| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Firewall inaktiv und lässt sich nicht mehr aktivierenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.06.2011, 00:34
| #16 |
 |  Firewall inaktiv und lässt sich nicht mehr aktivieren OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/25/2011 1:00:32 AM - Run 2 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Saphira\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.97 Gb Total Physical Memory | 2.40 Gb Available Physical Memory | 60.51% Memory free 7.93 Gb Paging File | 6.14 Gb Available in Paging File | 77.46% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 202.80 Gb Total Space | 111.41 Gb Free Space | 54.94% Space Free | Partition Type: NTFS Drive D: | 247.87 Gb Total Space | 72.62 Gb Free Space | 29.30% Space Free | Partition Type: NTFS Computer Name: HYENA | User Name: Saphira | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/06/25 00:57:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Saphira\Desktop\OTL.exe PRC - [2011/06/21 20:49:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011/05/29 09:11:28 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011/05/10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST\AvastUI.exe PRC - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST\AvastSvc.exe PRC - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2009/10/28 11:57:22 | 000,451,904 | ---- | M] () -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe PRC - [2009/09/12 14:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009/09/07 12:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009/08/23 06:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009/08/06 09:46:06 | 002,242,048 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () -- C:\Windows\SysWOW64\Rezip.exe PRC - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe ========== Modules (SafeList) ========== MOD - [2011/06/25 00:57:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Saphira\Desktop\OTL.exe MOD - [2011/05/10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST\snxhk.dll MOD - [2010/11/20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011/05/10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2009/11/25 05:17:16 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2009/11/23 16:53:58 | 000,127,784 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService) SRV:64bit: - [2009/11/23 16:53:54 | 005,556,520 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen) SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009/06/15 11:10:00 | 000,382,976 | ---- | M] (Marvell) [Auto | Running] -- C:\Windows\SysNative\yk62x64.dll -- (yksvc) SRV:64bit: - [2009/03/28 04:10:16 | 000,016,896 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio) SRV - [2011/06/16 13:39:02 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai\netsession_win_e877e12.dll -- (Akamai) SRV - [2011/05/29 09:11:28 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011/02/24 19:10:11 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/10/28 11:57:22 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/10/07 07:04:28 | 000,044,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.21006\aspnet_state.exe -- (aspnet_state) SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/05 11:54:50 | 000,311,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\Rezip.exe -- (Rezip) SRV - [2008/01/16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2011/05/10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2011/05/07 18:39:18 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009/12/21 15:47:25 | 000,871,408 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2009/11/25 05:52:14 | 006,174,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2009/09/30 16:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009/09/21 19:00:44 | 001,537,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009/08/27 16:06:34 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2009/07/22 00:03:34 | 001,208,320 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009/07/15 01:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/15 11:10:00 | 000,393,216 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2009/06/10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/05/28 08:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/20 12:54:06 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid) DRV:64bit: - [2007/02/16 21:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter) DRV:64bit: - [2007/02/08 15:48:04 | 000,051,600 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dsiarhwprog_x64.sys -- (usbio) DRV:64bit: - [2006/12/05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60505 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.deviantart.com/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.8 FF - prefs.js..extensions.enabledItems: bug489729@alice0775:1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: mp4downloader@jeff.net:1.3.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.1.2 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST\WebRep\FF [2011/06/25 00:18:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/06/25 00:17:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/06/21 20:49:22 | 000,000,000 | ---D | M] [2009/12/15 19:57:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saphira\AppData\Roaming\mozilla\Extensions [2011/06/25 00:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions [2011/04/18 00:55:21 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2011/03/24 23:19:06 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011/05/24 14:08:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/12/12 15:51:06 | 000,000,000 | ---D | M] ("bug489729") -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\bug489729@alice0775 [2011/02/23 21:34:45 | 000,000,000 | ---D | M] (MP4 Downloader) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\mp4downloader@jeff.net [2011/03/24 23:19:07 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saphira\AppData\Roaming\mozilla\Firefox\Profiles\bt2qaexn.default\extensions\personas@christopher.beard [2010/12/11 15:35:47 | 000,002,349 | ---- | M] () -- C:\Users\Saphira\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qaexn.default\searchplugins\icq-search.xml [2011/02/23 16:31:17 | 000,000,950 | ---- | M] () -- C:\Users\Saphira\AppData\Roaming\Mozilla\Firefox\Profiles\bt2qaexn.default\searchplugins\icqplugin.xml [2011/06/25 00:35:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010/10/22 16:44:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/06/25 00:18:19 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST\WEBREP\FF [2010/10/22 16:44:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010/07/12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010/12/03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/12/03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010/12/03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010/12/03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010/12/03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{79a9ca85-ee37-11de-9466-00245419cc26}\Shell - "" = AutoRun O33 - MountPoints2\{79a9ca85-ee37-11de-9466-00245419cc26}\Shell\AutoRun\command - "" = F:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: StartCCC - hkey= - key= - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {D5BEA3CC-2690-BD7D-3C2B-D21C51E38296} - Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L) Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll () Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.vorbis - C:\windows\SysWow64\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/) Drivers32: vidc.3IV2 - C:\windows\SysWow64\3ivxVfWCodec.dll (3ivx Technologies Pty. Ltd.) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: VIDC.FPS1 - C:\windows\SysWow64\frapsvid.dll (Beepa P/L) Drivers32: vidc.i420 - C:\windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com) Drivers32: VIDC.XFR1 - C:\windows\SysWow64\xfcodec.dll () Drivers32: vidc.yv12 - C:\windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/06/25 00:57:04 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Saphira\Desktop\OTL.exe [2011/06/25 00:32:47 | 000,000,000 | R--D | C] -- C:\Users\Saphira\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011/06/25 00:18:31 | 000,287,576 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys [2011/06/25 00:18:31 | 000,022,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys [2011/06/25 00:18:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2011/06/25 00:18:29 | 000,600,920 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys [2011/06/25 00:18:29 | 000,053,592 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys [2011/06/25 00:18:29 | 000,031,064 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys [2011/06/25 00:18:28 | 000,253,888 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2011/06/25 00:18:28 | 000,064,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2011/06/25 00:18:16 | 000,040,112 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2011/06/25 00:18:15 | 000,199,304 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2011/06/25 00:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2011/06/25 00:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST [2011/06/25 00:06:19 | 000,000,000 | ---D | C] -- C:\windows\SysNative\SPReview [2011/06/24 16:11:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage [2011/06/24 15:33:24 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysNative\fms.dll [2011/06/24 15:32:47 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\windows\SysWow64\fms.dll [2011/06/24 01:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011/06/24 01:10:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011/06/24 00:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2011/06/24 00:10:51 | 000,000,000 | ---D | C] -- C:\windows\Internet Logs [2011/06/23 23:52:00 | 000,000,000 | ---D | C] -- C:\Users\Saphira\AppData\Roaming\Malwarebytes [2011/06/23 23:50:34 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys [2011/06/23 23:50:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/06/23 23:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011/06/23 23:50:30 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2011/06/23 23:50:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2011/06/23 19:28:37 | 000,000,000 | ---D | C] -- C:\windows\SysNative\EventProviders [2011/06/23 02:14:47 | 000,000,000 | ---D | C] -- C:\windows\system64 [2005/07/15 17:32:48 | 019,980,288 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ImageReady.exe [2005/04/07 00:24:00 | 000,196,608 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\KPCP32.DLL [2005/04/07 00:22:24 | 000,048,128 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\KPSYS32.DLL [2005/04/07 00:11:18 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\Program Files (x86)\PCDLIB32.DLL [2005/03/22 06:49:14 | 000,287,232 | ---- | C] (Adobe Systems) -- C:\Program Files (x86)\Adobelmsvc Installer.dll [2005/03/22 05:29:36 | 019,533,824 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Photoshop.exe [2005/03/22 04:48:16 | 002,142,208 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\PSArt.dll [2005/03/22 04:48:14 | 001,748,992 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\PSViews.dll [2005/03/22 04:48:14 | 001,323,008 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Photoshop.dll [2005/03/22 04:43:50 | 001,144,622 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Tw10122.dat [2005/03/22 04:13:04 | 000,041,984 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Plugin.dll [2005/03/16 19:57:34 | 000,061,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\regsresen_US.dll [2005/03/13 14:10:58 | 004,096,000 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\PDFL70.dll [2005/03/13 13:01:44 | 001,805,824 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\AGM.dll [2005/03/10 21:31:36 | 003,715,072 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\MPS.dll [2005/03/09 18:59:30 | 001,560,169 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files (x86)\AdobeLM.dll [2005/03/09 05:32:48 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\AXE8SharedExpat.dll [2005/03/09 05:32:48 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\AXE16SharedExpat.dll [2005/03/09 05:17:28 | 000,475,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\AdobeXMP.dll [2005/03/09 05:07:42 | 002,162,688 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\CoolType.dll [2005/03/09 05:07:42 | 000,630,784 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ACE.dll [2005/03/09 05:07:42 | 000,266,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\ARE.dll [2005/03/09 05:07:42 | 000,217,088 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\BIBUtils.dll [2005/03/09 05:07:42 | 000,180,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Bib.dll [2005/03/08 08:23:12 | 004,153,344 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\VersionCue.dll [2005/03/08 08:23:12 | 003,170,304 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\VersionCueUI.dll [2005/03/03 16:39:24 | 000,425,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\AdobeUpdater.dll [2005/02/17 12:28:10 | 000,663,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\FileInfo.dll [2005/02/15 03:03:42 | 000,561,152 | ---- | C] (Adobe system Incorporated) -- C:\Program Files (x86)\JP2KLib.dll [2005/02/10 14:36:14 | 000,143,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\epic_eula.dll [2005/02/08 14:43:58 | 000,049,152 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\persresen_US.dll [2005/02/08 14:43:58 | 000,045,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\eularesen_US.dll [2005/02/07 09:45:06 | 000,005,632 | ---- | C] (IBM Corporation and others) -- C:\Program Files (x86)\agldt28l.dll [2005/01/19 15:31:00 | 000,155,648 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\epic_regs.dll [2005/01/18 13:31:12 | 000,114,688 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\epic_pers.dll [2005/01/12 15:23:20 | 000,180,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files (x86)\pdfsettings.dll [2004/08/24 16:55:48 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files (x86)\asneu.dll [2004/06/22 13:57:52 | 000,589,824 | ---- | C] (IBM Corporation and others) -- C:\Program Files (x86)\libagluc28.dll [2003/09/16 21:42:06 | 001,177,209 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files (x86)\emu.dll [2003/05/08 19:34:06 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcp71.dll [2003/05/08 19:32:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\msvcr71.dll [2000/08/29 01:19:16 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\MSVCP60.DLL [1999/12/03 07:01:32 | 000,022,800 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Shfolder.dll [1999/02/02 01:00:00 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\Msvcrt.dll [1997/09/26 15:47:14 | 000,607,744 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\PCDIMP.FLT [1997/03/27 18:47:28 | 000,058,368 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\PFPICK.DLL [1996/12/10 11:31:08 | 000,020,992 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\ICCCODES.DLL [1996/11/22 14:47:10 | 000,156,672 | ---- | C] (Eastman Kodak Company) -- C:\Program Files (x86)\SPROF32.DLL [1 C:\Users\Saphira\AppData\Local\*.tmp files -> C:\Users\Saphira\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/25 00:57:13 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Saphira\Desktop\OTL.exe [2011/06/25 00:37:16 | 000,019,808 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/25 00:37:16 | 000,019,808 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/25 00:36:01 | 001,769,724 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2011/06/25 00:36:01 | 000,757,654 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2011/06/25 00:36:01 | 000,702,064 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2011/06/25 00:36:01 | 000,172,972 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2011/06/25 00:36:01 | 000,139,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2011/06/25 00:32:40 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/25 00:27:57 | 000,476,632 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2011/06/25 00:27:51 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2011/06/25 00:27:35 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys [2011/06/25 00:18:31 | 000,001,638 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/06/25 00:18:28 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2011/06/24 19:28:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/24 01:10:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/06/23 23:50:34 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/22 18:20:28 | 000,024,112 | ---- | M] () -- C:\Users\Saphira\Documents\Kamera.odt [2011/06/21 21:19:32 | 000,000,206 | ---- | M] () -- C:\windows\SysNative\MRT.INI [2011/06/21 18:26:14 | 000,006,586 | ---- | M] () -- C:\Users\Saphira\AppData\Roaming\811E.69A [2011/06/16 00:06:06 | 000,013,738 | ---- | M] () -- C:\Users\Saphira\Documents\Aurora.odt [2011/06/14 14:02:08 | 000,000,000 | ---- | M] () -- C:\Users\Saphira\AppData\Local\{05AE8C83-F272-4A36-B4BE-1850E0DCF7BA} [2011/06/14 14:00:01 | 000,000,379 | ---- | M] () -- C:\windows\SysNative\Pen_Tablet.dat [2011/06/08 17:02:50 | 000,147,456 | ---- | M] () -- C:\Users\Saphira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys [2011/05/29 09:11:20 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [1 C:\Users\Saphira\AppData\Local\*.tmp files -> C:\Users\Saphira\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/25 00:18:31 | 000,001,638 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk [2011/06/25 00:18:28 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2011/06/24 15:34:58 | 000,347,904 | ---- | C] () -- C:\windows\SysNative\systemsf.ebd [2011/06/24 15:32:16 | 000,010,429 | ---- | C] () -- C:\windows\SysNative\ScavengeSpace.xml [2011/06/24 15:31:49 | 000,105,559 | ---- | C] () -- C:\windows\SysWow64\RacRules.xml [2011/06/24 15:31:49 | 000,105,559 | ---- | C] () -- C:\windows\SysNative\RacRules.xml [2011/06/24 15:31:01 | 000,001,041 | ---- | C] () -- C:\windows\SysWow64\tcpbidi.xml [2011/06/24 01:10:28 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011/06/23 23:50:34 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/06/22 18:20:25 | 000,024,112 | ---- | C] () -- C:\Users\Saphira\Documents\Kamera.odt [2011/06/21 21:19:32 | 000,000,206 | ---- | C] () -- C:\windows\SysNative\MRT.INI [2011/06/21 16:21:02 | 000,006,586 | ---- | C] () -- C:\Users\Saphira\AppData\Roaming\811E.69A [2011/06/16 00:00:11 | 000,013,738 | ---- | C] () -- C:\Users\Saphira\Documents\Aurora.odt [2011/06/14 14:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Saphira\AppData\Local\{05AE8C83-F272-4A36-B4BE-1850E0DCF7BA} [2011/02/18 20:05:21 | 000,027,648 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2010/12/13 01:00:41 | 1443,241,585 | ---- | C] () -- C:\Program Files (x86)\FlashPro_11_LS4.7z [2010/07/09 21:00:32 | 000,041,872 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll [2010/07/07 18:21:15 | 000,147,456 | ---- | C] () -- C:\Users\Saphira\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/24 01:12:51 | 000,000,048 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2009/12/18 16:02:19 | 000,000,791 | ---- | C] () -- C:\Program Files (x86)\install.adb [2009/12/15 17:36:53 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2009/12/15 17:31:26 | 001,648,190 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2009/10/29 00:06:34 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2009/10/28 08:31:35 | 000,307,200 | ---- | C] () -- C:\windows\SetDisplayResolution.exe [2009/10/28 08:16:46 | 000,311,296 | ---- | C] () -- C:\windows\SysWow64\Rezip.exe [2009/07/14 07:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 04:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2009/07/14 04:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2009/07/14 02:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2009/07/13 23:59:36 | 000,982,196 | ---- | C] () -- C:\windows\SysWow64\igkrng500.bin [2009/07/13 23:59:36 | 000,139,824 | ---- | C] () -- C:\windows\SysWow64\igfcg500.bin [2009/07/13 23:59:36 | 000,097,448 | ---- | C] () -- C:\windows\SysWow64\igfcg500m.bin [2009/07/13 23:59:35 | 000,417,344 | ---- | C] () -- C:\windows\SysWow64\igcompkrng500.bin [2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2009/06/10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2008/02/19 08:33:34 | 000,446,352 | ---- | C] () -- C:\windows\SysWow64\OpenQuicktimeLib.dll [2006/11/02 09:27:46 | 000,000,518 | ---- | C] () -- C:\windows\SysWow64\SP207.INI [2005/04/07 00:41:52 | 001,144,187 | ---- | C] () -- C:\Program Files (x86)\DigitalRAW.pdf [2005/03/22 04:48:18 | 000,150,644 | ---- | C] () -- C:\Program Files (x86)\TypeLibrary.tlb [2005/03/01 17:46:58 | 000,045,486 | ---- | C] () -- C:\Program Files (x86)\Photoshop Read Me.wri [2005/02/25 14:50:00 | 000,157,035 | ---- | C] () -- C:\Program Files (x86)\LegalNotices.pdf [2005/02/17 19:34:40 | 024,971,130 | ---- | C] () -- C:\Program Files (x86)\Photoshop_9.0_en-us.zip [2005/02/11 14:45:00 | 000,013,842 | ---- | C] () -- C:\Program Files (x86)\Activation ReadMe.htm [2002/10/15 10:59:00 | 001,163,643 | ---- | C] () -- C:\Program Files (x86)\FUJI.PDF [1999/07/07 02:00:00 | 000,000,006 | RHS- | C] () -- C:\ProgramData\4C3B2B99-ECAA-4D9D-B9D5-9F7442A71C71 [1997/10/08 12:17:34 | 000,008,208 | ---- | C] () -- C:\Program Files (x86)\KODAK.WRI [1996/12/10 11:21:40 | 000,037,714 | ---- | C] () -- C:\Program Files (x86)\ICCSIGS.DAT ========== LOP Check ========== [2010/04/25 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Blender Foundation [2011/06/03 15:11:07 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\FontCreator [2011/05/20 19:12:00 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\gtk-2.0 [2011/05/31 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ICQ [2011/02/18 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\MyPhoneExplorer [2011/01/24 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\OpenOffice.org [2011/01/07 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\PhotoScape [2011/03/21 20:15:05 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\PunkBuster [2010/11/24 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Quest3D [2010/02/23 19:46:31 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Synthesia [2011/03/09 01:00:29 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\SYSTEMAX Software Development [2011/06/10 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Ubisoft [2010/05/10 17:48:22 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Unity [2009/12/18 00:31:58 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\WTouch [2010/11/06 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\XnView [2009/12/15 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ZipGenius [2011/05/22 14:21:44 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011/06/21 16:20:57 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Adobe [2011/04/17 18:41:39 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ArcSoft [2009/12/15 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ATI [2010/04/25 18:18:22 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Blender Foundation [2009/12/15 19:20:11 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Google [2011/05/20 19:12:00 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\gtk-2.0 [2011/05/31 16:08:12 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ICQ [2009/12/15 17:38:52 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Identities [2009/12/15 20:20:30 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Macromedia [2011/06/23 23:52:00 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Malwarebytes [2009/10/28 23:15:07 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Media Center Programs [2011/06/21 21:21:09 | 000,000,000 | --SD | M] -- C:\Users\Saphira\AppData\Roaming\Microsoft [2009/12/15 19:57:54 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Mozilla [2011/02/18 20:22:32 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\MyPhoneExplorer [2011/01/24 00:06:05 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\OpenOffice.org [2011/01/07 17:31:26 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\PhotoScape [2011/03/21 20:15:05 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\PunkBuster [2010/11/24 14:59:38 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Quest3D [2011/02/18 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Real [2010/07/11 13:59:55 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Sibelius Software [2011/06/17 15:21:54 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Skype [2011/06/17 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\skypePM [2011/03/09 01:00:29 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\SYSTEMAX Software Development [2011/06/10 19:49:28 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Ubisoft [2010/05/10 17:48:22 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Unity [2011/06/24 01:30:38 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Winamp [2009/12/21 17:39:27 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\WinRAR [2011/06/25 00:32:39 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\WTablet [2009/12/18 00:31:58 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\WTouch [2011/01/14 19:53:09 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\Xfire [2010/11/06 20:45:26 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\XnView [2009/12/15 21:25:02 | 000,000,000 | ---D | M] -- C:\Users\Saphira\AppData\Roaming\ZipGenius < %APPDATA%\*.exe /s > [2009/12/22 17:24:16 | 000,010,134 | R--- | M] () -- C:\Users\Saphira\AppData\Roaming\Microsoft\Installer\{BA3B34EB-3F4B-0E19-0916-971C1AD3F0AD}\ARPPRODUCTICON.exe [2011/02/17 22:39:13 | 000,835,440 | R--- | M] () -- C:\Users\Saphira\AppData\Roaming\PunkBuster\pbsetup\pbsvc.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\drivers\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\system64\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\drivers\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\system64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\system64\cngaudit.dll [2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\system64\drivers\iaStor.sys [2009/06/04 11:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\system64\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys [2009/06/04 11:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\drivers\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\system64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\system64\netlogon.dll [2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\drivers\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\system64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\system64\scecli.dll [2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\system64\user32.dll [2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\system64\userinit.exe [2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\system64\wininit.exe [2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\system64\winlogon.exe [2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\system64\drivers\ws2ifsl.sys [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > ========== Hard Links - Junction Points - Mount Points - Symbolic Links ========== [C:\windows\system64] -> \systemroot\system32 -> Mount Point < End of report > |
|
25.06.2011, 00:47
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Firewall inaktiv und lässt sich nicht mehr aktivieren Unauffällig. Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
25.06.2011, 00:53
| #18 |
| | Firewall inaktiv und lässt sich nicht mehr aktivieren 2011/06/25 01:50:22.0998 4492 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
__________________2011/06/25 01:50:23.0296 4492 ================================================================================ 2011/06/25 01:50:23.0296 4492 SystemInfo: 2011/06/25 01:50:23.0296 4492 2011/06/25 01:50:23.0296 4492 OS Version: 6.1.7601 ServicePack: 1.0 2011/06/25 01:50:23.0296 4492 Product type: Workstation 2011/06/25 01:50:23.0296 4492 ComputerName: HYENA 2011/06/25 01:50:23.0296 4492 UserName: Saphira 2011/06/25 01:50:23.0297 4492 Windows directory: C:\windows 2011/06/25 01:50:23.0297 4492 System windows directory: C:\windows 2011/06/25 01:50:23.0297 4492 Running under WOW64 2011/06/25 01:50:23.0297 4492 Processor architecture: Intel x64 2011/06/25 01:50:23.0297 4492 Number of processors: 2 2011/06/25 01:50:23.0297 4492 Page size: 0x1000 2011/06/25 01:50:23.0297 4492 Boot type: Normal boot 2011/06/25 01:50:23.0297 4492 ================================================================================ 2011/06/25 01:50:24.0111 4492 Initialize success 2011/06/25 01:50:39.0786 4144 ================================================================================ 2011/06/25 01:50:39.0786 4144 Scan started 2011/06/25 01:50:39.0786 4144 Mode: Manual; 2011/06/25 01:50:39.0786 4144 ================================================================================ 2011/06/25 01:50:40.0456 4144 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 2011/06/25 01:50:40.0612 4144 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 2011/06/25 01:50:40.0752 4144 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 2011/06/25 01:50:40.0916 4144 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 2011/06/25 01:50:41.0069 4144 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 2011/06/25 01:50:41.0218 4144 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 2011/06/25 01:50:41.0396 4144 AFD (d5b031c308a409a0a576bff4cf083d30) C:\windows\system32\drivers\afd.sys 2011/06/25 01:50:41.0587 4144 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\windows\system32\DRIVERS\agrsm64.sys 2011/06/25 01:50:41.0745 4144 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 2011/06/25 01:50:41.0948 4144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 2011/06/25 01:50:42.0104 4144 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 2011/06/25 01:50:42.0236 4144 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 2011/06/25 01:50:42.0348 4144 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 2011/06/25 01:50:42.0497 4144 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 2011/06/25 01:50:42.0658 4144 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 2011/06/25 01:50:42.0814 4144 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 2011/06/25 01:50:42.0960 4144 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 2011/06/25 01:50:43.0116 4144 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 2011/06/25 01:50:43.0252 4144 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 2011/06/25 01:50:43.0411 4144 aswFsBlk (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\windows\system32\drivers\aswFsBlk.sys 2011/06/25 01:50:43.0562 4144 aswMonFlt (f3e75dd1bcc358fb4629357ad09e7c84) C:\windows\system32\drivers\aswMonFlt.sys 2011/06/25 01:50:43.0695 4144 aswRdr (fccbdc045dc12afd1508205117e7ed11) C:\windows\system32\drivers\aswRdr.sys 2011/06/25 01:50:43.0879 4144 aswSnx (5824dca602a0a30e866bc2ac98c6d970) C:\windows\system32\drivers\aswSnx.sys 2011/06/25 01:50:44.0032 4144 aswSP (af07b4bef920f90205148f3a05e2974c) C:\windows\system32\drivers\aswSP.sys 2011/06/25 01:50:44.0212 4144 aswTdi (a3eca5af3b4823a523c285a8df0f9e4f) C:\windows\system32\drivers\aswTdi.sys 2011/06/25 01:50:44.0342 4144 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 2011/06/25 01:50:44.0471 4144 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 2011/06/25 01:50:44.0637 4144 athr (88a02b6046356e6be4e387faa7451439) C:\windows\system32\DRIVERS\athrx.sys 2011/06/25 01:50:44.0810 4144 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\windows\system32\drivers\AtiHdmi.sys 2011/06/25 01:50:45.0103 4144 atikmdag (19b5c61cb09bff2bd69e063ee54b56c3) C:\windows\system32\DRIVERS\atikmdag.sys 2011/06/25 01:50:45.0444 4144 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 2011/06/25 01:50:45.0579 4144 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 2011/06/25 01:50:45.0760 4144 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 2011/06/25 01:50:45.0920 4144 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 2011/06/25 01:50:46.0070 4144 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 2011/06/25 01:50:46.0215 4144 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 2011/06/25 01:50:46.0326 4144 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 2011/06/25 01:50:46.0447 4144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 2011/06/25 01:50:46.0558 4144 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 2011/06/25 01:50:46.0694 4144 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 2011/06/25 01:50:46.0805 4144 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 2011/06/25 01:50:46.0951 4144 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 2011/06/25 01:50:47.0085 4144 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 2011/06/25 01:50:47.0236 4144 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 2011/06/25 01:50:47.0387 4144 BTHPORT (0d25b6d300ba26a5f2c3b2a8e96b158b) C:\windows\System32\Drivers\BTHport.sys 2011/06/25 01:50:47.0592 4144 BTHUSB (1f9912f8ec5bfa53432e71e150636a8a) C:\windows\System32\Drivers\BTHUSB.sys 2011/06/25 01:50:47.0719 4144 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 2011/06/25 01:50:47.0897 4144 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\drivers\cdrom.sys 2011/06/25 01:50:48.0048 4144 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 2011/06/25 01:50:48.0153 4144 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 2011/06/25 01:50:48.0354 4144 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 2011/06/25 01:50:48.0477 4144 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 2011/06/25 01:50:48.0616 4144 CNG (d5fea92400f12412b3922087c09da6a5) C:\windows\system32\Drivers\cng.sys 2011/06/25 01:50:48.0762 4144 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 2011/06/25 01:50:48.0898 4144 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 2011/06/25 01:50:49.0034 4144 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 2011/06/25 01:50:49.0212 4144 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 2011/06/25 01:50:49.0335 4144 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 2011/06/25 01:50:49.0474 4144 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 2011/06/25 01:50:49.0631 4144 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 2011/06/25 01:50:49.0770 4144 dtsoftbus01 (fb9bef3401ee5ecc2603311b9c64f44a) C:\windows\system32\DRIVERS\dtsoftbus01.sys 2011/06/25 01:50:49.0917 4144 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 2011/06/25 01:50:50.0131 4144 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 2011/06/25 01:50:50.0318 4144 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 2011/06/25 01:50:50.0452 4144 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 2011/06/25 01:50:50.0597 4144 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 2011/06/25 01:50:50.0715 4144 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 2011/06/25 01:50:50.0846 4144 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 2011/06/25 01:50:50.0987 4144 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 2011/06/25 01:50:51.0094 4144 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 2011/06/25 01:50:51.0261 4144 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 2011/06/25 01:50:51.0425 4144 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 2011/06/25 01:50:51.0574 4144 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 2011/06/25 01:50:51.0719 4144 fssfltr (53dab1791917a72738539ad25c4eed7f) C:\windows\system32\DRIVERS\fssfltr.sys 2011/06/25 01:50:51.0847 4144 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 2011/06/25 01:50:51.0993 4144 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 2011/06/25 01:50:52.0105 4144 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 2011/06/25 01:50:52.0311 4144 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 2011/06/25 01:50:52.0467 4144 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 2011/06/25 01:50:52.0622 4144 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 2011/06/25 01:50:52.0736 4144 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 2011/06/25 01:50:52.0861 4144 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 2011/06/25 01:50:52.0975 4144 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 2011/06/25 01:50:53.0123 4144 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys 2011/06/25 01:50:53.0263 4144 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 2011/06/25 01:50:53.0423 4144 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 2011/06/25 01:50:53.0567 4144 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 2011/06/25 01:50:53.0738 4144 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys 2011/06/25 01:50:53.0868 4144 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\windows\system32\DRIVERS\iaStor.sys 2011/06/25 01:50:54.0021 4144 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 2011/06/25 01:50:54.0289 4144 igfx (a87261ef1546325b559374f5689cf5bc) C:\windows\system32\DRIVERS\igdkmd64.sys 2011/06/25 01:50:54.0513 4144 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 2011/06/25 01:50:54.0713 4144 IntcAzAudAddService (f04d22d7a49a1b2210dbadf0b803e870) C:\windows\system32\drivers\RTKVHD64.sys 2011/06/25 01:50:54.0849 4144 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 2011/06/25 01:50:54.0981 4144 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 2011/06/25 01:50:55.0114 4144 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 2011/06/25 01:50:55.0246 4144 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 2011/06/25 01:50:55.0366 4144 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 2011/06/25 01:50:55.0501 4144 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 2011/06/25 01:50:55.0624 4144 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 2011/06/25 01:50:55.0753 4144 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 2011/06/25 01:50:55.0948 4144 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\drivers\kbdclass.sys 2011/06/25 01:50:56.0090 4144 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys 2011/06/25 01:50:56.0237 4144 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\windows\system32\Drivers\ksecdd.sys 2011/06/25 01:50:56.0365 4144 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\windows\system32\Drivers\ksecpkg.sys 2011/06/25 01:50:56.0496 4144 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 2011/06/25 01:50:56.0654 4144 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 2011/06/25 01:50:56.0810 4144 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 2011/06/25 01:50:56.0948 4144 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 2011/06/25 01:50:57.0072 4144 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 2011/06/25 01:50:57.0208 4144 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 2011/06/25 01:50:57.0343 4144 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 2011/06/25 01:50:57.0552 4144 MBAMProtector (ed49fd1373de93617a1f6d128d98fe4d) C:\windows\system32\drivers\mbam.sys 2011/06/25 01:50:57.0723 4144 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 2011/06/25 01:50:57.0844 4144 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 2011/06/25 01:50:58.0021 4144 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 2011/06/25 01:50:58.0159 4144 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 2011/06/25 01:50:58.0303 4144 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\drivers\mouclass.sys 2011/06/25 01:50:58.0468 4144 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 2011/06/25 01:50:58.0590 4144 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 2011/06/25 01:50:58.0722 4144 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 2011/06/25 01:50:58.0842 4144 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 2011/06/25 01:50:58.0977 4144 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 2011/06/25 01:50:59.0106 4144 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 2011/06/25 01:50:59.0238 4144 mrxsmb10 (2086d463bd371d8a37d153897430916d) C:\windows\system32\DRIVERS\mrxsmb10.sys 2011/06/25 01:50:59.0384 4144 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 2011/06/25 01:50:59.0507 4144 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 2011/06/25 01:50:59.0630 4144 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 2011/06/25 01:50:59.0760 4144 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 2011/06/25 01:50:59.0894 4144 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 2011/06/25 01:51:00.0016 4144 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 2011/06/25 01:51:00.0159 4144 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 2011/06/25 01:51:00.0298 4144 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 2011/06/25 01:51:00.0434 4144 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 2011/06/25 01:51:00.0565 4144 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 2011/06/25 01:51:00.0706 4144 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 2011/06/25 01:51:00.0856 4144 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 2011/06/25 01:51:00.0970 4144 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 2011/06/25 01:51:01.0114 4144 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 2011/06/25 01:51:01.0287 4144 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 2011/06/25 01:51:01.0462 4144 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 2011/06/25 01:51:01.0598 4144 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 2011/06/25 01:51:01.0729 4144 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 2011/06/25 01:51:01.0899 4144 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 2011/06/25 01:51:02.0041 4144 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 2011/06/25 01:51:02.0167 4144 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 2011/06/25 01:51:02.0302 4144 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 2011/06/25 01:51:02.0434 4144 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 2011/06/25 01:51:02.0615 4144 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 2011/06/25 01:51:02.0753 4144 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 2011/06/25 01:51:02.0879 4144 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 2011/06/25 01:51:03.0058 4144 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 2011/06/25 01:51:03.0201 4144 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 2011/06/25 01:51:03.0344 4144 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 2011/06/25 01:51:03.0477 4144 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 2011/06/25 01:51:03.0609 4144 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 2011/06/25 01:51:03.0769 4144 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 2011/06/25 01:51:04.0013 4144 PAC207 (3a6dceb1848470320e4a3c12d7a35b1c) C:\windows\system32\DRIVERS\PFC027.SYS 2011/06/25 01:51:04.0163 4144 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 2011/06/25 01:51:04.0286 4144 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 2011/06/25 01:51:04.0435 4144 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 2011/06/25 01:51:04.0565 4144 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 2011/06/25 01:51:04.0692 4144 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 2011/06/25 01:51:04.0808 4144 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 2011/06/25 01:51:04.0938 4144 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 2011/06/25 01:51:05.0173 4144 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 2011/06/25 01:51:05.0308 4144 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 2011/06/25 01:51:05.0486 4144 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 2011/06/25 01:51:05.0645 4144 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 2011/06/25 01:51:05.0775 4144 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 2011/06/25 01:51:05.0897 4144 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 2011/06/25 01:51:06.0008 4144 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 2011/06/25 01:51:06.0142 4144 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 2011/06/25 01:51:06.0291 4144 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 2011/06/25 01:51:06.0430 4144 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 2011/06/25 01:51:06.0564 4144 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 2011/06/25 01:51:06.0693 4144 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 2011/06/25 01:51:06.0806 4144 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 2011/06/25 01:51:06.0926 4144 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 2011/06/25 01:51:07.0063 4144 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 2011/06/25 01:51:07.0189 4144 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 2011/06/25 01:51:07.0326 4144 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\windows\system32\drivers\RDPWD.sys 2011/06/25 01:51:07.0475 4144 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 2011/06/25 01:51:07.0651 4144 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 2011/06/25 01:51:07.0809 4144 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 2011/06/25 01:51:07.0947 4144 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\windows\system32\DRIVERS\Rt64win7.sys 2011/06/25 01:51:08.0101 4144 SABI (62db6cc4b0818f1b5f3441241b098f12) C:\windows\system32\Drivers\SABI.sys 2011/06/25 01:51:08.0237 4144 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 2011/06/25 01:51:08.0376 4144 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 2011/06/25 01:51:08.0550 4144 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 2011/06/25 01:51:08.0722 4144 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 2011/06/25 01:51:08.0880 4144 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 2011/06/25 01:51:09.0007 4144 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 2011/06/25 01:51:09.0149 4144 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 2011/06/25 01:51:09.0301 4144 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 2011/06/25 01:51:09.0433 4144 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 2011/06/25 01:51:09.0560 4144 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 2011/06/25 01:51:09.0694 4144 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 2011/06/25 01:51:09.0810 4144 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 2011/06/25 01:51:09.0956 4144 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 2011/06/25 01:51:10.0120 4144 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 2011/06/25 01:51:10.0281 4144 sptd (88e5162e58c8919cc873f5d8946197cf) C:\windows\system32\Drivers\sptd.sys 2011/06/25 01:51:10.0281 4144 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 88e5162e58c8919cc873f5d8946197cf 2011/06/25 01:51:10.0288 4144 sptd - detected LockedFile.Multi.Generic (1) 2011/06/25 01:51:10.0453 4144 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 2011/06/25 01:51:10.0602 4144 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 2011/06/25 01:51:10.0745 4144 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 2011/06/25 01:51:10.0927 4144 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 2011/06/25 01:51:11.0087 4144 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 2011/06/25 01:51:11.0247 4144 SynTP (929c9fa0b18ad2ebc8340591c4bf00ff) C:\windows\system32\DRIVERS\SynTP.sys 2011/06/25 01:51:11.0468 4144 Tcpip (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\drivers\tcpip.sys 2011/06/25 01:51:11.0673 4144 TCPIP6 (92ce29d95ac9dd2d0ee9061d551ba250) C:\windows\system32\DRIVERS\tcpip.sys 2011/06/25 01:51:11.0818 4144 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 2011/06/25 01:51:11.0984 4144 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 2011/06/25 01:51:12.0096 4144 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys 2011/06/25 01:51:12.0240 4144 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 2011/06/25 01:51:12.0377 4144 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 2011/06/25 01:51:12.0559 4144 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 2011/06/25 01:51:12.0696 4144 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 2011/06/25 01:51:12.0846 4144 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 2011/06/25 01:51:12.0973 4144 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 2011/06/25 01:51:13.0114 4144 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 2011/06/25 01:51:13.0265 4144 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 2011/06/25 01:51:13.0417 4144 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys 2011/06/25 01:51:13.0530 4144 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 2011/06/25 01:51:13.0651 4144 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 2011/06/25 01:51:13.0807 4144 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 2011/06/25 01:51:13.0939 4144 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys 2011/06/25 01:51:14.0077 4144 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 2011/06/25 01:51:14.0239 4144 usbio (5c4219c10b5887dff85e1d2779aed55b) C:\windows\system32\Drivers\dsiarhwprog_x64.sys 2011/06/25 01:51:14.0356 4144 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 2011/06/25 01:51:14.0480 4144 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 2011/06/25 01:51:14.0626 4144 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 2011/06/25 01:51:14.0745 4144 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\drivers\USBSTOR.SYS 2011/06/25 01:51:14.0858 4144 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\DRIVERS\usbuhci.sys 2011/06/25 01:51:15.0009 4144 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys 2011/06/25 01:51:15.0164 4144 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 2011/06/25 01:51:15.0309 4144 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 2011/06/25 01:51:15.0435 4144 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 2011/06/25 01:51:15.0558 4144 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 2011/06/25 01:51:15.0692 4144 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 2011/06/25 01:51:15.0832 4144 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 2011/06/25 01:51:15.0964 4144 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 2011/06/25 01:51:16.0093 4144 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 2011/06/25 01:51:16.0221 4144 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 2011/06/25 01:51:16.0346 4144 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 2011/06/25 01:51:16.0471 4144 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 2011/06/25 01:51:16.0633 4144 wacmoumonitor (6b6718dc4b4597ec10f4f8c614282ee1) C:\windows\system32\DRIVERS\wacmoumonitor.sys 2011/06/25 01:51:16.0769 4144 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\windows\system32\DRIVERS\wacommousefilter.sys 2011/06/25 01:51:16.0891 4144 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 2011/06/25 01:51:17.0042 4144 wacomvhid (26b430e7c5f598fe7353e3bc4b261321) C:\windows\system32\DRIVERS\wacomvhid.sys 2011/06/25 01:51:17.0335 4144 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 2011/06/25 01:51:17.0373 4144 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 2011/06/25 01:51:17.0528 4144 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 2011/06/25 01:51:17.0662 4144 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 2011/06/25 01:51:17.0850 4144 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 2011/06/25 01:51:17.0971 4144 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 2011/06/25 01:51:18.0217 4144 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 2011/06/25 01:51:18.0366 4144 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 2011/06/25 01:51:18.0573 4144 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 2011/06/25 01:51:18.0757 4144 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 2011/06/25 01:51:18.0899 4144 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 2011/06/25 01:51:19.0070 4144 yukonw7 (6affd75c6807b3dd3ab018e27b88ef95) C:\windows\system32\DRIVERS\yk62x64.sys 2011/06/25 01:51:19.0147 4144 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0 2011/06/25 01:51:19.0345 4144 ================================================================================ 2011/06/25 01:51:19.0345 4144 Scan finished 2011/06/25 01:51:19.0345 4144 ================================================================================ 2011/06/25 01:51:19.0373 4488 Detected object count: 1 2011/06/25 01:51:19.0373 4488 Actual detected object count: 1 2011/06/25 01:52:15.0123 4488 LockedFile.Multi.Generic(sptd) - User select action: Skip |
|
25.06.2011, 00:57
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.06.2011, 01:31
| #20 |
| | Firewall inaktiv und lässt sich nicht mehr aktivieren Hab alles getan, wie es in der Anleitung stand. Auf einmal stand dann in der Eingabeaufforderung, dass drei Ordner gelöscht werden würden (zwei hießen irgendwas mit AppData, der andere war etwas mit system64, oder so). Dann kam noch eine Meldung, dass ein Objekt infiziert worden sei und dass ein Restore versucht werden würde. Dann schloss sich das Fenster auf einmal und es gab auch kein Logfile am Ende. Dafür seh ich jetzt in meiner Startleiste, dass Standartprogramme von Windows nicht mehr funktionieren, wie Paint, Editor, Rechner, Eingabeaufforderung, etc... Nicht mal mehr der Ton klappt..  Ich hab noch das hier gefunden, unter C:\cofi20391c: ComboFix 11-06-24.02 - Saphira 25.06.2011 2:13:42.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4061.2425 [GMT 2:00] ausgeführt von:: C:\Users\Saphira\Desktop\cofi.exe AV: avast! Antivirus *Disabled/Outdated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Outdated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) ---- Vorheriger Suchlauf ------- C:\Program Files (x86)\SHFOLDER.dll C:\Users\Saphira\AppData\Roaming\Adobe\plugs C:\Users\Saphira\AppData\Roaming\Adobe\shed C:\windows\system32\consrv.dll C:\windows\system64 C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01VHVQSJ\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1IWESMEM\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7YCHO0Z2\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FC6IH687\desktop.ini C:\windows\system64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\windows\system64\consrv.dll C:\windows\system64\desktop.ini Geändert von Hyalbexira (25.06.2011 um 01:40 Uhr) |
|
25.06.2011, 16:22
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Log ist unvollständig oder steht da nicht mehr drin? Rechner schon neugestartet? Nach CF kommen oft Meldungen wie "Registrierschlüssel ungültig da zum Löschen markiert" o.ä. - das wird erst beim nächsten Neustart gemacht
__________________ --> Firewall inaktiv und lässt sich nicht mehr aktivieren |
|
25.06.2011, 18:34
| #22 |
| | Firewall inaktiv und lässt sich nicht mehr aktivieren Hab nen Neustart versucht, aber da funktioniert Windows nicht mehr richtig.. Zuerst steht da "Windows lädt Datein", dann kommt ein Ladebalken. Danach muss ich die Tastatur einrichten und dann wird ein StartUp Repair versucht, welcher aber fehlschlägt. Restore ist auch nicht möglich, da gesagt wird, dass keine Speicherpunkte vorhanden seien, obwohl ich immer einen hatte. Das einzige, was jetzt noch klappt, ist die Eingabeaufforderung... Ich glaub, mein komplettes System ist geschrottet... |
|
25.06.2011, 20:48
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Funktioniert der abgesicherte Modus noch?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 15:13
| #24 |
| | Firewall inaktiv und lässt sich nicht mehr aktivieren Also wenn ich meinen Laptop anmache und dann F8 gedrückt halte, kommt nur ein lautes Piepen und ansonsten kommt wieder das mit dem "Windows lädt Datein", etc. |
|
26.06.2011, 15:31
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Folge mal dem 2. Link in meiner Signatur, dann kannst du wenigstens erstmal alle wichtigen noch ungesicherten Daten sichern. Danach wirds auf Reparatur- oder Neuinstallation hinauslaufen...
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.06.2011, 16:00
| #26 |
| | Firewall inaktiv und lässt sich nicht mehr aktivieren Hört sich nicht schlecht an.. Aber bevor ich noch mehr rumpfusche, gebe ich meinen Laptop lieber gleich in Reperatur ab. Wenn man selbst keine Ahnung hat, lässt man lieber die Finger davon, so wie ich das erst kürzlich selbst erfahren musste.  Vielleicht kennen die Leute im Laden ja das Programm und können so zumindest meine Daten sichern. |
|
26.06.2011, 16:01
| #27 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Die Daten sichern kannst du selbst. Deswegen wegen der Hinweis auf den 2. Link in meiner Sig.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 12:46
| #28 | |
| | Firewall inaktiv und lässt sich nicht mehr aktivierenZitat:
wow! Der Meister hat gesprochen! Was für ein Held du doch bist. Ohne dich wäre das Board doch garnicht mehr on... *lachflash* ...und genau deswegen habe ich überhaupt keinen Bock hier auch nur ein einziges Wort, zu irgendeinem Problem zu schreiben. Diese Kommandos kannst du bei der Bundeswehr benutzen!!! IRONIE AUS: |
|
04.11.2011, 12:51
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Firewall inaktiv und lässt sich nicht mehr aktivieren Hm was ist denn mit dir los? Hast du da um 12:00 etwas konsumiert was eher abends üblich ist? Anders kann ich mir diesen sinnfreien "Ausbruch" nicht erklären. Ist ja nichtmal dein Thread. Und dass der schon ein halbes Jahr alt hast wohl auch übersehen. 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.11.2011, 17:22
| #30 |
| Administrator /// technical service  | Firewall inaktiv und lässt sich nicht mehr aktivieren naja, was will man erwarten, wenn man eine mail addy hat wie: hirn-brand.der.jaeger@..... ich wette der hat jetzt 3 jahre auf genau diese gelegenheit gewartet |
|
| Themen zu Firewall inaktiv und lässt sich nicht mehr aktivieren |
| einstellungen, fehlermeldung, firewall, firewall deaktiviert, firewall inaktiv, mcafee, neustart, updates, windows updates, windows-firewall |
Linear-Darstellung
