Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Ebenfalls Trojaner drauf, ABER CD Laufwerk NICHT vorhanden! (https://www.trojaner-board.de/108479-ebenfalls-trojaner-drauf-cd-laufwerk-vorhanden.html)

Schakatak 23.01.2012 13:14

Ebenfalls Trojaner drauf, ABER CD Laufwerk NICHT vorhanden!
 
Hi

Ich habe hier jetzt viel über diesen Trojaner gelesen. Das Netbook meiner Tochter ist befallen und es kommt nach einem Start:

weißer Schirm

Ihre Internetverbindung wird hergestellt. bitte Warten!

Ich weiß, ich weiß, das haben andere hier im Forum auch.

ABER: Das Netbook meiner Tochter hat KEIN CD Laufwerk. Ich kann mir also KEINE CD herstellen.

Watt mach ich nu??

Sie hat ein Samsung Netbook 10 Zoll OHNE CD Laufwerk. Ich habe im Handbuch gelesen, dass die Taste F4 es ermöglichen soll, die WErkseinstellungen wieder herzustellen. Ist das denn hilfreich? Oder soll ich einen anderen Weg gehen?

Lieben Gruß

Chris4You 23.01.2012 13:48

Hi,

Scan:
Downloade dir bitte srep.exe und speichere diese auf einen USB Stick.
Wichtig: Nicht in einen Ordner speichern.
  • Starte den infizierten Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste. Danach solltest Du einige Optionen zur Auswahl haben. Navigiere mit den Pfeiltasten zu Abgesicherter Modus mit Eingabeaufforderung und drücke Enter
    ** Hinweis: Es kann sein, dass eine andere F Taste gedrückt werden muss, um in die Startoptionen zu kommen.
  • Logge dich nun in das infizierte Benutzerkonto ein.
  • Schließe den USB Stick an den infizierten Rechner an.
  • Nun ist etwas Handarbeit gefragt.
    • Du musst zuerst heraus finden, welchen Laufwerksbuchstaben der USB Stick hat.
    • Dazu gib bitte einfach E: ein und drücke Enter. Sollte folgende Meldung kommen.
      Zitat:

      Das System kann das angegeben Laufwerk nicht finden
      versuche einen anderen Laufwerksbuchstaben. ( z.B F: )
  • Sobald Du den richtigen Laufwerksbuchstaben gefunden hast, gib folgendes ein und drücke Enter.
    start srep.exe
  • Drücke nun auf Scan.
  • Lass das Tool in Ruhe laufen. Der Rechner wird automatisch neu starten.
Auf deinen USB Stick befindet sich eine shell.txt. Bitte poste diese in deiner nächsten Antwort.

Hinweis: Es ist gut möglich, dass du bereits nach dem Scan wieder auf deinen Rechner zugreifen kannst.

Falls dem so ist:
OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Aktualisierungen" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

Schakatak 23.01.2012 22:22

Sorry, dass ich mich so spät melde. Ich bin noch auf der Arbeit und kann die Schritte erst morgen früh erledigen. Ich melde mich dann.

Vielen Dank erstmal für die Hilfe.

Schakatak 24.01.2012 09:45

Kleines Problemchen.

Das Netbookdisplay ist im mittleren Bereich beschädigt, so dass ich nichts sehen kann. Sie arbeitete seit der Beschädigung immer mit einem externen Monitor. Dieser Monitor wird aber, da Windows nicht gestartet wird, ebenfalls nicht gestartet und zeigt somit NICHT den Bildschirminhalt an.

Ich arbeite mehr oder weniger blind.

So, was ich bis jetzt erreicht habe:

Ich startete das Netbook und drückte dabei F8 mehrmals. Ich konnte auch starten mit Eingabeaufforderung erreichen.

Dann steckte ich den USB Stick rein und konnte das Laufwerk E: (den stick) ansteuern.

Ich tippte E:

Danach stand am Anfang E:\>

Ich gab dann

start srep.exe (mit Leertaste)

ein und drückte Enter.

Es passiert leider nichts. Leider weiß ich nicht, was der Bildschirm danach anzeigt, da der mittlere Bereich des Displays nichts anzeigt. Gut wäre jetzt ein Screen, damit ich sehen kann, was nach Eingabe von "start srep" angezeigt wird. Dann könnte ich mich leichter orientieren.

Wäre es möglich, mir einen Screen zu posten? Oder mir zu sagen, welche Tastenkombo ich drücken muss, um auf den Button Scan zu kommen? Falls überhauzpt nach Eingabe von start srep.exe ein Popup Fenster aufgeht.

Schakatak 24.01.2012 14:57

Hallo Chris

Oder soll ich das Netbook unter Drücken der F4 Taste in den Werksauslieferungszustand zurücksetzen? Hätte ich mit dieser Maßnahme mehr Erfolg, als halb blind weiterzuarbeiten?

Lieben Gruß Michael

Schakatak 24.01.2012 15:16

Da ich nicht sehen konnte, was der Bildschirm nach Eingabe von start srep.exe anzeigt, drückte ich einfach die Taste Alt und Tab und dann Enter. Nichts.

Ich drückte wieder Alt und Tab und dann Enter und plötzlich lief der srep los. Der Rechner startete dann auch zweimal neu und der extern angeschlossene Monitor zeigte ein Bild.

Jetzt geht es weiter mit OTL.

Bis gleich...

Schakatak 24.01.2012 15:50

Code:

OTL logfile created on: 1/24/2012 3:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Alina\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 50.67 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Alina\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\SFB\SmartRestarter.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\XSManager\WTGService.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE ()
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\PROGRA~1\samsung\SAMSUN~4\SUPNOT~1.EXE ()
MOD - C:\PROGRA~1\samsung\SAMSUN~4\HMXML.dll ()
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SearchAnonymizer) -- C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (WTGService) -- C:\Program Files\XSManager\WTGService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (rtport) -- C:\Windows\System32\drivers\rtport.sys (Windows (R) 2003 DDK 3790 provider)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SaiU0CEA) -- C:\Windows\System32\drivers\SaiU0CEA.sys (Saitek)
DRV - (PAC7302) -- C:\Windows\System32\drivers\PAC7302.SYS (PixArt Imaging Inc.)
DRV - (RecFltr) -- C:\Windows\System32\drivers\RecFltr.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=cqde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com//406
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com//406"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.8.20100713041928
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.8.0.8
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.13
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {1FD91A9C-410C-4090-BBCC-55D3450EF433}:1.0
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.2.2
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=119&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Alina\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\6.0.2237.0\Firefox [2010/08/14 09:24:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/08/14 09:24:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/08/14 09:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/24 15:18:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/15 19:05:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.1.0\FF [2011/01/11 16:51:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\finder@meingutscheincode.de: C:\Program Files\Mein Gutscheincode Finder\Firefox [2011/04/29 22:05:00 | 000,000,000 | ---D | M]
 
[2011/09/01 20:59:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Extensions
[2012/01/24 15:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions
[2011/12/16 13:57:38 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/01/08 19:40:23 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011/09/01 20:58:40 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
[2011/01/29 14:29:46 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/01/08 19:40:31 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2012/01/24 15:18:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/20 12:47:32 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\engine@conduit.com
[2012/01/24 15:24:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alina\AppData\Roaming\mozilla\Firefox\Profiles\hwghfhon.default\extensions\staged
[2011/04/29 22:05:02 | 000,001,084 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\conduit.xml
[2011/09/01 20:58:22 | 000,002,506 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\SearchResults.xml
[2011/04/29 22:05:02 | 000,004,220 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\sweetim.xml
[2011/04/29 22:05:02 | 000,001,864 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{45874666-7C4C-4049-BF24-EEC946BB9FFE}.xml
[2011/04/29 22:05:02 | 000,002,182 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{8143FFC0-D100-4FCB-9336-63F57AC1AAFF}.xml
[2011/04/29 22:05:02 | 000,002,071 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{D60951B2-8111-4C34-9F87-B7AA0456B805}.xml
[2011/04/29 22:07:56 | 000,001,088 | ---- | M] () -- C:\Users\Alina\AppData\Roaming\Mozilla\Firefox\Profiles\hwghfhon.default\searchplugins\{E87A6B59-E594-4ADD-8E44-131A7630B767}.xml
[2011/12/15 19:05:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/08/24 20:37:26 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWGHFHON.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ALINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HWGHFHON.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}.XPI
[2012/01/24 15:18:13 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/24 15:18:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/01/24 15:18:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/24 15:18:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/04/29 22:07:56 | 000,001,617 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/04/29 22:05:02 | 000,001,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchstonicde.xml
[2012/01/24 15:18:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/01 20:58:22 | 000,002,506 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/01/24 15:18:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/01/24 15:18:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.2.1_0\
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgfpelakfkbbkkdchaaaknckhoadkcbo\1.0.2_0\
CHR - Extension: No name found = C:\Users\Alina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.7280_0\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Program Files\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (Loader Class) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI3C8A~1\Datamngr\BROWSE~1.DLL (Bandoo Media, inc)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI3C8A~1\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~1\WI3C8A~1\Datamngr\DATAMN~1.EXE (Bandoo Media, inc)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Alina\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Alina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [fTalk] C:\Users\Alina\AppData\Local\fTalk\ftalk.exe (Bandoo Media Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MozillaPlugins] C:\Users\Alina\AppData\Roaming\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Alina\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{152AAF1C-9EFD-4FD6-B0DA-2D2021C9AD22}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\datamngr.dll) -c:\progra~1\wi3c8a~1\datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (c:\progra~1\wi3c8a~1\datamngr\iebho.dll) -c:\progra~1\wi3c8a~1\datamngr\iebho.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/22 20:24:33 | 000,095,744 | ---- | C] (Kassl GmbH) -- C:\Users\Alina\AppData\Roaming\dwlGina3.dll
[2012/01/11 14:04:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\packager.dll
[2012/01/11 14:04:40 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2012/01/11 14:04:39 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\qdvd.dll
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Alina\Documents\*.tmp files -> C:\Users\Alina\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/24 15:37:07 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/24 15:17:21 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:17:21 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/24 15:13:27 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/01/24 15:13:27 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/01/24 15:13:26 | 000,654,610 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/01/24 15:13:26 | 000,130,192 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/01/24 15:06:10 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 15:05:45 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/01/24 15:04:49 | 1062,518,784 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/22 20:24:33 | 000,095,744 | ---- | M] (Kassl GmbH) -- C:\Users\Alina\AppData\Roaming\dwlGina3.dll
[2012/01/22 19:45:22 | 000,000,928 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1076387279-2608573375-2991349267-1000UA.job
[2012/01/22 19:45:11 | 000,000,906 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1076387279-2608573375-2991349267-1000Core.job
[2012/01/12 22:19:06 | 000,734,917 | ---- | M] () -- C:\Users\Alina\100_1981.JPG
[2012/01/12 22:19:06 | 000,713,692 | ---- | M] () -- C:\Users\Alina\100_1982.JPG
[2012/01/07 12:36:16 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[5 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\Alina\Documents\*.tmp files -> C:\Users\Alina\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/12 22:18:42 | 000,734,917 | ---- | C] () -- C:\Users\Alina\100_1981.JPG
[2012/01/12 22:18:42 | 000,713,692 | ---- | C] () -- C:\Users\Alina\100_1982.JPG
[2011/05/24 18:15:33 | 000,033,280 | -HS- | C] () -- C:\Users\Alina\AppData\Roaming\csrss.exe
[2010/12/30 13:35:27 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/30 13:08:22 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/08/15 00:36:21 | 000,654,610 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2010/08/15 00:36:21 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2010/08/15 00:36:21 | 000,130,192 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2010/08/15 00:36:21 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2010/08/14 08:22:30 | 000,002,018 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/08/14 08:15:18 | 000,006,656 | ---- | C] () -- C:\windows\System32\bcmwlrc.dll
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,424,080 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/03/20 16:44:02 | 000,000,566 | ---- | C] () -- C:\windows\System32\SP7302.ini
[2007/01/26 01:04:12 | 000,138,752 | ---- | C] () -- C:\windows\System32\mase32.dll
[2007/01/26 01:04:12 | 000,027,648 | ---- | C] () -- C:\windows\System32\ma32.dll
[2007/01/18 08:21:38 | 000,041,984 | ---- | C] () -- C:\windows\System32\drivers\RecFltr.sys

< End of report >

Und nachfolgend der Inhalt Extras.txt

Code:

OTL Extras logfile created on: 1/24/2012 3:30:56 PM - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Alina\Downloads
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013.30 Mb Total Physical Memory | 303.42 Mb Available Physical Memory | 29.94% Memory free
1.99 Gb Paging File | 1.05 Gb Available in Paging File | 52.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 85.00 Gb Total Space | 50.67 Gb Free Space | 59.61% Space Free | Partition Type: NTFS
Drive D: | 127.79 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: NTFS
 
Computer Name: ALINA-PC | User Name: Alina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{18AA278D-E0B9-4F99-ACCC-070978A38453}" = Easy Resolution Manager
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EE2B017-D82C-4B12-B071-5CF1B23D1A42}" = SweetIM for Messenger 3.4
"{54B29835-EF99-41D2-9104-F159DE62F165}" = Bing Bar Platform
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{607DA1C8-34EC-4D7A-AD83-F8E5C70736DF}" = EasyBatteryManager
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{74A579FB-EB06-497D-B194-01590D6FE51A}" = BatteryLifeExtender
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}" = Fast Booting SW
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISER_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISER_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISER_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISER_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}" = ChargeableUSB
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A5C8BFF2-0044-4500-8BB5-BEB0D2335885}" = REALTEK PCIE Wireless LAN Software
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4750ECE-3B5F-462F-8950-614D1E0B2204}" = Facebook Video Calling 1.1.0.13
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BF67F764-95B6-4360-BB57-B2E5AA6C814B}" = SweetIM Toolbar for Internet Explorer 4.0
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDF38EE7-3A53-4B4C-8924-CFFDF906091A}" = EasyFileShare
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9557866-B4C8-4CE5-8508-0E386BDC20B2}" = Easy Network Manager
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Elantech" = ETDWare PS/2-x86 7.0.7.0_WHQL
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Free Studio_is1" = Free Studio version 5.0.3
"Free YouTube Download 3_is1" = Free YouTube Download 3 version 3.0.11.727
"Free YouTube Download_is1" = Free YouTube Download version 2.10.32.305
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ICQToolbar" = ICQ Toolbar
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{C33228F4-D34B-4271-B3B4-E973BA67B230}" = SPEEDLINK SL-6825 Snappy Webcam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Marvell Miniport Driver" = Marvell Miniport Driver
"Maschinenschreiben Deluxe_is1" = Maschinenschreiben Deluxe 1.2.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PriceGong" = PriceGong 2.1.0
"SearchAnonymizer" = SearchAnonymizer
"Searchqu 406 MediaBar" = Windows iLivid Toolbar
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinLiveSuite" = Windows Live Essentials
"XSManager" = XSManager
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"fTalk" = fTalk
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 1/4/2012 12:05:24 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\cyberlink\powerdirector\muitransfer\MUIStartMenuX64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/5/2012 2:30:11 PM | Computer Name = Alina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ftalk.exe, Version: 2.0.0.0, Zeitstempel:
 0x4e8641df  Name des fehlerhaften Moduls: ftalk.exe, Version: 2.0.0.0, Zeitstempel:
 0x4e8641df  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00a6b8ec  ID des fehlerhaften Prozesses:
 0xffc  Startzeit der fehlerhaften Anwendung: 0x01cccb19b164d81e  Pfad der fehlerhaften
 Anwendung: C:\Users\Alina\AppData\Local\fTalk\ftalk.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Alina\AppData\Local\fTalk\ftalk.exe  Berichtskennung: 4c91ebe6-37cb-11e1-88e2-4cedde05904e
 
Error - 1/8/2012 2:14:02 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 1/11/2012 5:10:04 PM | Computer Name = Alina-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Skype.exe, Version: 5.5.0.124, Zeitstempel:
 0x4e96a02b  Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version: 2.0.10175.3910,
 Zeitstempel: 0x4b9715b8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000c9d8  ID des fehlerhaften
 Prozesses: 0x814  Startzeit der fehlerhaften Anwendung: 0x01ccd0a50acf9c7f  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Skype\Phone\Skype.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\CyberLink\YouCam\YCWebCameraSource.ax  Berichtskennung:
a0efbd2f-3c98-11e1-95be-4cedde05904e
 
Error - 1/15/2012 2:51:30 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 1/20/2012 1:43:09 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\Samsung
 Support Center\Drv\drv2x64\KStartMem.exe.Manifest".  Die abhängige Assemblierung
"Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/20/2012 1:43:13 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\EasyFileShare\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/20/2012 1:46:36 PM | Computer Name = Alina-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 1/21/2012 11:58:03 AM | Computer Name = Alina-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed:
 
Error - 1/22/2012 2:57:42 PM | Computer Name = Alina-PC | Source = Windows Backup | ID = 4104
Description =
 
[ OSession Events ]
Error - 1/28/2011 11:25:29 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 189
 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error - 1/28/2011 11:26:08 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 5/14/2011 5:20:48 AM | Computer Name = Alina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1471
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/4/2011 7:56:41 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/5/2011 5:39:12 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/5/2011 8:54:20 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/6/2011 12:19:19 PM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 9/6/2011 12:27:36 PM | Computer Name = Alina-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?09.?2011 um 18:25:54 unerwartet heruntergefahren.
 
Error - 9/6/2011 12:30:13 PM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 9/6/2011 12:44:42 PM | Computer Name = Alina-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definition Update for Windows Defender - KB915597
 (Definition 1.111.1554.0)
 
Error - 9/7/2011 11:19:51 AM | Computer Name = Alina-PC | Source = DCOM | ID = 10010
Description =
 
Error - 9/7/2011 11:22:23 AM | Computer Name = Alina-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
Error - 9/7/2011 11:35:29 AM | Computer Name = Alina-PC | Source = DCOM | ID = 10010
Description =
 
 
< End of report >


Schakatak 24.01.2012 18:31

zurzeit läuft

Malwarebytes in Fullscan

durch.

Das dauert.

Ich poste das Log File, wenn der Scan beendet ist.

Gruß Michael

Schakatak 24.01.2012 19:27

Code:

Malwarebytes Anti-Malware (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.24.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Alina :: ALINA-PC [Administrator]

Schutz: Aktiviert

24.01.2012 16:52:35
mbam-log-2012-01-24 (16-52-35).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 289396
Laufzeit: 2 Stunde(n), 17 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MozillaPlugins (Spyware.Password) -> Daten: C:\Users\Alina\AppData\Roaming\csrss.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoDesktop (PUM.Hidden.Desktop) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (PUM.Hijack.Regedit) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Alina\AppData\Roaming\csrss.exe (Spyware.Password) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


Chris4You 24.01.2012 22:26

Hi,

das sieht schon recht ordentlich aus, MAM hat einiges entfernt...
Trotzdem noch das Script auffahren...

OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
O4 - HKCU..\Run: [bPk0yiZRB98vWmQ] C:\Users\Alina\AppData\Roaming\w3tygaw4ya4y.exe File not found
[2011/05/24 18:15:33 | 000,033,280 | -HS- | C] () -- C:\Users\Alina\AppData\Roaming\csrss.exe

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Schakatak 25.01.2012 10:09

hi

Nachdem ich den Code in die Codebox kopiert hatte und auf run fix klickte, lief der Fortschrittsbalken unten (grün) an. Nach sehr kurzer zeit erschien ein Fenster mit folgendem Inhalt:

"Kritischer Fehler. Windows wird in 1 Minute neu gestartet"

Und das tat der Rechner auch. OTL schien nicht fertig gewesen zu sein.

Auf dem Desktop waren plötzlich zwei Dateien vorhanden. Beide hatten denselben Namen, nämlich

desktop.ini

Vom Erscheinungsbild der Icons muss ich sagen, dass sie blass an Farbe waren. Vielleicht hilft das. Ich werde die Vorgehensweise mit OTL jetzt nochmal machen.

Schakatak 25.01.2012 10:31

Ich bin die Vorgehensweise mit OTL und dem Reinkopieren des Sciptcodes nochmal durchgegangen. Jetzt lief OTL bis zum Schluß durch und erstellte eine LOG. Den Inhalt siehst du nachfolgend.

Hinweis: die beiden desktop.ini dateien vom Desktop waren danach verschwunden. Ich hoffe, es läuft jetzt gut voran, oder habe ich einen Fehler gemacht?

OTL lief in minimal Scan durch.

Code:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\bPk0yiZRB98vWmQ not found.
File C:\Users\Alina\AppData\Roaming\csrss.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Alina
->Temp folder emptied: 233730590 bytes
->Temporary Internet Files folder emptied: 99908642 bytes
->Java cache emptied: 3365879 bytes
->FireFox cache emptied: 110200663 bytes
->Google Chrome cache emptied: 6844823 bytes
->Flash cache emptied: 104429 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 94539689 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 523.00 mb
 

 
OTL by OldTimer - Version 3.2.31.0 log created on 01252012_101807

Files\Folders moved on Reboot...
C:\windows\temp\TMP00000003CC890B1C6ACA3AA1 moved successfully.
C:\windows\temp\TMP00000024C8750512D7189A4E moved successfully.

Registry entries deleted on Reboot...


Schakatak 25.01.2012 10:47

und jetzt der TDSS Killer Code:

Code:

10:44:26.0288 3164        TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
10:44:26.0710 3164        ============================================================
10:44:26.0710 3164        Current date / time: 2012/01/25 10:44:26.0710
10:44:26.0710 3164        SystemInfo:
10:44:26.0710 3164       
10:44:26.0710 3164        OS Version: 6.1.7601 ServicePack: 1.0
10:44:26.0710 3164        Product type: Workstation
10:44:26.0710 3164        ComputerName: ALINA-PC
10:44:26.0710 3164        UserName: Alina
10:44:26.0710 3164        Windows directory: C:\windows
10:44:26.0710 3164        System windows directory: C:\windows
10:44:26.0710 3164        Processor architecture: Intel x86
10:44:26.0710 3164        Number of processors: 2
10:44:26.0710 3164        Page size: 0x1000
10:44:26.0710 3164        Boot type: Normal boot
10:44:26.0710 3164        ============================================================
10:44:28.0550 3164        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:44:28.0784 3164        Initialize success
10:44:59.0626 3596        ============================================================
10:44:59.0626 3596        Scan started
10:44:59.0626 3596        Mode: Manual;
10:44:59.0626 3596        ============================================================
10:45:00.0764 3596        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
10:45:00.0827 3596        1394ohci - ok
10:45:00.0967 3596        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
10:45:00.0983 3596        ACPI - ok
10:45:01.0264 3596        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
10:45:01.0295 3596        AcpiPmi - ok
10:45:01.0513 3596        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
10:45:01.0576 3596        adp94xx - ok
10:45:01.0778 3596        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
10:45:01.0856 3596        adpahci - ok
10:45:02.0059 3596        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
10:45:02.0122 3596        adpu320 - ok
10:45:02.0340 3596        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
10:45:02.0434 3596        AFD - ok
10:45:02.0652 3596        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
10:45:02.0699 3596        agp440 - ok
10:45:02.0839 3596        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
10:45:02.0886 3596        aic78xx - ok
10:45:03.0073 3596        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
10:45:03.0120 3596        aliide - ok
10:45:03.0229 3596        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
10:45:03.0245 3596        amdagp - ok
10:45:03.0401 3596        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
10:45:03.0432 3596        amdide - ok
10:45:03.0557 3596        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
10:45:03.0604 3596        AmdK8 - ok
10:45:03.0760 3596        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
10:45:03.0806 3596        AmdPPM - ok
10:45:03.0962 3596        amdsata        (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
10:45:03.0994 3596        amdsata - ok
10:45:04.0165 3596        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
10:45:04.0196 3596        amdsbs - ok
10:45:04.0243 3596        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
10:45:04.0290 3596        amdxata - ok
10:45:04.0493 3596        AppID          (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
10:45:04.0524 3596        AppID - ok
10:45:04.0680 3596        arc            (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
10:45:04.0727 3596        arc - ok
10:45:04.0883 3596        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
10:45:04.0945 3596        arcsas - ok
10:45:05.0101 3596        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
10:45:05.0132 3596        AsyncMac - ok
10:45:05.0257 3596        atapi          (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
10:45:05.0288 3596        atapi - ok
10:45:05.0507 3596        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\windows\system32\DRIVERS\avgntflt.sys
10:45:05.0554 3596        avgntflt - ok
10:45:05.0725 3596        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\windows\system32\DRIVERS\avipbb.sys
10:45:05.0772 3596        avipbb - ok
10:45:06.0240 3596        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
10:45:06.0287 3596        b06bdrv - ok
10:45:06.0474 3596        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
10:45:06.0536 3596        b57nd60x - ok
10:45:06.0942 3596        BCM43XX        (2a61f5c96032afdb0a6171cc591472f7) C:\windows\system32\DRIVERS\bcmwl6.sys
10:45:07.0067 3596        BCM43XX - ok
10:45:07.0238 3596        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
10:45:07.0254 3596        Beep - ok
10:45:07.0488 3596        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
10:45:07.0519 3596        blbdrive - ok
10:45:07.0816 3596        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
10:45:07.0862 3596        bowser - ok
10:45:07.0940 3596        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
10:45:07.0956 3596        BrFiltLo - ok
10:45:07.0987 3596        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
10:45:08.0003 3596        BrFiltUp - ok
10:45:08.0065 3596        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
10:45:08.0174 3596        Brserid - ok
10:45:08.0221 3596        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
10:45:08.0252 3596        BrSerWdm - ok
10:45:08.0284 3596        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
10:45:08.0315 3596        BrUsbMdm - ok
10:45:08.0330 3596        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
10:45:08.0346 3596        BrUsbSer - ok
10:45:08.0580 3596        BthEnum        (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
10:45:08.0596 3596        BthEnum - ok
10:45:08.0767 3596        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
10:45:08.0798 3596        BTHMODEM - ok
10:45:08.0923 3596        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
10:45:08.0923 3596        BthPan - ok
10:45:09.0017 3596        BTHPORT        (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
10:45:09.0079 3596        BTHPORT - ok
10:45:09.0220 3596        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
10:45:09.0251 3596        BTHUSB - ok
10:45:09.0407 3596        btwampfl        (7061fe1715e5aded120fe4c608609357) C:\windows\system32\drivers\btwampfl.sys
10:45:09.0454 3596        btwampfl - ok
10:45:09.0610 3596        btwaudio        (a95b2fb3ca7b555b5cb306153f48ced8) C:\windows\system32\drivers\btwaudio.sys
10:45:09.0641 3596        btwaudio - ok
10:45:09.0797 3596        btwavdt        (1f9cd885f1c548be93962ccabdb632e4) C:\windows\system32\DRIVERS\btwavdt.sys
10:45:09.0844 3596        btwavdt - ok
10:45:10.0015 3596        btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys
10:45:10.0047 3596        btwl2cap - ok
10:45:10.0156 3596        btwrchid        (a2d6c7b7b62a6c42dcb01204a6bd6fc2) C:\windows\system32\DRIVERS\btwrchid.sys
10:45:10.0187 3596        btwrchid - ok
10:45:10.0327 3596        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
10:45:10.0374 3596        cdfs - ok
10:45:10.0515 3596        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys
10:45:10.0561 3596        cdrom - ok
10:45:10.0733 3596        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
10:45:10.0764 3596        circlass - ok
10:45:10.0905 3596        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
10:45:10.0983 3596        CLFS - ok
10:45:11.0107 3596        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
10:45:11.0139 3596        CmBatt - ok
10:45:11.0263 3596        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
10:45:11.0279 3596        cmdide - ok
10:45:11.0388 3596        cmnsusbser - ok
10:45:11.0451 3596        CNG            (1b675691ed940766149c93e8f4488d68) C:\windows\system32\Drivers\cng.sys
10:45:11.0513 3596        CNG - ok
10:45:11.0653 3596        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
10:45:11.0685 3596        Compbatt - ok
10:45:11.0825 3596        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
10:45:11.0872 3596        CompositeBus - ok
10:45:12.0012 3596        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
10:45:12.0028 3596        crcdisk - ok
10:45:12.0231 3596        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
10:45:12.0277 3596        DfsC - ok
10:45:12.0340 3596        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
10:45:12.0355 3596        discache - ok
10:45:12.0496 3596        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
10:45:12.0511 3596        Disk - ok
10:45:12.0699 3596        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
10:45:12.0714 3596        drmkaud - ok
10:45:12.0855 3596        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
10:45:12.0948 3596        DXGKrnl - ok
10:45:13.0182 3596        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
10:45:13.0369 3596        ebdrv - ok
10:45:13.0541 3596        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
10:45:13.0603 3596        elxstor - ok
10:45:13.0728 3596        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
10:45:13.0744 3596        ErrDev - ok
10:45:13.0884 3596        ETD            (df4f000cfc05dec947d928a8f3adcd7a) C:\windows\system32\DRIVERS\ETD.sys
10:45:13.0931 3596        ETD - ok
10:45:14.0071 3596        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
10:45:14.0118 3596        exfat - ok
10:45:14.0243 3596        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
10:45:14.0290 3596        fastfat - ok
10:45:14.0430 3596        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
10:45:14.0461 3596        fdc - ok
10:45:14.0524 3596        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
10:45:14.0586 3596        FileInfo - ok
10:45:14.0695 3596        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
10:45:14.0711 3596        Filetrace - ok
10:45:14.0758 3596        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
10:45:14.0789 3596        flpydisk - ok
10:45:14.0929 3596        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
10:45:14.0976 3596        FltMgr - ok
10:45:15.0117 3596        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
10:45:15.0132 3596        FsDepends - ok
10:45:15.0195 3596        fssfltr        (d909075fa72c090f27aa926c32cb4612) C:\windows\system32\DRIVERS\fssfltr.sys
10:45:15.0226 3596        fssfltr - ok
10:45:15.0335 3596        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
10:45:15.0366 3596        Fs_Rec - ok
10:45:15.0522 3596        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
10:45:15.0585 3596        fvevol - ok
10:45:15.0709 3596        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
10:45:15.0756 3596        gagp30kx - ok
10:45:15.0928 3596        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
10:45:15.0943 3596        hcw85cir - ok
10:45:16.0084 3596        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
10:45:16.0162 3596        HdAudAddService - ok
10:45:16.0287 3596        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
10:45:16.0302 3596        HDAudBus - ok
10:45:16.0349 3596        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
10:45:16.0380 3596        HidBatt - ok
10:45:16.0427 3596        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
10:45:16.0458 3596        HidBth - ok
10:45:16.0599 3596        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
10:45:16.0630 3596        HidIr - ok
10:45:16.0786 3596        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
10:45:16.0817 3596        HidUsb - ok
10:45:16.0989 3596        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
10:45:17.0035 3596        HpSAMD - ok
10:45:17.0191 3596        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
10:45:17.0285 3596        HTTP - ok
10:45:17.0394 3596        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
10:45:17.0410 3596        hwpolicy - ok
10:45:17.0519 3596        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
10:45:17.0550 3596        i8042prt - ok
10:45:17.0675 3596        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys
10:45:17.0691 3596        iaStor - ok
10:45:17.0815 3596        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
10:45:17.0909 3596        iaStorV - ok
10:45:18.0252 3596        igfx            (99469637d568076ea5664daa8463c2e3) C:\windows\system32\DRIVERS\igdkmd32.sys
10:45:18.0517 3596        igfx - ok
10:45:18.0642 3596        iirsp          (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
10:45:18.0673 3596        iirsp - ok
10:45:18.0939 3596        IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\windows\system32\drivers\RTKVHDA.sys
10:45:19.0126 3596        IntcAzAudAddService - ok
10:45:19.0251 3596        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
10:45:19.0266 3596        intelide - ok
10:45:19.0344 3596        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
10:45:19.0344 3596        intelppm - ok
10:45:19.0469 3596        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
10:45:19.0500 3596        IpFilterDriver - ok
10:45:19.0625 3596        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
10:45:19.0656 3596        IPMIDRV - ok
10:45:19.0781 3596        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
10:45:19.0828 3596        IPNAT - ok
10:45:19.0953 3596        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
10:45:19.0984 3596        IRENUM - ok
10:45:20.0093 3596        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
10:45:20.0124 3596        isapnp - ok
10:45:20.0187 3596        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
10:45:20.0233 3596        iScsiPrt - ok
10:45:20.0374 3596        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\DRIVERS\kbdclass.sys
10:45:20.0436 3596        kbdclass - ok
10:45:20.0561 3596        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\DRIVERS\kbdhid.sys
10:45:20.0592 3596        kbdhid - ok
10:45:20.0717 3596        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\windows\system32\Drivers\ksecdd.sys
10:45:20.0764 3596        KSecDD - ok
10:45:20.0826 3596        KSecPkg        (26c046977e85b95036453d7b88ba1820) C:\windows\system32\Drivers\ksecpkg.sys
10:45:20.0873 3596        KSecPkg - ok
10:45:21.0045 3596        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
10:45:21.0076 3596        lltdio - ok
10:45:21.0247 3596        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
10:45:21.0294 3596        LSI_FC - ok
10:45:21.0466 3596        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
10:45:21.0497 3596        LSI_SAS - ok
10:45:21.0622 3596        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
10:45:21.0653 3596        LSI_SAS2 - ok
10:45:21.0700 3596        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
10:45:21.0731 3596        LSI_SCSI - ok
10:45:21.0871 3596        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
10:45:21.0903 3596        luafv - ok
10:45:22.0074 3596        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\windows\system32\drivers\mbam.sys
10:45:22.0105 3596        MBAMProtector - ok
10:45:22.0261 3596        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
10:45:22.0293 3596        megasas - ok
10:45:22.0433 3596        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
10:45:22.0464 3596        MegaSR - ok
10:45:22.0605 3596        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
10:45:22.0620 3596        Modem - ok
10:45:22.0667 3596        monitor        (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
10:45:22.0683 3596        monitor - ok
10:45:22.0729 3596        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\DRIVERS\mouclass.sys
10:45:22.0776 3596        mouclass - ok
10:45:22.0917 3596        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
10:45:22.0948 3596        mouhid - ok
10:45:23.0073 3596        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
10:45:23.0073 3596        mountmgr - ok
10:45:23.0135 3596        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
10:45:23.0182 3596        mpio - ok
10:45:23.0291 3596        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
10:45:23.0338 3596        mpsdrv - ok
10:45:23.0463 3596        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
10:45:23.0509 3596        MRxDAV - ok
10:45:23.0634 3596        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
10:45:23.0665 3596        mrxsmb - ok
10:45:23.0728 3596        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
10:45:23.0775 3596        mrxsmb10 - ok
10:45:23.0837 3596        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
10:45:23.0868 3596        mrxsmb20 - ok
10:45:23.0915 3596        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
10:45:23.0946 3596        msahci - ok
10:45:24.0009 3596        msdsm          (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
10:45:24.0024 3596        msdsm - ok
10:45:24.0118 3596        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
10:45:24.0149 3596        Msfs - ok
10:45:24.0180 3596        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
10:45:24.0196 3596        mshidkmdf - ok
10:45:24.0258 3596        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
10:45:24.0289 3596        msisadrv - ok
10:45:24.0430 3596        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
10:45:24.0461 3596        MSKSSRV - ok
10:45:24.0633 3596        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
10:45:24.0664 3596        MSPCLOCK - ok
10:45:24.0804 3596        MSPQM          (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
10:45:24.0835 3596        MSPQM - ok
10:45:24.0960 3596        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
10:45:25.0007 3596        MsRPC - ok
10:45:25.0147 3596        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
10:45:25.0163 3596        mssmbios - ok
10:45:25.0225 3596        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
10:45:25.0241 3596        MSTEE - ok
10:45:25.0350 3596        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
10:45:25.0397 3596        MTConfig - ok
10:45:25.0522 3596        Mup            (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
10:45:25.0553 3596        Mup - ok
10:45:25.0725 3596        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
10:45:25.0803 3596        NativeWifiP - ok
10:45:25.0927 3596        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
10:45:25.0959 3596        NDIS - ok
10:45:26.0083 3596        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
10:45:26.0130 3596        NdisCap - ok
10:45:26.0255 3596        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
10:45:26.0286 3596        NdisTapi - ok
10:45:26.0427 3596        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
10:45:26.0442 3596        Ndisuio - ok
10:45:26.0505 3596        NdisWan        (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
10:45:26.0520 3596        NdisWan - ok
10:45:26.0583 3596        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
10:45:26.0629 3596        NDProxy - ok
10:45:26.0770 3596        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
10:45:26.0801 3596        NetBIOS - ok
10:45:26.0848 3596        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
10:45:26.0910 3596        NetBT - ok
10:45:27.0113 3596        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
10:45:27.0144 3596        nfrd960 - ok
10:45:27.0300 3596        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
10:45:27.0331 3596        Npfs - ok
10:45:27.0472 3596        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
10:45:27.0487 3596        nsiproxy - ok
10:45:27.0597 3596        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
10:45:27.0737 3596        Ntfs - ok
10:45:27.0862 3596        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
10:45:27.0877 3596        Null - ok
10:45:28.0018 3596        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
10:45:28.0080 3596        nvraid - ok
10:45:28.0127 3596        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
10:45:28.0158 3596        nvstor - ok
10:45:28.0205 3596        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
10:45:28.0236 3596        nv_agp - ok
10:45:28.0299 3596        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
10:45:28.0345 3596        ohci1394 - ok
10:45:28.0564 3596        PAC7302        (81a0921e2a3fdcf840e43af64bf96ea2) C:\windows\system32\DRIVERS\PAC7302.SYS
10:45:28.0611 3596        PAC7302 - ok
10:45:28.0673 3596        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
10:45:28.0704 3596        Parport - ok
10:45:28.0751 3596        partmgr        (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
10:45:28.0798 3596        partmgr - ok
10:45:28.0845 3596        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
10:45:28.0860 3596        Parvdm - ok
10:45:28.0923 3596        pci            (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
10:45:28.0969 3596        pci - ok
10:45:29.0016 3596        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
10:45:29.0047 3596        pciide - ok
10:45:29.0094 3596        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
10:45:29.0157 3596        pcmcia - ok
10:45:29.0281 3596        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
10:45:29.0313 3596        pcw - ok
10:45:29.0469 3596        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
10:45:29.0547 3596        PEAUTH - ok
10:45:29.0827 3596        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
10:45:29.0859 3596        PptpMiniport - ok
10:45:29.0921 3596        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
10:45:29.0952 3596        Processor - ok
10:45:30.0093 3596        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
10:45:30.0093 3596        Psched - ok
10:45:30.0217 3596        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
10:45:30.0327 3596        ql2300 - ok
10:45:30.0451 3596        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
10:45:30.0483 3596        ql40xx - ok
10:45:30.0607 3596        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
10:45:30.0639 3596        QWAVEdrv - ok
10:45:30.0685 3596        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
10:45:30.0717 3596        RasAcd - ok
10:45:30.0857 3596        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
10:45:30.0873 3596        RasAgileVpn - ok
10:45:31.0029 3596        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
10:45:31.0044 3596        Rasl2tp - ok
10:45:31.0200 3596        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
10:45:31.0247 3596        RasPppoe - ok
10:45:31.0403 3596        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
10:45:31.0434 3596        RasSstp - ok
10:45:31.0559 3596        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
10:45:31.0621 3596        rdbss - ok
10:45:31.0684 3596        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
10:45:31.0684 3596        rdpbus - ok
10:45:31.0746 3596        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
10:45:31.0777 3596        RDPCDD - ok
10:45:31.0855 3596        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
10:45:31.0871 3596        RDPENCDD - ok
10:45:31.0933 3596        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
10:45:31.0949 3596        RDPREFMP - ok
10:45:32.0027 3596        RDPWD          (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
10:45:32.0043 3596        RDPWD - ok
10:45:32.0199 3596        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
10:45:32.0245 3596        rdyboost - ok
10:45:32.0370 3596        RecFltr        (c7775140fade828e746ff8f93d2dcca0) C:\windows\system32\Drivers\RecFltr.sys
10:45:32.0386 3596        RecFltr - ok
10:45:32.0464 3596        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
10:45:32.0495 3596        RFCOMM - ok
10:45:32.0713 3596        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
10:45:32.0745 3596        rspndr - ok
10:45:32.0791 3596        RTL8167        (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
10:45:32.0807 3596        RTL8167 - ok
10:45:32.0869 3596        rtport          (41ce6b172542a9a227e34a45881e1d2a) C:\windows\system32\drivers\rtport.sys
10:45:32.0885 3596        rtport - ok
10:45:32.0963 3596        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
10:45:32.0979 3596        SABI - ok
10:45:33.0119 3596        SaiU0CEA        (9d0dda383199833d8750366c248f88de) C:\windows\system32\DRIVERS\SaiU0CEA.sys
10:45:33.0150 3596        SaiU0CEA - ok
10:45:33.0228 3596        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
10:45:33.0275 3596        sbp2port - ok
10:45:33.0400 3596        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
10:45:33.0431 3596        scfilter - ok
10:45:33.0556 3596        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
10:45:33.0571 3596        secdrv - ok
10:45:33.0759 3596        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
10:45:33.0790 3596        Serenum - ok
10:45:33.0946 3596        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
10:45:33.0993 3596        Serial - ok
10:45:34.0117 3596        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
10:45:34.0133 3596        sermouse - ok
10:45:34.0289 3596        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
10:45:34.0305 3596        sffdisk - ok
10:45:34.0336 3596        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
10:45:34.0367 3596        sffp_mmc - ok
10:45:34.0398 3596        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
10:45:34.0445 3596        sffp_sd - ok
10:45:34.0507 3596        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
10:45:34.0539 3596        sfloppy - ok
10:45:34.0601 3596        Sftfs          (8f00cc8cacf83dce5b35079f615b0f12) C:\windows\system32\DRIVERS\Sftfslh.sys
10:45:34.0695 3596        Sftfs - ok
10:45:34.0851 3596        Sftplay        (afdb934586c4c8b2be39ae7eea6f52be) C:\windows\system32\DRIVERS\Sftplaylh.sys
10:45:34.0882 3596        Sftplay - ok
10:45:34.0929 3596        Sftredir        (6b1865d82e0290729ed7496c24275592) C:\windows\system32\DRIVERS\Sftredirlh.sys
10:45:34.0944 3596        Sftredir - ok
10:45:34.0991 3596        Sftvol          (621eccb1265a01ce2bdf6f2c5e727e2b) C:\windows\system32\DRIVERS\Sftvollh.sys
10:45:35.0007 3596        Sftvol - ok
10:45:35.0100 3596        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
10:45:35.0147 3596        sisagp - ok
10:45:35.0287 3596        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
10:45:35.0303 3596        SiSRaid2 - ok
10:45:35.0350 3596        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
10:45:35.0381 3596        SiSRaid4 - ok
10:45:35.0521 3596        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
10:45:35.0553 3596        Smb - ok
10:45:35.0740 3596        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
10:45:35.0771 3596        spldr - ok
10:45:35.0943 3596        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
10:45:35.0958 3596        srv - ok
10:45:36.0021 3596        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
10:45:36.0099 3596        srv2 - ok
10:45:36.0223 3596        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
10:45:36.0239 3596        srvnet - ok
10:45:36.0333 3596        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\windows\system32\DRIVERS\ssmdrv.sys
10:45:36.0348 3596        ssmdrv - ok
10:45:36.0426 3596        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
10:45:36.0442 3596        stexstor - ok
10:45:36.0520 3596        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
10:45:36.0551 3596        swenum - ok
10:45:36.0801 3596        Tcpip          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
10:45:36.0972 3596        Tcpip - ok
10:45:37.0159 3596        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
10:45:37.0175 3596        TCPIP6 - ok
10:45:37.0347 3596        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
10:45:37.0378 3596        tcpipreg - ok
10:45:37.0456 3596        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
10:45:37.0487 3596        TDPIPE - ok
10:45:37.0534 3596        TDTCP          (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
10:45:37.0549 3596        TDTCP - ok
10:45:37.0612 3596        tdx            (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
10:45:37.0643 3596        tdx - ok
10:45:37.0705 3596        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
10:45:37.0737 3596        TermDD - ok
10:45:37.0861 3596        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
10:45:37.0893 3596        tssecsrv - ok
10:45:38.0049 3596        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
10:45:38.0064 3596        TsUsbFlt - ok
10:45:38.0220 3596        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
10:45:38.0267 3596        tunnel - ok
10:45:38.0329 3596        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
10:45:38.0361 3596        uagp35 - ok
10:45:38.0439 3596        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
10:45:38.0485 3596        udfs - ok
10:45:38.0595 3596        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
10:45:38.0610 3596        uliagpkx - ok
10:45:38.0688 3596        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
10:45:38.0719 3596        umbus - ok
10:45:38.0844 3596        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
10:45:38.0860 3596        UmPass - ok
10:45:39.0016 3596        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\windows\system32\drivers\usbaudio.sys
10:45:39.0047 3596        usbaudio - ok
10:45:39.0109 3596        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
10:45:39.0125 3596        usbccgp - ok
10:45:39.0265 3596        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
10:45:39.0312 3596        usbcir - ok
10:45:39.0390 3596        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
10:45:39.0406 3596        usbehci - ok
10:45:39.0468 3596        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
10:45:39.0531 3596        usbhub - ok
10:45:39.0655 3596        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
10:45:39.0687 3596        usbohci - ok
10:45:39.0749 3596        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
10:45:39.0796 3596        usbprint - ok
10:45:39.0905 3596        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
10:45:39.0952 3596        USBSTOR - ok
10:45:40.0077 3596        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
10:45:40.0092 3596        usbuhci - ok
10:45:40.0155 3596        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
10:45:40.0186 3596        usbvideo - ok
10:45:40.0342 3596        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
10:45:40.0373 3596        vdrvroot - ok
10:45:40.0435 3596        vga            (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
10:45:40.0467 3596        vga - ok
10:45:40.0513 3596        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
10:45:40.0545 3596        VgaSave - ok
10:45:40.0607 3596        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
10:45:40.0638 3596        vhdmp - ok
10:45:40.0685 3596        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
10:45:40.0732 3596        viaagp - ok
10:45:40.0857 3596        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
10:45:40.0888 3596        ViaC7 - ok
10:45:40.0935 3596        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
10:45:40.0981 3596        viaide - ok
10:45:41.0106 3596        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
10:45:41.0137 3596        volmgr - ok
10:45:41.0262 3596        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
10:45:41.0356 3596        volmgrx - ok
10:45:41.0465 3596        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
10:45:41.0512 3596        volsnap - ok
10:45:41.0574 3596        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
10:45:41.0621 3596        vsmraid - ok
10:45:41.0777 3596        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
10:45:41.0793 3596        vwifibus - ok
10:45:41.0839 3596        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
10:45:41.0871 3596        vwififlt - ok
10:45:42.0027 3596        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
10:45:42.0058 3596        WacomPen - ok
10:45:42.0198 3596        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:45:42.0229 3596        WANARP - ok
10:45:42.0245 3596        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
10:45:42.0261 3596        Wanarpv6 - ok
10:45:42.0370 3596        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
10:45:42.0401 3596        Wd - ok
10:45:42.0541 3596        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
10:45:42.0588 3596        Wdf01000 - ok
10:45:42.0822 3596        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
10:45:42.0838 3596        WfpLwf - ok
10:45:42.0885 3596        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
10:45:42.0900 3596        WIMMount - ok
10:45:43.0134 3596        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys
10:45:43.0181 3596        WinUsb - ok
10:45:43.0399 3596        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
10:45:43.0431 3596        WmiAcpi - ok
10:45:43.0633 3596        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
10:45:43.0649 3596        ws2ifsl - ok
10:45:43.0821 3596        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
10:45:43.0852 3596        WudfPf - ok
10:45:43.0914 3596        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
10:45:43.0945 3596        WUDFRd - ok
10:45:44.0133 3596        yukonw7        (49d10b542dacfbb0e2ebf3e59f83ef21) C:\windows\system32\DRIVERS\yk62x86.sys
10:45:44.0148 3596        yukonw7 - ok
10:45:44.0242 3596        MBR (0x1B8)    (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
10:45:45.0334 3596        \Device\Harddisk0\DR0 - ok
10:45:45.0349 3596        Boot (0x1200)  (5dc79a0a17a409ee186ac139cf9301cb) \Device\Harddisk0\DR0\Partition0
10:45:45.0349 3596        \Device\Harddisk0\DR0\Partition0 - ok
10:45:45.0396 3596        Boot (0x1200)  (feb8b7be0c7c1bcce4752dbf82452755) \Device\Harddisk0\DR0\Partition1
10:45:45.0396 3596        \Device\Harddisk0\DR0\Partition1 - ok
10:45:45.0427 3596        Boot (0x1200)  (07045dafb635ac29504b9d7a16cfc811) \Device\Harddisk0\DR0\Partition2
10:45:45.0427 3596        \Device\Harddisk0\DR0\Partition2 - ok
10:45:45.0427 3596        ============================================================
10:45:45.0427 3596        Scan finished
10:45:45.0427 3596        ============================================================
10:45:45.0474 5956        Detected object count: 0
10:45:45.0474 5956        Actual detected object count: 0


Chris4You 25.01.2012 17:42

Hi,

wie verhält sich der Rechner? Gibt es Umleitung im Internet etc.?
Wenn nichts mehr auftritt sollten wir durch sein...

chris

Schakatak 25.01.2012 17:51

Zitat:

Zitat von Chris4You (Beitrag 760437)
Hi,

wie verhält sich der Rechner? Gibt es Umleitung im Internet etc.?
Wenn nichts mehr auftritt sollten wir durch sein...

chris

Umleitungen? Wie ´meinst du das?

Anderes Problem: Die Internetverbindungen über unseren Router (4 Laptops angeschlossen über WLAN) bricht seit einiger zeit häufig ab oder die Geshwindigkeit lässt zu wünschen übrig.

Kann es ein Virus oder Trojaner sein?

Wie könnten wir das prüfen?

Achja. Der Rechner läuft stabil. Das Prob scheint gelöst zu sein. Dafür meinen herzlichen Dank.

Lieben Gruß Michael


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:58 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131