 3704 Sym_u3 - ok
15:58:56.0305 3704 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:58:56.0362 3704 Tcpip - ok
15:58:56.0405 3704 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:56.0462 3704 Tcpip6 - ok
15:58:56.0502 3704 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:58:56.0517 3704 tcpipreg - ok
15:58:56.0543 3704 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:58:56.0569 3704 TDPIPE - ok
15:58:56.0592 3704 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:58:56.0618 3704 TDTCP - ok
15:58:56.0654 3704 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:58:56.0675 3704 tdx - ok
15:58:56.0712 3704 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:58:56.0724 3704 TermDD - ok
15:58:56.0761 3704 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:56.0787 3704 tssecsrv - ok
15:58:56.0808 3704 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:58:56.0823 3704 tunmp - ok
15:58:56.0851 3704 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:56.0865 3704 tunnel - ok
15:58:56.0912 3704 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:58:56.0923 3704 uagp35 - ok
15:58:56.0948 3704 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:58:56.0971 3704 udfs - ok
15:58:57.0005 3704 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:58:57.0016 3704 uliagpkx - ok
15:58:57.0039 3704 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:58:57.0053 3704 uliahci - ok
15:58:57.0083 3704 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:58:57.0094 3704 UlSata - ok
15:58:57.0113 3704 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:58:57.0124 3704 ulsata2 - ok
15:58:57.0148 3704 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:58:57.0173 3704 umbus - ok
15:58:57.0232 3704 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:58:57.0244 3704 USBAAPL - ok
15:58:57.0277 3704 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:57.0299 3704 usbccgp - ok
15:58:57.0317 3704 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:58:57.0360 3704 usbcir - ok
15:58:57.0373 3704 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:58:57.0393 3704 usbehci - ok
15:58:57.0412 3704 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:57.0435 3704 usbhub - ok
15:58:57.0455 3704 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:58:57.0500 3704 usbohci - ok
15:58:57.0537 3704 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:58:57.0562 3704 usbprint - ok
15:58:57.0598 3704 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:58:57.0618 3704 usbscan - ok
15:58:57.0634 3704 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:57.0655 3704 USBSTOR - ok
15:58:57.0678 3704 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:57.0698 3704 usbuhci - ok
15:58:57.0721 3704 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:58:57.0748 3704 usbvideo - ok
15:58:57.0769 3704 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:57.0795 3704 vga - ok
15:58:57.0814 3704 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:58:57.0840 3704 VgaSave - ok
15:58:57.0864 3704 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:58:57.0875 3704 viaagp - ok
15:58:57.0898 3704 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:58:57.0924 3704 ViaC7 - ok
15:58:57.0946 3704 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:58:57.0957 3704 viaide - ok
15:58:57.0979 3704 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:58:57.0990 3704 volmgr - ok
15:58:58.0030 3704 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:58:58.0046 3704 volmgrx - ok
15:58:58.0081 3704 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:58:58.0096 3704 volsnap - ok
15:58:58.0121 3704 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:58:58.0133 3704 vsmraid - ok
15:58:58.0163 3704 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:58:58.0206 3704 WacomPen - ok
15:58:58.0227 3704 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:58.0249 3704 Wanarp - ok
15:58:58.0254 3704 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:58.0275 3704 Wanarpv6 - ok
15:58:58.0294 3704 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:58:58.0304 3704 Wd - ok
15:58:58.0331 3704 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:58:58.0351 3704 Wdf01000 - ok
15:58:58.0390 3704 WINIO - ok
15:58:58.0422 3704 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:58:58.0442 3704 WmiAcpi - ok
15:58:58.0488 3704 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:58:58.0505 3704 WpdUsb - ok
15:58:58.0528 3704 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:58.0553 3704 ws2ifsl - ok
15:58:58.0584 3704 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:58.0611 3704 WUDFRd - ok
15:58:58.0638 3704 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:58:58.0780 3704 \Device\Harddisk0\DR0 - ok
15:58:58.0783 3704 Boot (0x1200) (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
15:58:58.0784 3704 \Device\Harddisk0\DR0\Partition0 - ok
15:58:58.0803 3704 Boot (0x1200) (a15a16879fa9e5db0f2295689336535c) \Device\Harddisk0\DR0\Partition1
15:58:58.0804 3704 \Device\Harddisk0\DR0\Partition1 - ok
15:58:58.0804 3704 ============================================================
15:58:58.0804 3704 Scan finished
15:58:58.0804 3704 ============================================================
15:58:58.0815 3572 Detected object count: 1
15:58:58.0815 3572 Actual detected object count: 1
15:59:41.0163 3572 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:41.0163 3572 fspad_wlh32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:49.0489 5760 Deinitialize success
|
|
22.02.2012, 19:40
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 20:21
| #21 |
| | Trojan-Downloader.Win32.Agent.gyai Arne, danke für den link zu ComboFix (gelesen und verstanden) Hier die log-Datei Combofix Logfile: Code:
ATTFilter ComboFix 12-02-22.01 - Admin 22.02.2012 20:06:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3066.1734 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\sss
c:\program files\sss\licence.txt
c:\program files\sss\ReadMe.txt
c:\program files\sss\SimpleScreenshot.exe
c:\program files\sss\upload.php
c:\users\Admin\4.0
c:\users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-22 bis 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-22 19:13 . 2012-02-22 19:13 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-02-21 20:00 . 2012-02-21 20:00 -------- d-----w- c:\program files\7-Zip
2012-02-20 19:50 . 2012-02-20 19:50 -------- d-----w- c:\program files\ESET
2012-02-20 15:04 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A16E5472-FAD7-48B8-87EE-0D61BA918413}\mpengine.dll
2012-02-16 21:56 . 2012-02-16 21:56 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 17:20 . 2012-02-15 17:53 -------- d-----w- C:\sh4ldr
2012-02-15 17:20 . 2012-02-15 17:20 -------- d-----w- c:\program files\Enigma Software Group
2012-02-15 17:19 . 2012-02-15 17:53 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-15 17:05 . 2012-02-15 17:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-15 17:05 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-15 17:00 . 2012-01-12 19:52 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 17:00 . 2011-12-20 10:56 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-02-15 17:00 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 10:25 . 2012-02-22 19:05 423 ----a-w- c:\users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.pif
2012-01-31 00:20 . 2012-01-31 00:20 -------- d-----w- c:\users\Admin\AppData\Local\PDF24
2012-01-31 00:19 . 2012-01-31 00:19 -------- d-----w- c:\program files\PDF24
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 21:55 . 2010-07-19 22:32 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-26 23:21 . 2009-10-04 09:37 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:59 . 2012-01-10 18:04 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-02-18 08:50 . 2011-05-18 10:18 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVP"="c:\program files\Kaspersky\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-01-21 220744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMwBaAEMAOQAtAEUASwBBAFIAUwAtADYAUgBXAEcAQQAtAEEAQQBUAEMAVQAtAFYAUAA5AEYATgA&inst=NwA3AC0ANAA0ADgAOAA3ADAANgA2ADEALQBYAEwAKwAxAC0AVAA1AC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA&prod=90&ver=9.0.872" [?]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-2-14 1199400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
2011-11-07 15:16 14767976 ----a-w- c:\program files\Garmin\ANT Agent\ANT Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10 409600 ----a-w- c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-11 16:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70453146
*Deregistered* - 70453146
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:43]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 23:18]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 23:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jbi9blw3.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-22 20:13
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22 20:15:28
ComboFix-quarantined-files.txt 2012-02-22 19:15
.
Vor Suchlauf: 16 Verzeichnis(se), 111.606.095.872 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 114.634.649.600 Bytes frei
.
- - End Of File - - BE9CFF52489EB113E6A6685C658E4042
|
|
22.02.2012, 20:41
| #22 |
| | Trojan-Downloader.Win32.Agent.gyai Ich habe den Computer neu gestatet. Falls es Dir hilfr: Kasperky wirft immernoch folgende Meldung aus: Bild1, Bild2 Die Datei c7e0edbe.exe scheint problematisch zu sein. |
|
22.02.2012, 21:17
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Leeren wir den Müll mal mit OTL. Kaspersky bitte VORHER deaktivieren! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 21:39
| #24 |
| | Trojan-Downloader.Win32.Agent.gyai Danke für das Sonderscript, Arne! Computer wurde automatisch neu gestartet; Kasperky spuckt die Meldung allerdings immernoch aus. Kasperky gibt hier die Möglichkeit: "Korrigieren". Soll ich das `Mal tun? (Der user "test" und "T******" sind auch völlg überflüssig. Aber das ist ja jetzt gerade nicht das Wichtigste) hier die OTL log Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Admin
->Temp folder emptied: 33309 bytes
->Temporary Internet Files folder emptied: 5033665 bytes
->Java cache emptied: 91871987 bytes
->FireFox cache emptied: 49239302 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 501 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: T******
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1278833 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
RecycleBin emptied: 30510535 bytes
Total Files Cleaned = 170,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.33.2 log created on 02222012_212353
Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLQJUSUA\bg_site_n[1].png moved successfully.
Registry entries deleted on Reboot...
|
|
22.02.2012, 21:58
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Meckert Kaspersky immer noch die selbe Datei an?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 22:22
| #26 |
| | Trojan-Downloader.Win32.Agent.gyai Ja, genau die selbe Datei wird angemeckert. Soll ich auf "Korrigieren" klicken? (Beim Starten gibts übrigens eine Meldung: Bild 1. Diese existiert sei dem Scan mit ComboFix; dies aber nur am Rande) |
|
22.02.2012, 22:44
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Hattest du Kaspersky VOR dem OTL-Fix deaktiviert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.02.2012, 22:56
| #28 |
| | Trojan-Downloader.Win32.Agent.gyai Ja. Ich habe mir die Anleitungen ausgedruckt und eine Abhakliste erstellt....definitiv ja! edit: soll OTL im abgesicherten Modus laufen? |
|
22.02.2012, 23:32
| #29 |
| | Trojan-Downloader.Win32.Agent.gyai Ach Du Sch....! Ich habe soeben gestöbert und im Verzeichnis C:\Benutzer\Öffentlich\AppData\eMuleMorphXT gefunden. Im Ornder "Incoming" sind Archive welche alle die selbe Speicherkapazität haben (5.799KB). Es sind genau 500 Archive. Die Archivnamen sind alle unterschiedlich und die Namen der Archive treiben mir die Schamesröte ins Gesicht! Das Programm taucht in in der Liste aller installierten Prgramme (CCleaner) nicht auf! Arne, ich habe dieses Programm nicht benutzt! Pfandfinderehrenwort! |
|
23.02.2012, 09:36
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojan-Downloader.Win32.Agent.gyai Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojan-Downloader.Win32.Agent.gyai |
| adobe, avp, avp.exe, bonjour, canon, converter, defender, dll, enigma, explorer, firefox, fontcache, google earth, home, internet, kaspersky, libusb0.sys, mozilla, mp3, nvidia, pdf, picasa, plug-in, realtek, rundll, scan, security, software, superantispyware, svchost.exe, system, usb, usb 2.0, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
