| |
| |||||||
Log-Analyse und Auswertung: Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.10.2012, 16:16
| #1 |
 |  Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Hallo, habe gerade einen Scan mit oben genannten Tool gemacht und dort sind 2 rote markierte Auffälligkeiten. Was hat das nun zu bedeuten? |
|
12.10.2012, 06:55
| #2 |
| /// the machine /// TB-Ausbilder    | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
12.10.2012, 10:44
| #3 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Danke schon mal für die Mühe. Hier die beiden Ergebnisse:
__________________ |
|
12.10.2012, 10:45
| #4 | |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Logfiles bitte in den Threwad posten, nicht anhängen: Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2012, 10:53
| #5 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Hier der erste:OTL Logfile: Code:
ATTFilter OTL logfile created on: 12.10.2012 11:28:23 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\cyberpirate\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,75 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 61,71% Memory free 7,50 Gb Paging File | 5,85 Gb Available in Paging File | 78,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 60,55 Gb Total Space | 36,96 Gb Free Space | 61,04% Space Free | Partition Type: NTFS Drive D: | 96,40 Gb Total Space | 70,54 Gb Free Space | 73,17% Space Free | Partition Type: NTFS Drive E: | 99,99 Gb Total Space | 68,84 Gb Free Space | 68,85% Space Free | Partition Type: NTFS Drive F: | 146,48 Gb Total Space | 83,72 Gb Free Space | 57,15% Space Free | Partition Type: NTFS Drive G: | 195,31 Gb Total Space | 40,97 Gb Free Space | 20,97% Space Free | Partition Type: NTFS Drive H: | 393,32 Gb Total Space | 210,06 Gb Free Space | 53,41% Space Free | Partition Type: NTFS Drive I: | 146,48 Gb Total Space | 38,89 Gb Free Space | 26,55% Space Free | Partition Type: NTFS Drive J: | 1250,78 Gb Total Space | 525,51 Gb Free Space | 42,02% Space Free | Partition Type: NTFS Drive Z: | 393,32 Gb Total Space | 210,06 Gb Free Space | 53,41% Space Free | Partition Type: NTFS Computer Name: X4 | User Name: cyberpirate | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.12 11:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.28 02:45:42 | 000,678,912 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 3.6\program\soffice.bin PRC - [2012.07.28 02:45:42 | 000,050,688 | ---- | M] (The Document Foundation) -- C:\Program Files (x86)\LibreOffice 3.6\program\soffice.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.06.20 19:02:52 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2011.05.24 23:18:08 | 000,395,344 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2011.05.24 23:17:06 | 005,587,608 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2011.05.10 18:57:28 | 002,570,688 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe PRC - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] ( ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.02.04 19:03:50 | 000,786,952 | ---- | M] (Pegtop Software) -- E:\! PSTART Sammlung\! PStart Win7\PStart.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.07.28 02:37:10 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\libxml2.dll MOD - [2012.07.28 02:37:10 | 000,064,512 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\URE\bin\msci_uno.dll MOD - [2012.07.28 02:36:54 | 000,961,536 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\cairo.dll MOD - [2012.07.28 02:36:50 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\LibreOffice 3.6\program\libxslt.dll MOD - [2011.05.24 23:16:26 | 011,204,288 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll MOD - [2010.01.08 17:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll MOD - [2010.01.08 17:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll MOD - [2009.09.30 05:33:08 | 000,024,576 | ---- | M] () -- C:\Windows\SysWOW64\AsIO.dll MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.07.04 08:20:54 | 000,238,080 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.07.04 01:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV - [2012.10.09 17:37:20 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.09 15:21:30 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.02 13:33:26 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.20 19:02:52 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2012.01.05 17:42:34 | 000,075,624 | ---- | M] (Alcohol Soft Development Team) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe -- (AxAutoMntSrv) SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2011.05.24 23:19:48 | 001,114,280 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2011.04.15 18:46:40 | 000,610,816 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Programme\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2010.09.30 15:16:06 | 002,155,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe -- (OS Selector) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.08.21 11:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.08.21 11:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.08.21 11:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.08.21 11:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 11:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.07.04 08:59:32 | 011,922,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.07.04 07:10:56 | 000,359,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.06.30 18:56:19 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2012.06.23 10:33:50 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2012.06.20 19:02:52 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273) DRV:64bit: - [2012.06.20 19:02:52 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp) DRV:64bit: - [2012.06.20 19:02:51 | 000,970,336 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter) DRV:64bit: - [2012.06.20 19:02:50 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman) DRV:64bit: - [2012.04.11 03:40:58 | 000,082,560 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2012.04.11 03:40:58 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2012.03.30 16:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2011.09.02 08:30:46 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt) DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt) DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.04 08:34:04 | 000,153,128 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018unic.sys -- (s1018unic) DRV:64bit: - [2008.06.04 08:34:04 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018obex.sys -- (s1018obex) DRV:64bit: - [2008.06.04 08:34:04 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018nd5.sys -- (s1018nd5) DRV:64bit: - [2008.06.04 08:34:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdfl.sys -- (s1018mdfl) DRV:64bit: - [2008.06.04 08:34:02 | 000,159,784 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mdm.sys -- (s1018mdm) DRV:64bit: - [2008.06.04 08:34:00 | 000,138,792 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018mgmt.sys -- (s1018mgmt) DRV:64bit: - [2008.06.04 08:33:58 | 000,116,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1018bus.sys -- (s1018bus) DRV - [2012.03.05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV - [2010.07.01 19:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 9B CA 55 01 4F CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.computerbase.de/" FF - prefs.js..extensions.enabledAddons: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.04.1 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10 FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466 FF - prefs.js..extensions.enabledAddons: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledAddons: stealthyextension@gmail.com:2.3.3 FF - prefs.js..extensions.enabledAddons: {9A752782-D706-479b-98F8-3F66BF921692}:9.11 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3 FF - prefs.js..extensions.enabledAddons: firefox@ghostery.com:2.8.3 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:6.0 FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.3 FF - prefs.js..extensions.enabledAddons: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.4.8.3 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.7 FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3 FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:5.0.1 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {9A752782-D706-479b-98F8-3F66BF921692}:8.0 FF - prefs.js..extensions.enabledItems: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.03.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..network.proxy.http: "193.27.209.200" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\cyberpirate\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\cyberpirate\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.22 00:20:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.09 17:37:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: F:\! Eigene Dateien\! ThunderBird\components [2012.08.29 15:23:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Plugins: F:\! Eigene Dateien\! ThunderBird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.09 17:37:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.21 14:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Extensions [2012.10.11 16:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions [2012.09.20 19:54:09 | 000,000,000 | ---D | M] (URL Link) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd} [2012.09.20 19:54:09 | 000,000,000 | ---D | M] (Liquid Words) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692} [2012.09.20 19:54:10 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2012.09.20 19:54:07 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.09.20 19:54:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\firefox@ghostery.com [2012.09.20 19:54:09 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\cyberpirate\AppData\Roaming\mozilla\Firefox\Profiles\aeig5mkc.default\extensions\foxmarks@kei.com [2012.07.29 10:42:06 | 000,184,864 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\stealthyextension@gmail.com.xpi [2011.07.16 15:53:40 | 000,132,344 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi [2012.10.09 12:37:55 | 000,340,256 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2012.10.11 16:45:07 | 000,529,404 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.26 07:45:54 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.01.24 20:40:20 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2011.11.01 18:47:06 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2012.07.26 07:46:02 | 000,702,524 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012.09.13 19:54:02 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.09.15 08:20:18 | 000,045,208 | ---- | M] () (No name found) -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi [2011.12.28 13:31:20 | 000,000,933 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\11-suche.xml [2011.12.28 13:31:20 | 000,002,419 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\englische-ergebnisse.xml [2011.12.28 13:31:20 | 000,010,525 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\gmx-suche.xml [2010.05.25 19:34:12 | 000,004,440 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\hyperwords.xml [2011.12.28 13:31:20 | 000,002,457 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\lastminute.xml [2011.12.02 21:09:08 | 000,002,900 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\liquid-information.xml [2012.04.03 11:02:24 | 000,002,888 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\liquid-words.xml [2011.03.27 16:50:50 | 000,005,389 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\ofdb.xml [2011.12.28 13:31:20 | 000,005,508 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\webde-suche.xml [2011.10.10 18:40:46 | 000,002,057 | ---- | M] () -- C:\Users\cyberpirate\AppData\Roaming\mozilla\firefox\profiles\aeig5mkc.default\searchplugins\youtube-videosuche.xml [2012.10.09 17:37:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.22 00:20:47 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012.10.09 17:37:20 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.08.25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.08.25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.08.25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.08.25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.08.25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.computerbase.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.computerbase.de/ CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - Extension: Xmarks Bookmark Sync = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\ CHR - Extension: Xmarks Bookmark Sync = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.22_0\.bak CHR - Extension: Turn Off the Lights = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn\2.1.0.3_0\ CHR - Extension: YouTube = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Tab Menu = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\galfofdpepkcahkfobimileafiobdplb\7_0\ CHR - Extension: AdBlock = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\ CHR - Extension: FlashBlock = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl\0.9.31_0\ CHR - Extension: avast! WebRep = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ CHR - Extension: Ghostery = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\ CHR - Extension: Liquid Words : Interactive Text = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\obgbmbflfhnmlelipecbkedechpjeibc\6.0.0.9_0\ CHR - Extension: Late Night = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbdhkpacgdhfabeceekiafonfkipohm\1.0_0\ CHR - Extension: Google Mail = C:\Users\cyberpirate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.09.28 11:04:31 | 000,444,411 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 www.123fporn.info O1 - Hosts: 15262 more lines... O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Programme\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [SAOB Monitor] C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe ( ASUSTeK Computer Inc.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\cyberpirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LibreOffice 3.6.lnk = C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe () O4 - Startup: C:\Users\cyberpirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AlwaysShowClassicMenu = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: PSTART Win7 = E:\! PSTART Sammlung\! PStart Win7\PStart.exe (Pegtop Software) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = hxxp://www.google.com/search?q=%w O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10999655-6A99-493E-97DB-E1E82E5A7B0F}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDB108E8-A62D-4B4F-9AC8-D98B23D7B1AC}: DhcpNameServer = 192.168.0.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.10.12 11:11:47 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\cyberpirate\Desktop\tdsskiller.exe [2012.10.12 11:11:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe [2012.10.09 17:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.09 17:17:01 | 000,000,000 | ---D | C] -- C:\Users\cyberpirate\AppData\Roaming\mkvtoolnix [2012.10.04 18:45:54 | 000,000,000 | ---D | C] -- F:\! Eigene Dateien\Alcohol 120% [2012.09.20 19:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.20 19:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java ========== Files - Modified Within 30 Days ========== [2012.10.12 11:11:22 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\cyberpirate\Desktop\tdsskiller.exe [2012.10.12 11:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\cyberpirate\Desktop\OTL.exe [2012.10.12 11:09:42 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.12 11:09:42 | 000,020,272 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.12 11:06:55 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.10.12 11:06:55 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.10.12 11:06:55 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.10.12 11:06:55 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.10.12 11:06:55 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.10.12 11:02:19 | 000,344,832 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.10.12 11:02:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.12 11:02:12 | 3019,235,328 | -HS- | M] () -- C:\hiberfil.sys [2012.10.09 15:21:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.04 19:47:50 | 000,000,242 | ---- | M] () -- F:\! Eigene Dateien\ax_files.xml [2012.10.01 17:15:48 | 000,000,577 | ---- | M] () -- F:\! Eigene Dateien\Aufgaben.rtf [2012.09.30 13:42:40 | 000,021,467 | ---- | M] () -- F:\! Eigene Dateien\Hanfkekse.odt [2012.09.28 11:04:31 | 000,444,411 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.09.28 11:02:48 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job [2012.09.28 11:02:48 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt ========== Files Created - No Company Name ========== [2012.10.12 11:02:15 | 000,344,832 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.30 13:42:39 | 000,021,467 | ---- | C] () -- F:\! Eigene Dateien\Hanfkekse.odt [2012.06.22 17:01:10 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys [2012.06.20 19:16:18 | 001,199,175 | ---- | C] () -- C:\Windows\unins000.exe [2012.06.20 19:16:18 | 000,021,731 | ---- | C] () -- C:\Windows\unins000.dat [2012.06.20 18:17:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll [2012.06.20 18:17:15 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys [2012.06.20 18:17:14 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2012.06.20 18:17:14 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys [2012.06.20 18:16:03 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2012.06.20 18:15:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.18 19:39:10 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.06.20 19:05:23 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Acronis [2012.06.20 19:45:55 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Auslogics [2012.06.20 18:24:07 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\DeviceVm [2012.06.30 19:34:55 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\FileZilla [2012.06.20 19:41:25 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\GlarySoft [2012.06.20 18:31:32 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Leadertech [2012.08.22 01:08:38 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\LibreOffice [2012.10.09 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\mkvtoolnix [2012.07.01 12:09:01 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\MozBackup [2012.10.01 17:13:34 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\MyPhoneExplorer [2012.06.20 19:17:45 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\OpenOffice.org [2012.06.21 19:54:42 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Sync App Settings [2012.08.01 11:14:28 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\Thunderbird [2012.06.30 19:29:12 | 000,000,000 | ---D | M] -- C:\Users\cyberpirate\AppData\Roaming\TrueCrypt ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > Hier der zweite: 11:42:12.0562 4948 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24 11:42:12.0647 4948 ============================================================ 11:42:12.0647 4948 Current date / time: 2012/10/12 11:42:12.0647 11:42:12.0647 4948 SystemInfo: 11:42:12.0647 4948 11:42:12.0648 4948 OS Version: 6.1.7601 ServicePack: 1.0 11:42:12.0648 4948 Product type: Workstation 11:42:12.0648 4948 ComputerName: X4 11:42:12.0648 4948 UserName: cyberpirate 11:42:12.0648 4948 Windows directory: C:\Windows 11:42:12.0648 4948 System windows directory: C:\Windows 11:42:12.0648 4948 Running under WOW64 11:42:12.0648 4948 Processor architecture: Intel x64 11:42:12.0648 4948 Number of processors: 4 11:42:12.0648 4948 Page size: 0x1000 11:42:12.0648 4948 Boot type: Normal boot 11:42:12.0648 4948 ============================================================ 11:42:12.0876 4948 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:42:12.0877 4948 Drive \Device\Harddisk1\DR1 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:42:12.0877 4948 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:42:12.0984 4948 ============================================================ 11:42:12.0984 4948 \Device\Harddisk0\DR0: 11:42:12.0984 4948 MBR partitions: 11:42:12.0984 4948 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:42:12.0984 4948 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x7919800 11:42:12.0984 4948 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x794C000, BlocksNum 0x752F800 11:42:12.0984 4948 \Device\Harddisk1\DR1: 11:42:12.0984 4948 MBR partitions: 11:42:12.0984 4948 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x124F8000 11:42:12.0984 4948 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x124F8800, BlocksNum 0x9C58E000 11:42:12.0984 4948 \Device\Harddisk2\DR2: 11:42:12.0984 4948 MBR partitions: 11:42:12.0985 4948 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0xC0CD000 11:42:12.0985 4948 \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0xC0CE800, BlocksNum 0xC7F8800 11:42:12.0985 4948 \Device\Harddisk2\DR2\Partition3: MBR, Type 0x7, StartLBA 0x188C7800, BlocksNum 0x124F8000 11:42:12.0985 4948 \Device\Harddisk2\DR2\Partition4: MBR, Type 0x7, StartLBA 0x2ADC0000, BlocksNum 0x186A0000 11:42:12.0985 4948 \Device\Harddisk2\DR2\Partition5: MBR, Type 0x7, StartLBA 0x43460800, BlocksNum 0x312A5800 11:42:12.0985 4948 ============================================================ 11:42:12.0987 4948 C: <-> \Device\Harddisk0\DR0\Partition2 11:42:12.0997 4948 J: <-> \Device\Harddisk1\DR1\Partition2 11:42:12.0998 4948 D: <-> \Device\Harddisk2\DR2\Partition1 11:42:12.0998 4948 E: <-> \Device\Harddisk2\DR2\Partition2 11:42:12.0999 4948 F: <-> \Device\Harddisk2\DR2\Partition3 11:42:13.0000 4948 G: <-> \Device\Harddisk2\DR2\Partition4 11:42:13.0000 4948 H: <-> \Device\Harddisk2\DR2\Partition5 11:42:13.0001 4948 I: <-> \Device\Harddisk1\DR1\Partition1 11:42:13.0001 4948 ============================================================ 11:42:13.0001 4948 Initialize success 11:42:13.0001 4948 ============================================================ 11:42:14.0514 2468 ============================================================ 11:42:14.0514 2468 Scan started 11:42:14.0514 2468 Mode: Manual; 11:42:14.0514 2468 ============================================================ 11:42:14.0663 2468 ================ Scan system memory ======================== 11:42:14.0663 2468 System memory - ok 11:42:14.0664 2468 ================ Scan services ============================= 11:42:14.0700 2468 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 11:42:14.0702 2468 1394ohci - ok 11:42:14.0709 2468 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:42:14.0712 2468 ACPI - ok 11:42:14.0716 2468 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:42:14.0717 2468 AcpiPmi - ok 11:42:14.0731 2468 [ C8AC99197698D2C5988EE2A902E2A042 ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 11:42:14.0740 2468 AcrSch2Svc - ok 11:42:14.0745 2468 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 11:42:14.0746 2468 AdobeARMservice - ok 11:42:14.0766 2468 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:42:14.0769 2468 AdobeFlashPlayerUpdateSvc - ok 11:42:14.0778 2468 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 11:42:14.0782 2468 adp94xx - ok 11:42:14.0790 2468 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 11:42:14.0793 2468 adpahci - ok 11:42:14.0799 2468 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 11:42:14.0800 2468 adpu320 - ok 11:42:14.0808 2468 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:42:14.0809 2468 AeLookupSvc - ok 11:42:14.0816 2468 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys 11:42:14.0818 2468 afcdp - ok 11:42:14.0846 2468 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe 11:42:14.0870 2468 afcdpsrv - ok 11:42:14.0880 2468 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 11:42:14.0884 2468 AFD - ok 11:42:14.0889 2468 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 11:42:14.0891 2468 agp440 - ok 11:42:14.0895 2468 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 11:42:14.0897 2468 ALG - ok 11:42:14.0901 2468 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 11:42:14.0902 2468 aliide - ok 11:42:14.0908 2468 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 11:42:14.0910 2468 AMD External Events Utility - ok 11:42:14.0915 2468 AMD FUEL Service - ok 11:42:14.0920 2468 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 11:42:14.0921 2468 amdide - ok 11:42:14.0926 2468 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 11:42:14.0926 2468 amdiox64 - ok 11:42:14.0931 2468 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 11:42:14.0932 2468 AmdK8 - ok 11:42:15.0024 2468 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 11:42:15.0113 2468 amdkmdag - ok 11:42:15.0124 2468 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 11:42:15.0128 2468 amdkmdap - ok 11:42:15.0132 2468 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 11:42:15.0133 2468 AmdPPM - ok 11:42:15.0138 2468 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:42:15.0140 2468 amdsata - ok 11:42:15.0146 2468 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 11:42:15.0148 2468 amdsbs - ok 11:42:15.0152 2468 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:42:15.0153 2468 amdxata - ok 11:42:15.0158 2468 [ EE4797DFEBBE8ACDB548DD8E80BE0A88 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys 11:42:15.0159 2468 amd_sata - ok 11:42:15.0163 2468 [ D56EAD71A86FD2ACAE2DB47D0A6A3A41 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys 11:42:15.0164 2468 amd_xata - ok 11:42:15.0168 2468 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 11:42:15.0169 2468 AODDriver4.1 - ok 11:42:15.0174 2468 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 11:42:15.0176 2468 AppID - ok 11:42:15.0180 2468 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:42:15.0181 2468 AppIDSvc - ok 11:42:15.0185 2468 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 11:42:15.0187 2468 Appinfo - ok 11:42:15.0192 2468 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 11:42:15.0193 2468 arc - ok 11:42:15.0198 2468 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 11:42:15.0199 2468 arcsas - ok 11:42:15.0204 2468 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys 11:42:15.0205 2468 AsIO - ok 11:42:15.0210 2468 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys 11:42:15.0211 2468 AsUpIO - ok 11:42:15.0215 2468 [ 55142B4F7A7E4C9C151C6000A6BF7809 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 11:42:15.0216 2468 aswFsBlk - ok 11:42:15.0221 2468 [ AA9FDE3D630160B47DAB21BF8250111C ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 11:42:15.0222 2468 aswMonFlt - ok 11:42:15.0227 2468 [ 2A6675C24DF5159A9506CD13ECE5ABE9 ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 11:42:15.0228 2468 aswRdr - ok 11:42:15.0240 2468 [ 4E38475BDB51A867CCBA7D5DF7FDFC0C ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 11:42:15.0248 2468 aswSnx - ok 11:42:15.0256 2468 [ 9A49D80D65451AF22913AEF772CC3DA9 ] aswSP C:\Windows\system32\drivers\aswSP.sys 11:42:15.0259 2468 aswSP - ok 11:42:15.0264 2468 [ C3EC420451AC5300A22190AE38418FBA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 11:42:15.0265 2468 aswTdi - ok 11:42:15.0269 2468 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:42:15.0270 2468 AsyncMac - ok 11:42:15.0275 2468 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 11:42:15.0276 2468 atapi - ok 11:42:15.0284 2468 [ 24464B908E143D2561E9E452FEE97309 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 11:42:15.0285 2468 AtiHDAudioService - ok 11:42:15.0294 2468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:42:15.0300 2468 AudioEndpointBuilder - ok 11:42:15.0308 2468 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 11:42:15.0312 2468 AudioSrv - ok 11:42:15.0318 2468 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 11:42:15.0319 2468 avast! Antivirus - ok 11:42:15.0325 2468 [ 7692F4B242E45870873CAF4CB85CF769 ] AxAutoMntSrv C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe 11:42:15.0325 2468 AxAutoMntSrv - ok 11:42:15.0331 2468 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:42:15.0332 2468 AxInstSV - ok 11:42:15.0341 2468 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 11:42:15.0345 2468 b06bdrv - ok 11:42:15.0352 2468 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 11:42:15.0354 2468 b57nd60a - ok 11:42:15.0363 2468 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 11:42:15.0364 2468 BDESVC - ok 11:42:15.0368 2468 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 11:42:15.0369 2468 Beep - ok 11:42:15.0379 2468 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 11:42:15.0385 2468 BFE - ok 11:42:15.0397 2468 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 11:42:15.0406 2468 BITS - ok 11:42:15.0411 2468 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:42:15.0412 2468 blbdrive - ok 11:42:15.0417 2468 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:42:15.0418 2468 bowser - ok 11:42:15.0423 2468 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 11:42:15.0424 2468 BrFiltLo - ok 11:42:15.0428 2468 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 11:42:15.0429 2468 BrFiltUp - ok 11:42:15.0434 2468 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 11:42:15.0436 2468 Browser - ok 11:42:15.0444 2468 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:42:15.0446 2468 Brserid - ok 11:42:15.0451 2468 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:42:15.0452 2468 BrSerWdm - ok 11:42:15.0457 2468 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:42:15.0458 2468 BrUsbMdm - ok 11:42:15.0462 2468 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:42:15.0463 2468 BrUsbSer - ok 11:42:15.0467 2468 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 11:42:15.0469 2468 BTHMODEM - ok 11:42:15.0476 2468 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 11:42:15.0478 2468 bthserv - ok 11:42:15.0483 2468 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:42:15.0484 2468 cdfs - ok 11:42:15.0489 2468 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 11:42:15.0491 2468 cdrom - ok 11:42:15.0496 2468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 11:42:15.0498 2468 CertPropSvc - ok 11:42:15.0502 2468 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 11:42:15.0503 2468 circlass - ok 11:42:15.0511 2468 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 11:42:15.0515 2468 CLFS - ok 11:42:15.0523 2468 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:42:15.0525 2468 clr_optimization_v2.0.50727_32 - ok 11:42:15.0533 2468 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:42:15.0534 2468 clr_optimization_v2.0.50727_64 - ok 11:42:15.0543 2468 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:42:15.0545 2468 clr_optimization_v4.0.30319_32 - ok 11:42:15.0553 2468 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:42:15.0555 2468 clr_optimization_v4.0.30319_64 - ok 11:42:15.0560 2468 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 11:42:15.0561 2468 CmBatt - ok 11:42:15.0565 2468 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:42:15.0566 2468 cmdide - ok 11:42:15.0574 2468 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 11:42:15.0578 2468 CNG - ok 11:42:15.0583 2468 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 11:42:15.0584 2468 Compbatt - ok 11:42:15.0588 2468 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 11:42:15.0589 2468 CompositeBus - ok 11:42:15.0593 2468 COMSysApp - ok 11:42:15.0599 2468 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 11:42:15.0600 2468 crcdisk - ok 11:42:15.0608 2468 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:42:15.0610 2468 CryptSvc - ok 11:42:15.0621 2468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 11:42:15.0628 2468 DcomLaunch - ok 11:42:15.0634 2468 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 11:42:15.0638 2468 defragsvc - ok 11:42:15.0644 2468 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:42:15.0645 2468 DfsC - ok 11:42:15.0652 2468 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 11:42:15.0656 2468 Dhcp - ok 11:42:15.0661 2468 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 11:42:15.0662 2468 discache - ok 11:42:15.0666 2468 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 11:42:15.0667 2468 Disk - ok 11:42:15.0674 2468 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:42:15.0676 2468 Dnscache - ok 11:42:15.0683 2468 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 11:42:15.0686 2468 dot3svc - ok 11:42:15.0692 2468 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 11:42:15.0694 2468 DPS - ok 11:42:15.0699 2468 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:42:15.0699 2468 drmkaud - ok 11:42:15.0711 2468 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:42:15.0719 2468 DXGKrnl - ok 11:42:15.0725 2468 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 11:42:15.0727 2468 EapHost - ok 11:42:15.0756 2468 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 11:42:15.0781 2468 ebdrv - ok 11:42:15.0787 2468 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 11:42:15.0789 2468 EFS - ok 11:42:15.0799 2468 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:42:15.0805 2468 ehRecvr - ok 11:42:15.0810 2468 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 11:42:15.0812 2468 ehSched - ok 11:42:15.0820 2468 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 11:42:15.0825 2468 elxstor - ok 11:42:15.0829 2468 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:42:15.0830 2468 ErrDev - ok 11:42:15.0843 2468 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 11:42:15.0847 2468 EventSystem - ok 11:42:15.0853 2468 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 11:42:15.0856 2468 exfat - ok 11:42:15.0862 2468 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:42:15.0864 2468 fastfat - ok 11:42:15.0874 2468 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 11:42:15.0880 2468 Fax - ok 11:42:15.0885 2468 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys 11:42:15.0886 2468 fdc - ok 11:42:15.0890 2468 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 11:42:15.0892 2468 fdPHost - ok 11:42:15.0896 2468 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 11:42:15.0898 2468 FDResPub - ok 11:42:15.0903 2468 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:42:15.0904 2468 FileInfo - ok 11:42:15.0909 2468 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:42:15.0910 2468 Filetrace - ok 11:42:15.0914 2468 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 11:42:15.0915 2468 flpydisk - ok 11:42:15.0922 2468 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:42:15.0925 2468 FltMgr - ok 11:42:15.0938 2468 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 11:42:15.0948 2468 FontCache - ok 11:42:15.0953 2468 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:42:15.0954 2468 FontCache3.0.0.0 - ok 11:42:15.0958 2468 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:42:15.0960 2468 FsDepends - ok 11:42:15.0964 2468 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:42:15.0965 2468 Fs_Rec - ok 11:42:15.0971 2468 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:42:15.0973 2468 fvevol - ok 11:42:15.0978 2468 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 11:42:15.0979 2468 gagp30kx - ok 11:42:15.0989 2468 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 11:42:15.0997 2468 gpsvc - ok 11:42:16.0001 2468 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:42:16.0002 2468 hcw85cir - ok 11:42:16.0010 2468 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:42:16.0013 2468 HdAudAddService - ok 11:42:16.0019 2468 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 11:42:16.0020 2468 HDAudBus - ok 11:42:16.0025 2468 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 11:42:16.0026 2468 HidBatt - ok 11:42:16.0031 2468 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 11:42:16.0033 2468 HidBth - ok 11:42:16.0037 2468 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 11:42:16.0038 2468 HidIr - ok 11:42:16.0043 2468 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 11:42:16.0045 2468 hidserv - ok 11:42:16.0050 2468 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:42:16.0051 2468 HidUsb - ok 11:42:16.0056 2468 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:42:16.0059 2468 hkmsvc - ok 11:42:16.0065 2468 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:42:16.0068 2468 HomeGroupListener - ok 11:42:16.0075 2468 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:42:16.0079 2468 HomeGroupProvider - ok 11:42:16.0083 2468 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:42:16.0085 2468 HpSAMD - ok 11:42:16.0094 2468 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:42:16.0101 2468 HTTP - ok 11:42:16.0105 2468 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:42:16.0106 2468 hwpolicy - ok 11:42:16.0111 2468 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 11:42:16.0113 2468 i8042prt - ok 11:42:16.0121 2468 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:42:16.0125 2468 iaStorV - ok 11:42:16.0135 2468 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:42:16.0143 2468 idsvc - ok 11:42:16.0148 2468 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 11:42:16.0149 2468 iirsp - ok 11:42:16.0160 2468 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 11:42:16.0168 2468 IKEEXT - ok 11:42:16.0205 2468 [ 01B5249AF90F308F0F07BA48F5386766 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 11:42:16.0226 2468 IntcAzAudAddService - ok 11:42:16.0232 2468 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 11:42:16.0233 2468 intelide - ok 11:42:16.0238 2468 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 11:42:16.0239 2468 intelppm - ok 11:42:16.0245 2468 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:42:16.0247 2468 IPBusEnum - ok 11:42:16.0252 2468 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:42:16.0253 2468 IpFilterDriver - ok 11:42:16.0261 2468 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:42:16.0267 2468 iphlpsvc - ok 11:42:16.0272 2468 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:42:16.0274 2468 IPMIDRV - ok 11:42:16.0279 2468 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:42:16.0281 2468 IPNAT - ok 11:42:16.0285 2468 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:42:16.0286 2468 IRENUM - ok 11:42:16.0291 2468 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:42:16.0292 2468 isapnp - ok 11:42:16.0299 2468 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:42:16.0301 2468 iScsiPrt - ok 11:42:16.0306 2468 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 11:42:16.0307 2468 kbdclass - ok 11:42:16.0312 2468 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 11:42:16.0313 2468 kbdhid - ok 11:42:16.0317 2468 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 11:42:16.0319 2468 KeyIso - ok 11:42:16.0324 2468 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:42:16.0326 2468 KSecDD - ok 11:42:16.0331 2468 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:42:16.0333 2468 KSecPkg - ok 11:42:16.0338 2468 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 11:42:16.0339 2468 ksthunk - ok 11:42:16.0346 2468 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 11:42:16.0351 2468 KtmRm - ok 11:42:16.0358 2468 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 11:42:16.0363 2468 LanmanServer - ok 11:42:16.0368 2468 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:42:16.0372 2468 LanmanWorkstation - ok 11:42:16.0380 2468 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 11:42:16.0383 2468 LBTServ - ok 11:42:16.0390 2468 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 11:42:16.0392 2468 LHidFilt - ok 11:42:16.0396 2468 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:42:16.0397 2468 lltdio - ok 11:42:16.0404 2468 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:42:16.0409 2468 lltdsvc - ok 11:42:16.0413 2468 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 11:42:16.0415 2468 lmhosts - ok 11:42:16.0420 2468 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 11:42:16.0421 2468 LMouFilt - ok 11:42:16.0429 2468 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 11:42:16.0430 2468 LSI_FC - ok 11:42:16.0436 2468 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 11:42:16.0437 2468 LSI_SAS - ok 11:42:16.0442 2468 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 11:42:16.0443 2468 LSI_SAS2 - ok 11:42:16.0449 2468 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 11:42:16.0450 2468 LSI_SCSI - ok 11:42:16.0455 2468 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 11:42:16.0457 2468 luafv - ok 11:42:16.0462 2468 [ 29C733E1DE824670DC9315CFC9BDBCD3 ] LUsbFilt C:\Windows\system32\Drivers\LUsbFilt.Sys 11:42:16.0462 2468 LUsbFilt - ok 11:42:16.0467 2468 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:42:16.0470 2468 Mcx2Svc - ok 11:42:16.0475 2468 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 11:42:16.0477 2468 megasas - ok 11:42:16.0483 2468 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 11:42:16.0486 2468 MegaSR - ok 11:42:16.0492 2468 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 11:42:16.0494 2468 MMCSS - ok 11:42:16.0499 2468 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 11:42:16.0500 2468 Modem - ok 11:42:16.0505 2468 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:42:16.0506 2468 monitor - ok 11:42:16.0511 2468 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 11:42:16.0512 2468 mouclass - ok 11:42:16.0518 2468 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:42:16.0519 2468 mouhid - ok 11:42:16.0524 2468 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:42:16.0526 2468 mountmgr - ok 11:42:16.0531 2468 [ 0D265CCCCEB68C43C595C03150F0BFD0 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 11:42:16.0532 2468 MozillaMaintenance - ok 11:42:16.0537 2468 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 11:42:16.0539 2468 mpio - ok 11:42:16.0544 2468 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:42:16.0545 2468 mpsdrv - ok 11:42:16.0556 2468 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:42:16.0564 2468 MpsSvc - ok 11:42:16.0570 2468 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:42:16.0571 2468 MRxDAV - ok 11:42:16.0577 2468 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:42:16.0579 2468 mrxsmb - ok 11:42:16.0586 2468 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:42:16.0589 2468 mrxsmb10 - ok 11:42:16.0595 2468 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:42:16.0597 2468 mrxsmb20 - ok 11:42:16.0601 2468 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 11:42:16.0602 2468 msahci - ok 11:42:16.0607 2468 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:42:16.0609 2468 msdsm - ok 11:42:16.0614 2468 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 11:42:16.0617 2468 MSDTC - ok 11:42:16.0626 2468 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:42:16.0627 2468 Msfs - ok 11:42:16.0631 2468 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:42:16.0632 2468 mshidkmdf - ok 11:42:16.0637 2468 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:42:16.0637 2468 msisadrv - ok 11:42:16.0643 2468 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:42:16.0646 2468 MSiSCSI - ok 11:42:16.0650 2468 msiserver - ok 11:42:16.0655 2468 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:42:16.0657 2468 MSKSSRV - ok 11:42:16.0661 2468 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:42:16.0662 2468 MSPCLOCK - ok 11:42:16.0666 2468 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:42:16.0667 2468 MSPQM - ok 11:42:16.0675 2468 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:42:16.0679 2468 MsRPC - ok 11:42:16.0686 2468 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 11:42:16.0687 2468 mssmbios - ok 11:42:16.0692 2468 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:42:16.0693 2468 MSTEE - ok 11:42:16.0697 2468 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 11:42:16.0698 2468 MTConfig - ok 11:42:16.0703 2468 [ 19B006B181E3875FD254F7B67ACF1E7C ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 11:42:16.0704 2468 MTsensor - ok 11:42:16.0708 2468 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 11:42:16.0709 2468 Mup - ok 11:42:16.0718 2468 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 11:42:16.0724 2468 napagent - ok 11:42:16.0731 2468 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:42:16.0735 2468 NativeWifiP - ok 11:42:16.0746 2468 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:42:16.0752 2468 NDIS - ok 11:42:16.0756 2468 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:42:16.0758 2468 NdisCap - ok 11:42:16.0762 2468 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:42:16.0763 2468 NdisTapi - ok 11:42:16.0769 2468 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:42:16.0771 2468 Ndisuio - ok 11:42:16.0776 2468 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:42:16.0778 2468 NdisWan - ok 11:42:16.0783 2468 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:42:16.0784 2468 NDProxy - ok 11:42:16.0789 2468 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:42:16.0790 2468 NetBIOS - ok 11:42:16.0797 2468 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:42:16.0799 2468 NetBT - ok 11:42:16.0803 2468 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 11:42:16.0806 2468 Netlogon - ok 11:42:16.0813 2468 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 11:42:16.0819 2468 Netman - ok 11:42:16.0827 2468 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 11:42:16.0833 2468 netprofm - ok 11:42:16.0837 2468 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:42:16.0839 2468 NetTcpPortSharing - ok 11:42:16.0844 2468 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 11:42:16.0846 2468 nfrd960 - ok 11:42:16.0852 2468 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 11:42:16.0857 2468 NlaSvc - ok 11:42:16.0866 2468 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe 11:42:16.0870 2468 NMIndexingService - ok 11:42:16.0875 2468 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:42:16.0876 2468 Npfs - ok 11:42:16.0880 2468 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 11:42:16.0883 2468 nsi - ok 11:42:16.0887 2468 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:42:16.0888 2468 nsiproxy - ok 11:42:16.0907 2468 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:42:16.0917 2468 Ntfs - ok 11:42:16.0921 2468 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 11:42:16.0923 2468 Null - ok 11:42:16.0928 2468 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:42:16.0930 2468 nvraid - ok 11:42:16.0936 2468 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:42:16.0938 2468 nvstor - ok 11:42:16.0943 2468 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:42:16.0945 2468 nv_agp - ok 11:42:16.0950 2468 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:42:16.0951 2468 ohci1394 - ok 11:42:16.0972 2468 [ FD85186C9F1ABE012DDF44C233552129 ] OS Selector C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe 11:42:16.0984 2468 OS Selector - ok 11:42:16.0992 2468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:42:16.0997 2468 p2pimsvc - ok 11:42:17.0006 2468 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 11:42:17.0012 2468 p2psvc - ok 11:42:17.0018 2468 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys 11:42:17.0019 2468 Parport - ok 11:42:17.0024 2468 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:42:17.0025 2468 partmgr - ok 11:42:17.0031 2468 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:42:17.0035 2468 PcaSvc - ok 11:42:17.0041 2468 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 11:42:17.0043 2468 pci - ok 11:42:17.0047 2468 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 11:42:17.0048 2468 pciide - ok 11:42:17.0055 2468 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 11:42:17.0057 2468 pcmcia - ok 11:42:17.0062 2468 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 11:42:17.0063 2468 pcw - ok 11:42:17.0071 2468 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:42:17.0077 2468 PEAUTH - ok 11:42:17.0099 2468 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 11:42:17.0101 2468 PerfHost - ok 11:42:17.0123 2468 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 11:42:17.0136 2468 pla - ok 11:42:17.0145 2468 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:42:17.0151 2468 PlugPlay - ok 11:42:17.0156 2468 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:42:17.0159 2468 PNRPAutoReg - ok 11:42:17.0166 2468 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:42:17.0170 2468 PNRPsvc - ok 11:42:17.0179 2468 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:42:17.0184 2468 PolicyAgent - ok 11:42:17.0192 2468 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 11:42:17.0196 2468 Power - ok 11:42:17.0201 2468 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:42:17.0203 2468 PptpMiniport - ok 11:42:17.0207 2468 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 11:42:17.0209 2468 Processor - ok 11:42:17.0215 2468 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 11:42:17.0219 2468 ProfSvc - ok 11:42:17.0223 2468 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:42:17.0225 2468 ProtectedStorage - ok 11:42:17.0230 2468 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:42:17.0232 2468 Psched - ok 11:42:17.0248 2468 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 11:42:17.0260 2468 ql2300 - ok 11:42:17.0266 2468 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 11:42:17.0268 2468 ql40xx - ok 11:42:17.0274 2468 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 11:42:17.0278 2468 QWAVE - ok 11:42:17.0283 2468 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:42:17.0284 2468 QWAVEdrv - ok 11:42:17.0288 2468 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:42:17.0289 2468 RasAcd - ok 11:42:17.0294 2468 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:42:17.0296 2468 RasAgileVpn - ok 11:42:17.0301 2468 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 11:42:17.0304 2468 RasAuto - ok 11:42:17.0309 2468 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:42:17.0311 2468 Rasl2tp - ok 11:42:17.0318 2468 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 11:42:17.0323 2468 RasMan - ok 11:42:17.0328 2468 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:42:17.0330 2468 RasPppoe - ok 11:42:17.0334 2468 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:42:17.0336 2468 RasSstp - ok 11:42:17.0343 2468 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:42:17.0346 2468 rdbss - ok 11:42:17.0350 2468 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 11:42:17.0351 2468 rdpbus - ok 11:42:17.0356 2468 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:42:17.0356 2468 RDPCDD - ok 11:42:17.0363 2468 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:42:17.0364 2468 RDPENCDD - ok 11:42:17.0370 2468 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:42:17.0371 2468 RDPREFMP - ok 11:42:17.0377 2468 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:42:17.0380 2468 RDPWD - ok 11:42:17.0386 2468 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:42:17.0388 2468 rdyboost - ok 11:42:17.0394 2468 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 11:42:17.0396 2468 RemoteAccess - ok 11:42:17.0402 2468 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:42:17.0406 2468 RemoteRegistry - ok 11:42:17.0411 2468 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:42:17.0414 2468 RpcEptMapper - ok 11:42:17.0418 2468 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 11:42:17.0420 2468 RpcLocator - ok 11:42:17.0429 2468 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 11:42:17.0434 2468 RpcSs - ok 11:42:17.0439 2468 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:42:17.0441 2468 rspndr - ok 11:42:17.0450 2468 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 11:42:17.0454 2468 RTL8167 - ok 11:42:17.0460 2468 [ 4C7208C4B79FFB6DFC21544C7AFEA2FF ] s1018bus C:\Windows\system32\DRIVERS\s1018bus.sys 11:42:17.0461 2468 s1018bus - ok 11:42:17.0466 2468 [ FA46A4E56DA243557C40864290344F3A ] s1018mdfl C:\Windows\system32\DRIVERS\s1018mdfl.sys 11:42:17.0466 2468 s1018mdfl - ok 11:42:17.0472 2468 [ A86CD4DB33B995594371C8027107C93A ] s1018mdm C:\Windows\system32\DRIVERS\s1018mdm.sys 11:42:17.0474 2468 s1018mdm - ok 11:42:17.0480 2468 [ F381FF7A4AE2D5263D62A45C90CD4B4E ] s1018mgmt C:\Windows\system32\DRIVERS\s1018mgmt.sys 11:42:17.0481 2468 s1018mgmt - ok 11:42:17.0486 2468 [ 75F6D0A296643613C3BC901785A0734B ] s1018nd5 C:\Windows\system32\DRIVERS\s1018nd5.sys 11:42:17.0487 2468 s1018nd5 - ok 11:42:17.0492 2468 [ DE82EF18122C0C1D00350314465A7433 ] s1018obex C:\Windows\system32\DRIVERS\s1018obex.sys 11:42:17.0494 2468 s1018obex - ok 11:42:17.0499 2468 [ 965989F9EF90CA5094B9EBC738377E32 ] s1018unic C:\Windows\system32\DRIVERS\s1018unic.sys 11:42:17.0501 2468 s1018unic - ok 11:42:17.0505 2468 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 11:42:17.0507 2468 SamSs - ok 11:42:17.0512 2468 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:42:17.0514 2468 sbp2port - ok 11:42:17.0521 2468 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:42:17.0526 2468 SCardSvr - ok 11:42:17.0530 2468 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:42:17.0531 2468 scfilter - ok 11:42:17.0543 2468 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 11:42:17.0555 2468 Schedule - ok 11:42:17.0560 2468 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:42:17.0562 2468 SCPolicySvc - ok 11:42:17.0567 2468 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:42:17.0572 2468 SDRSVC - ok 11:42:17.0577 2468 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:42:17.0578 2468 secdrv - ok 11:42:17.0583 2468 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 11:42:17.0586 2468 seclogon - ok 11:42:17.0591 2468 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 11:42:17.0595 2468 SENS - ok 11:42:17.0599 2468 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:42:17.0603 2468 SensrSvc - ok 11:42:17.0607 2468 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys 11:42:17.0608 2468 Serenum - ok 11:42:17.0613 2468 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys 11:42:17.0614 2468 Serial - ok 11:42:17.0619 2468 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 11:42:17.0620 2468 sermouse - ok 11:42:17.0632 2468 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 11:42:17.0636 2468 SessionEnv - ok 11:42:17.0639 2468 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 11:42:17.0641 2468 sffdisk - ok 11:42:17.0646 2468 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:42:17.0647 2468 sffp_mmc - ok 11:42:17.0650 2468 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 11:42:17.0652 2468 sffp_sd - ok 11:42:17.0656 2468 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 11:42:17.0657 2468 sfloppy - ok 11:42:17.0665 2468 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:42:17.0669 2468 SharedAccess - ok 11:42:17.0677 2468 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:42:17.0683 2468 ShellHWDetection - ok 11:42:17.0687 2468 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 11:42:17.0688 2468 SiSRaid2 - ok 11:42:17.0693 2468 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 11:42:17.0695 2468 SiSRaid4 - ok 11:42:17.0700 2468 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:42:17.0702 2468 Smb - ok 11:42:17.0713 2468 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys 11:42:17.0716 2468 snapman - ok 11:42:17.0721 2468 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:42:17.0724 2468 SNMPTRAP - ok 11:42:17.0728 2468 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 11:42:17.0729 2468 spldr - ok 11:42:17.0738 2468 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 11:42:17.0745 2468 Spooler - ok 11:42:17.0778 2468 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 11:42:17.0799 2468 sppsvc - ok 11:42:17.0805 2468 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:42:17.0809 2468 sppuinotify - ok 11:42:17.0818 2468 [ A15860E920B02C9A7CE8F3A6C2FF1E3A ] sptd C:\Windows\System32\Drivers\sptd.sys 11:42:17.0823 2468 sptd - ok 11:42:17.0831 2468 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 11:42:17.0836 2468 srv - ok 11:42:17.0844 2468 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:42:17.0848 2468 srv2 - ok 11:42:17.0854 2468 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:42:17.0856 2468 srvnet - ok 11:42:17.0862 2468 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:42:17.0867 2468 SSDPSRV - ok 11:42:17.0871 2468 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:42:17.0875 2468 SstpSvc - ok 11:42:17.0878 2468 Steam Client Service - ok 11:42:17.0885 2468 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 11:42:17.0886 2468 stexstor - ok 11:42:17.0895 2468 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 11:42:17.0902 2468 stisvc - ok 11:42:17.0907 2468 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 11:42:17.0908 2468 swenum - ok 11:42:17.0916 2468 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 11:42:17.0923 2468 swprv - ok 11:42:17.0941 2468 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 11:42:17.0957 2468 SysMain - ok 11:42:17.0963 2468 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:42:17.0967 2468 TabletInputService - ok 11:42:17.0974 2468 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 11:42:17.0979 2468 TapiSrv - ok 11:42:17.0984 2468 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 11:42:17.0988 2468 TBS - ok 11:42:18.0007 2468 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:42:18.0018 2468 Tcpip - ok 11:42:18.0036 2468 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:42:18.0047 2468 TCPIP6 - ok 11:42:18.0054 2468 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:42:18.0055 2468 tcpipreg - ok 11:42:18.0063 2468 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:42:18.0064 2468 TDPIPE - ok 11:42:18.0077 2468 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys 11:42:18.0088 2468 tdrpman273 - ok 11:42:18.0093 2468 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:42:18.0094 2468 TDTCP - ok 11:42:18.0099 2468 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:42:18.0101 2468 tdx - ok 11:42:18.0106 2468 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 11:42:18.0107 2468 TermDD - ok 11:42:18.0117 2468 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 11:42:18.0126 2468 TermService - ok 11:42:18.0131 2468 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 11:42:18.0134 2468 Themes - ok 11:42:18.0138 2468 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 11:42:18.0141 2468 THREADORDER - ok 11:42:18.0153 2468 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys 11:42:18.0161 2468 timounter - ok 11:42:18.0166 2468 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 11:42:18.0170 2468 TrkWks - ok 11:42:18.0176 2468 [ 370A6907DDF79532A39319492B1FA38A ] truecrypt C:\Windows\system32\drivers\truecrypt.sys 11:42:18.0179 2468 truecrypt - ok 11:42:18.0184 2468 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:42:18.0187 2468 TrustedInstaller - ok 11:42:18.0193 2468 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:42:18.0195 2468 tssecsrv - ok 11:42:18.0199 2468 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:42:18.0200 2468 TsUsbFlt - ok 11:42:18.0205 2468 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 11:42:18.0206 2468 TsUsbGD - ok 11:42:18.0211 2468 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:42:18.0213 2468 tunnel - ok 11:42:18.0218 2468 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 11:42:18.0220 2468 uagp35 - ok 11:42:18.0227 2468 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:42:18.0230 2468 udfs - ok 11:42:18.0239 2468 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:42:18.0243 2468 UI0Detect - ok 11:42:18.0247 2468 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:42:18.0249 2468 uliagpkx - ok 11:42:18.0253 2468 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 11:42:18.0254 2468 umbus - ok 11:42:18.0259 2468 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 11:42:18.0260 2468 UmPass - ok 11:42:18.0264 2468 [ 9DC07E73A4ABB9ACF692113B36A5009F ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys 11:42:18.0265 2468 UnlockerDriver5 - ok 11:42:18.0273 2468 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 11:42:18.0278 2468 upnphost - ok 11:42:18.0284 2468 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:42:18.0285 2468 usbccgp - ok 11:42:18.0290 2468 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:42:18.0292 2468 usbcir - ok 11:42:18.0297 2468 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 11:42:18.0298 2468 usbehci - ok 11:42:18.0303 2468 [ 5AE9C87A1ED4B243942B3FDDD902134B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys 11:42:18.0304 2468 usbfilter - ok 11:42:18.0312 2468 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:42:18.0315 2468 usbhub - ok 11:42:18.0320 2468 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 11:42:18.0321 2468 usbohci - ok 11:42:18.0325 2468 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:42:18.0327 2468 usbprint - ok 11:42:18.0331 2468 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 11:42:18.0332 2468 usbscan - ok 11:42:18.0337 2468 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:42:18.0338 2468 USBSTOR - ok 11:42:18.0343 2468 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:42:18.0344 2468 usbuhci - ok 11:42:18.0349 2468 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 11:42:18.0352 2468 UxSms - ok 11:42:18.0356 2468 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 11:42:18.0359 2468 VaultSvc - ok 11:42:18.0363 2468 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:42:18.0364 2468 vdrvroot - ok 11:42:18.0373 2468 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 11:42:18.0380 2468 vds - ok 11:42:18.0385 2468 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:42:18.0386 2468 vga - ok 11:42:18.0390 2468 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 11:42:18.0391 2468 VgaSave - ok 11:42:18.0397 2468 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:42:18.0400 2468 vhdmp - ok 11:42:18.0404 2468 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 11:42:18.0405 2468 viaide - ok 11:42:18.0410 2468 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:42:18.0411 2468 volmgr - ok 11:42:18.0419 2468 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:42:18.0422 2468 volmgrx - ok 11:42:18.0429 2468 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:42:18.0432 2468 volsnap - ok 11:42:18.0437 2468 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 11:42:18.0440 2468 vsmraid - ok 11:42:18.0456 2468 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 11:42:18.0472 2468 VSS - ok 11:42:18.0477 2468 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 11:42:18.0478 2468 vwifibus - ok 11:42:18.0485 2468 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 11:42:18.0492 2468 W32Time - ok 11:42:18.0499 2468 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 11:42:18.0500 2468 WacomPen - ok 11:42:18.0505 2468 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:42:18.0507 2468 WANARP - ok 11:42:18.0510 2468 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:42:18.0512 2468 Wanarpv6 - ok 11:42:18.0528 2468 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 11:42:18.0543 2468 wbengine - ok 11:42:18.0549 2468 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:42:18.0554 2468 WbioSrvc - ok 11:42:18.0562 2468 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:42:18.0568 2468 wcncsvc - ok 11:42:18.0572 2468 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:42:18.0576 2468 WcsPlugInService - ok 11:42:18.0580 2468 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 11:42:18.0582 2468 Wd - ok 11:42:18.0590 2468 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:42:18.0597 2468 Wdf01000 - ok 11:42:18.0601 2468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:42:18.0605 2468 WdiServiceHost - ok 11:42:18.0610 2468 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:42:18.0613 2468 WdiSystemHost - ok 11:42:18.0620 2468 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 11:42:18.0625 2468 WebClient - ok 11:42:18.0631 2468 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:42:18.0637 2468 Wecsvc - ok 11:42:18.0642 2468 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:42:18.0646 2468 wercplsupport - ok 11:42:18.0650 2468 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 11:42:18.0654 2468 WerSvc - ok 11:42:18.0659 2468 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:42:18.0660 2468 WfpLwf - ok 11:42:18.0664 2468 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:42:18.0665 2468 WIMMount - ok 11:42:18.0668 2468 WinDefend - ok 11:42:18.0681 2468 [ 0E77040FCFCCBD7B12A16A11ECD3E66F ] Windows7FirewallService C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe 11:42:18.0686 2468 Windows7FirewallService - ok 11:42:18.0689 2468 WinHttpAutoProxySvc - ok 11:42:18.0701 2468 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:42:18.0703 2468 Winmgmt - ok 11:42:18.0724 2468 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 11:42:18.0743 2468 WinRM - ok 11:42:18.0752 2468 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 11:42:18.0754 2468 WinUsb - ok 11:42:18.0765 2468 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 11:42:18.0775 2468 Wlansvc - ok 11:42:18.0780 2468 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 11:42:18.0781 2468 WmiAcpi - ok 11:42:18.0789 2468 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:42:18.0791 2468 wmiApSrv - ok 11:42:18.0795 2468 WMPNetworkSvc - ok 11:42:18.0801 2468 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:42:18.0804 2468 WPCSvc - ok 11:42:18.0809 2468 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:42:18.0814 2468 WPDBusEnum - ok 11:42:18.0818 2468 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:42:18.0820 2468 ws2ifsl - ok 11:42:18.0825 2468 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 11:42:18.0829 2468 wscsvc - ok 11:42:18.0832 2468 WSearch - ok 11:42:18.0860 2468 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 11:42:18.0882 2468 wuauserv - ok 11:42:18.0887 2468 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:42:18.0889 2468 WudfPf - ok 11:42:18.0895 2468 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:42:18.0897 2468 WUDFRd - ok 11:42:18.0902 2468 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:42:18.0906 2468 wudfsvc - ok 11:42:18.0912 2468 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 11:42:18.0918 2468 WwanSvc - ok 11:42:18.0927 2468 ================ Scan global =============================== 11:42:18.0931 2468 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 11:42:18.0937 2468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 11:42:18.0946 2468 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll 11:42:18.0953 2468 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 11:42:18.0961 2468 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 11:42:18.0966 2468 [Global] - ok 11:42:18.0967 2468 ================ Scan MBR ================================== 11:42:18.0969 2468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:42:19.0061 2468 \Device\Harddisk0\DR0 - ok 11:42:19.0064 2468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 11:42:19.0067 2468 \Device\Harddisk1\DR1 - ok 11:42:19.0070 2468 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2 11:42:19.0074 2468 \Device\Harddisk2\DR2 - ok 11:42:19.0074 2468 ================ Scan VBR ================================== 11:42:19.0076 2468 [ 201AABF3CE2B7CA41296FBBAC12437DF ] \Device\Harddisk0\DR0\Partition1 11:42:19.0077 2468 \Device\Harddisk0\DR0\Partition1 - ok 11:42:19.0082 2468 [ B8553931F2EE36090D17FCF7264CACEF ] \Device\Harddisk0\DR0\Partition2 11:42:19.0083 2468 \Device\Harddisk0\DR0\Partition2 - ok 11:42:19.0086 2468 [ F609763F678E3810A65B940461A31174 ] \Device\Harddisk0\DR0\Partition3 11:42:19.0087 2468 \Device\Harddisk0\DR0\Partition3 - ok 11:42:19.0091 2468 [ 19F0B133CEFD699E4A022EAE9BAECAED ] \Device\Harddisk1\DR1\Partition1 11:42:19.0092 2468 \Device\Harddisk1\DR1\Partition1 - ok 11:42:19.0095 2468 [ E5BCA7F87F789D543DF6A773E3347C8A ] \Device\Harddisk1\DR1\Partition2 11:42:19.0097 2468 \Device\Harddisk1\DR1\Partition2 - ok 11:42:19.0100 2468 [ DADEBE6E39D9BD25A22BBB629F7626F0 ] \Device\Harddisk2\DR2\Partition1 11:42:19.0102 2468 \Device\Harddisk2\DR2\Partition1 - ok 11:42:19.0105 2468 [ A083BB2F0070BD8E324EE676FB9B9312 ] \Device\Harddisk2\DR2\Partition2 11:42:19.0106 2468 \Device\Harddisk2\DR2\Partition2 - ok 11:42:19.0110 2468 [ F20AA0F38FFAEA554DAD498D6480F8CE ] \Device\Harddisk2\DR2\Partition3 11:42:19.0111 2468 \Device\Harddisk2\DR2\Partition3 - ok 11:42:19.0115 2468 [ 0D671B3D0C9348A629BDE623A0E1F573 ] \Device\Harddisk2\DR2\Partition4 11:42:19.0116 2468 \Device\Harddisk2\DR2\Partition4 - ok 11:42:19.0119 2468 [ D2B8F955766C65655C67FE97382D8E96 ] \Device\Harddisk2\DR2\Partition5 11:42:19.0121 2468 \Device\Harddisk2\DR2\Partition5 - ok 11:42:19.0121 2468 ============================================================ 11:42:19.0121 2468 Scan finished 11:42:19.0121 2468 ============================================================ 11:42:19.0133 3956 Detected object count: 0 11:42:19.0133 3956 Actual detected object count: 0 |
|
12.10.2012, 10:57
| #6 |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Dann jetzt Combofix bitte 
__________________ --> Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! |
|
12.10.2012, 11:27
| #7 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! So jetzt die Combo Fix Ergebnisse ComboFix 12-10-12.01 - cyberpirate 12.10.2012 11:56:30.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3839.2379 [GMT 2:00] ausgeführt von:: C:\Users\cyberpirate\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) C:\Program Files (x86)\xp-AntiSpy C:\Program Files (x86)\xp-AntiSpy\Uninstall.exe C:\Program Files (x86)\xp-AntiSpy\xp-AntiSpy.chm C:\Program Files (x86)\xp-AntiSpy\xp-AntiSpy.exe C:\Program Files (x86)\xp-AntiSpy\xp-AntiSpy.url C:\ProgramData\ntuser.dat ((((((((((((((((((((((( Dateien erstellt von 2012-09-12 bis 2012-10-12 )))))))))))))))))))))))))))))) 2012-10-12 10:05:50 . 2012-10-12 10:05:50 -------- d-----w- C:\Users\iNET\AppData\Local\temp 2012-10-12 10:05:50 . 2012-10-12 10:05:50 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-10-12 09:59:35 . 2012-10-12 09:59:35 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DFD0A56-6DC7-42EE-84C0-C5BAA6311CB8}\offreg.dll 2012-10-12 09:07:16 . 2012-09-18 22:58:36 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7DFD0A56-6DC7-42EE-84C0-C5BAA6311CB8}\mpengine.dll 2012-10-10 07:42:59 . 2012-09-18 22:58:36 9308616 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5EF5873F-19BF-4C2D-AC28-56052AD8F519}\mpengine.dll 2012-10-09 15:17:01 . 2012-10-09 15:17:01 -------- d-----w- C:\Users\cyberpirate\AppData\Roaming\mkvtoolnix 2012-10-02 16:17:37 . 2012-10-04 19:04:10 -------- d-----w- C:\Users\iNET\AppData\Roaming\vlc 2012-09-28 08:57:36 . 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\system32\OxpsConverter.exe 2012-09-20 18:00:21 . 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2012-09-20 18:00:21 . 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\system32\drivers\ndis.sys 2012-09-20 18:00:21 . 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\system32\drivers\netio.sys 2012-09-20 18:00:21 . 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\system32\drivers\FWPKCLNT.SYS 2012-09-20 18:00:20 . 2012-08-02 17:58:52 574464 ----a-w- C:\Windows\system32\d3d10level9.dll 2012-09-20 18:00:20 . 2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2012-09-20 18:00:20 . 2012-07-04 20:26:03 41472 ----a-w- C:\Windows\system32\drivers\RNDISMP.sys 2012-09-20 17:51:29 . 2012-09-20 17:51:29 -------- d-----w- C:\Program Files (x86)\Common Files\Java 2012-09-20 17:51:19 . 2012-09-20 17:51:15 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-20 17:51:13 . 2012-09-20 17:51:13 -------- d-----w- C:\Program Files (x86)\Java . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-10-10 16:04:28 . 2012-06-20 16:34:53 65309168 ----a-w- C:\Windows\system32\MRT.exe 2012-10-09 13:21:30 . 2012-06-20 16:28:02 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 13:21:30 . 2012-06-20 16:28:02 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-20 17:51:14 . 2012-06-20 17:53:01 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-20 17:51:14 . 2012-06-20 17:53:01 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-07 15:04:46 . 2012-06-20 17:54:05 25928 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-08-21 09:13:13 . 2012-06-21 12:15:24 969200 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2012-08-21 09:13:13 . 2012-06-21 12:15:24 59728 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2012-08-21 09:13:13 . 2012-06-21 12:15:24 359464 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2012-08-21 09:13:12 . 2012-06-21 12:15:24 71600 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2012-08-21 09:13:12 . 2012-06-21 12:15:24 54072 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2012-08-21 09:13:11 . 2012-06-21 12:15:24 25232 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2012-08-21 09:12:33 . 2012-06-21 12:15:12 41224 ----a-w- C:\Windows\avastSS.scr 2012-08-21 09:12:23 . 2012-06-21 12:15:11 227648 ----a-w- C:\Windows\SysWow64\aswBoot.exe 2012-08-21 09:12:02 . 2012-06-21 12:15:24 285328 ----a-w- C:\Windows\system32\aswBoot.exe 2012-08-20 17:38:44 . 2012-10-10 16:02:37 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-07-18 18:15:06 . 2012-08-15 14:01:46 3148800 ----a-w- C:\Windows\system32\win32k.sys (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="C:\Program Files (x86)\RocketDock\RocketDock.exe" [2007-09-02 11:58:52 495616] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584] "SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480] "AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 15:42:34 75624] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "Six Engine"="C:\Program Files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 16:22:40 5309056] "SAOB Monitor"="C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe" [2011-05-10 16:57:28 2570688] "TrueImageMonitor.exe"="C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-05-24 21:17:06 5587608] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-08-21 09:12:26 4282728] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 01:03:04 641704] "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848] C:\Users\iNET\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Samsung SSD Magician.lnk - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-6-21 2056192] C:\Users\cyberpirate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LibreOffice 3.6.lnk - C:\Program Files (x86)\LibreOffice 3.6\program\quickstart.exe [2012-7-27 44032] Samsung SSD Magician.lnk - C:\Program Files (x86)\Samsung SSD Magician\Samsung SSD Magician.exe [2012-6-21 2056192] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) "SynchronousMachineGroupPolicy"= 0 (0x0) "SynchronousUserGroupPolicy"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "AlwaysShowClassicMenu"= 1 (0x1) "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 15:42:34 75624] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 13:21:30 250808] R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-12 09:49:24 115168] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\Windows\system32\DRIVERS\s1018bus.sys [2008-06-04 06:33:58 116264] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s1018mdfl.sys [2008-06-04 06:34:04 19496] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s1018mdm.sys [2008-06-04 06:34:02 159784] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s1018mgmt.sys [2008-06-04 06:34:00 138792] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\Windows\system32\DRIVERS\s1018nd5.sys [2008-06-04 06:34:04 34856] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s1018obex.sys [2008-06-04 06:34:04 137256] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\Windows\system32\DRIVERS\s1018unic.sys [2008-06-04 06:34:04 153128] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232] S0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys [2012-04-11 01:40:58 82560] S0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys [2012-04-11 01:40:58 42624] S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x] S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\system32\DRIVERS\tdrpm273.sys [2012-06-20 17:02:52 1263200] S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 20:51:26 63960] S2 afcdpsrv;Acronis Nonstop Backup-Dienst;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-06-20 17:02:52 3246040] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [2012-07-04 06:20:54 238080] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-03 23:36:06 361984] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 14:04:30 53888] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 09:13:12 71600] S2 OS Selector;Acronis OS Selector Activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 13:16:06 2155848] S2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2011-04-15 16:46:40 610816] S3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys [2012-06-20 17:02:52 285280] S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 07:18:24 46136] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 06:59:32 11922944] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-04 05:10:56 359936] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 12:32:04 95760] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 04:34:52 539240] S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys [2012-03-30 14:49:08 56448] --- Andere Dienste/Treiber im Speicher --- *NewlyCreated* - 13223950 *NewlyCreated* - 45925945 *Deregistered* - 13223950 *Deregistered* - 45925945 Inhalt des "geplante Tasks" Ordners 2012-10-09 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 16:28:02 . 2012-10-09 13:21:30] 2012-09-28 C:\Windows\Tasks\avast! Emergency Update.job - C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-06-29 16:12:04 . 2012-08-21 09:12:25] 2012-08-11 C:\Windows\Tasks\GlaryInitialize.job - C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-06-20 17:38:59 . 2012-08-09 06:46:38] 2012-08-21 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972494703-4066016327-1056481122-1000Core1cd7fe83ede4e73.job - C:\Users\cyberpirate\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-21 21:48:17 . 2012-08-21 21:48:14] 2012-08-11 C:\Windows\Tasks\SidebarExecute.job - C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 03:24:51 . 2010-11-21 03:24:51] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11:57 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 09:38:38 1744152] "Acronis Scheduler2 Service"="C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-05-24 21:18:08 395344] "Windows7FirewallControl"="C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe" [2011-04-15 17:07:24 1171968] "RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-05-29 19:27:14 6545552] ------- Zusätzlicher Suchlauf ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = C:\Windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - C:\Users\cyberpirate\AppData\Roaming\Mozilla\Firefox\Profiles\aeig5mkc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.computerbase.de/ FF - prefs.js: network.proxy.http - 193.27.209.200 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 - - - - Entfernte verwaiste Registrierungseinträge - - - - AddRemove-xp-AntiSpy - C:\Program Files (x86)\xp-AntiSpy\Uninstall.exe AddRemove-Google Chrome - C:\Users\cyberpirate\AppData\Local\Google\Chrome\Application\21.0.1180.83\Installer\setup.exe |
|
12.10.2012, 11:32
| #8 |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem!ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2012, 12:09
| #9 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Hallo schrauber, so nun würde ich doch gerne mal wissen wie viele Scans ich noch machen soll und wozu überhaupt? Ich bin Dir wirklich sehr dankbar für Deine Mühe aber vielleicht solltest Du mir erst mal die Ergebnisse der anderen Scans erläutern? Und zu meiner ursprünglichen Frage Betreff des Avast RootKit Scanner Ergebnis wurde noch gar nichts zu gesagt? Ich würde gerne erst mal wissen was die beiden roten Einträge bedeuten. Siehe Post 1 angehängtes Bild. Mit freundlichen Grüßen |
|
12.10.2012, 12:34
| #10 |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Das ein unbekanntes Modul gefunden wurde, deswegen scannen wir den Rechner nach Rootkits und Malware. Die Sans nach den wirklich bösen Sachen kamen ohne Befund zurück, lediglich ein paar kleinere Einträge, die nehmen wir beim nächsten Fix mit OTL raus, sobald ESET die komplette Platte gescannt hat. Grund: Die Tools scannen immer einen gewissen Bereich intensiv, ESET ist nur dafür da für den Rest zu scannen, damit man einen Überblick hat.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
12.10.2012, 14:30
| #11 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! OK vielen Dank für die Erklärung. Und was sagen die anderen LOG´s bisher aus? Irgendwelche Auffälligkeiten? So werde jetzt mal den ESET Scan starten. |
|
12.10.2012, 15:22
| #12 |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Nix gravierendes
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2012, 08:54
| #13 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Guten Morgen, der Scan hat bis heute morgen gedauert. Hat aber nichts ergeben. |
|
13.10.2012, 09:04
| #14 |
| /// the machine /// TB-Ausbilder | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Gut dann poste bitte ein frisches OTL logfile.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.10.2012, 09:13
| #15 |
| | Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! Hallo schrauber, Du bist ja auch schon früh hier im Forum unterwegs  Wie soll ich den mnit OTL scannen? Mit den Einstellungen wie aus Post Nr. 2? |
|
| Themen zu Avast RootKit Scanner Ergebnis: ntoskernel.exe Problem! |
| avast, bedeuten, ergebnis, ntoskernel.exe, problem, rootkit, rootkit scanner, scan, scanner, tool |
Textbox.
Linear-Darstellung
