Trojaner-Board
Seite 2 von 6 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan-Downloader.Win32.Agent.gyai (https://www.trojaner-board.de/110125-trojan-downloader-win32-agent-gyai.html)

cosinus 22.02.2012 11:02
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

kreisl 22.02.2012 13:49
Während des scans:

- Kasperky aus
- Inetverbindung getrennt

OTL Logfile:
Code:
OTL logfile created on: 22.02.2012 13:13:46 - Run 5
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Admin\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 68,08% Memory free
6,19 Gb Paging File | 5,30 Gb Available in Paging File | 85,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 268,79 Gb Total Space | 103,72 Gb Free Space | 38,59% Space Free | Partition Type: NTFS
Drive D: | 29,28 Gb Total Space | 14,51 Gb Free Space | 49,55% Space Free | Partition Type: FAT32
 
Computer Name: AKOYA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Windows\tsnp2uvc.exe ()
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\PSIService.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\tsnp2uvc.exe ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)
SRV - (SonicStage Back-End Service) -- C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (WINIO) -- C:\Windows\System32\WinIo.sys ()
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation                          )
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (fspad_wlh32) -- C:\Windows\System32\drivers\fspad_wlh32.sys (Sentelic Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-706182213-2602953493-3457217822-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.param.yahoo-fr: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.de"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.22 01:23:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012.02.21 15:31:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 09:50:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.01.11 16:32:15 | 000,000,000 | ---D | M]
 
[2009.08.12 13:04:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.02.11 21:23:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions
[2010.04.27 16:12:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.15 18:52:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.11 21:23:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.25 00:42:47 | 000,000,000 | ---D | M] (stream_player_addon) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\jbi9blw3.default\extensions\jid1-sVZC3jSUSB1KxYw@jetpack
[2012.02.16 22:50:18 | 000,001,056 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jbi9blw3.default\searchplugins\icqplugin.xml
[2012.02.18 09:51:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.02.18 09:50:58 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.16 22:55:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.05.18 11:18:05 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.18 11:18:05 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.18 11:18:05 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.18 11:18:05 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} hxxp://quickscan.bitdefender.com/qsax/qsax.cab (BitDefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{585A1985-1848-42D4-AE16-01AB80CC0E32}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B7CBA12-E6ED-4B51-BDE1-9F32F3DDD5A8}: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) -  File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: ANT Agent - hkey= - key= - C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.)
MsConfig - StartUpReg: Easy-PrintToolBox - hkey= - key= - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: Skype - hkey= - key= -  File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.div2 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div3 - C:\Windows\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\Windows\System32\divxc32f.dll (Hacked with Joy !    )
Drivers32: vidc.divx - C:\Windows\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.ir21 - C:\Windows\System32\IR21_R.DLL ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv40 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.mjpg - C:\Windows\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.rt21 - C:\Windows\System32\IR21_R.DLL ()
Drivers32: vidc.vifp - C:\Windows\System32\vfcodec.dll ()
Drivers32: vidc.xvid - C:\Windows\System32\XviD.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\Iyvu9_32.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.21 21:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.02.21 21:00:17 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.02.20 20:50:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.02.16 22:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.15 18:20:53 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.02.15 18:20:52 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.02.15 18:05:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.15 18:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.31 01:20:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\PDF24
[2012.01.31 01:19:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.01.31 01:19:30 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.22 13:11:09 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.22 13:11:09 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.22 13:11:09 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.22 13:11:09 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.22 13:07:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.22 13:05:56 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.22 13:05:19 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 13:05:18 | 000,004,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.22 13:05:17 | 000,093,883 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.02.22 13:05:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.22 13:05:08 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.21 11:17:09 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.20 15:43:24 | 000,169,984 | ---- | M] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.18 07:58:06 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.02.15 18:57:02 | 000,329,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 18:05:53 | 000,000,876 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 11:25:26 | 000,000,886 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk
[2012.01.31 01:19:37 | 000,001,623 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.01.26 21:41:39 | 000,093,883 | ---- | M] () -- C:\ProgramData\nvModes.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.21 14:35:20 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.18 07:58:06 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.02.15 18:05:53 | 000,000,876 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.15 11:25:26 | 000,000,886 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk
[2012.01.31 01:19:37 | 000,001,623 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.01.18 23:17:36 | 000,017,408 | ---- | C] () -- C:\Users\Admin\AppData\Local\WebpageIcons.db
[2012.01.18 23:15:46 | 000,115,369 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2012.01.18 23:15:46 | 000,097,961 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2011.07.13 22:17:47 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\{B4E86C1C-E603-4636-A094-707E0F4A0010}
[2011.04.18 13:58:56 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2011.03.11 12:43:54 | 000,029,763 | ---- | C] () -- C:\Windows\System32\drivers\klopp.dat
[2011.01.17 22:13:19 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.01.14 22:07:07 | 006,814,952 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2011.01.06 08:42:13 | 000,000,298 | ---- | C] () -- C:\Windows\pwc63u.INI
[2010.11.26 23:37:18 | 000,262,144 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2010.05.20 16:08:06 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI
[2010.05.20 16:04:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS6l.DLL
[2010.03.14 01:16:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.12 01:06:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.26 08:45:18 | 000,001,356 | ---- | C] () -- C:\Users\Admin\AppData\Local\d3d9caps.dat
[2010.02.25 10:14:48 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.02.25 09:58:33 | 000,180,736 | ---- | C] () -- C:\Windows\System32\vfcodec.dll
[2010.02.25 09:58:33 | 000,077,664 | ---- | C] () -- C:\Windows\System32\IR21_R.DLL
[2010.02.25 09:58:33 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Iyvu9_32.dll
[2010.02.25 09:58:29 | 000,202,240 | ---- | C] () -- C:\Windows\System32\XviD.dll
[2010.02.25 09:58:29 | 000,039,936 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
 
========== LOP Check ==========
 
[2011.10.09 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2009.11.18 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service
[2010.12.29 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010.05.20 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CD-LabelPrint
[2011.01.14 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dBpoweramp
[2011.10.15 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.10.15 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.09 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exif Viewer
[2011.12.01 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Garmin
[2010.02.08 23:42:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Helios
[2010.01.26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiMD
[2011.03.02 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JonDo
[2011.01.15 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2010.01.21 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010.03.16 17:18:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot
[2011.01.06 08:36:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2010.11.19 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UDC Profiles
[2011.01.17 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010.06.09 11:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView
[2012.02.22 09:17:39 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.01.14 22:07:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AccurateRip
[2009.08.16 20:11:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Adobe
[2011.10.09 19:58:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Amazon
[2011.05.22 15:11:58 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Apple Computer
[2010.03.11 23:39:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVS4YOU
[2009.11.18 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Buhl Data Service
[2010.12.29 10:54:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canon
[2010.05.20 16:34:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CD-LabelPrint
[2010.07.30 01:24:39 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Corel
[2009.08.16 20:04:48 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CorelHomeOffice
[2011.10.05 13:36:43 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\CyberLink
[2011.01.14 22:07:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\dBpoweramp
[2011.10.15 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2011.10.15 18:52:01 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.09 21:14:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Exif Viewer
[2011.12.01 22:02:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Garmin
[2009.08.12 15:15:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Google
[2010.02.08 23:42:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Helios
[2010.01.26 20:41:07 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\HiMD
[2009.08.08 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Identities
[2009.11.18 18:30:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\InstallShield
[2011.03.02 21:05:26 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\JonDo
[2011.01.15 10:13:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2009.08.11 22:43:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2011.01.16 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2011.01.17 23:05:56 | 000,000,000 | --SD | M] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2009.08.12 13:04:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2011.01.14 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\NCH Software
[2010.03.31 20:09:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Nero
[2010.01.21 00:55:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PeerNetworking
[2010.03.28 11:27:55 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Real
[2010.03.16 17:18:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SimpleScreenshot
[2010.01.26 20:28:02 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Sony Corporation
[2011.09.02 08:46:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
[2011.01.06 08:36:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Template
[2010.11.19 08:44:47 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\UDC Profiles
[2011.01.17 22:04:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010.06.28 20:49:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2010.06.09 11:07:41 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\XnView
 
< %APPDATA%\*.exe /s >
[2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_07B8CB1215D09586053D68.exe
[2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_6FEFF9B68218417F98F549.exe
[2009.08.12 14:15:29 | 000,011,654 | R--- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Installer\{21772720-5F9F-4B59-9760-91D40C47F5FB}\_97B6D21A83C51C13B8E998.exe
[2010.05.23 17:08:10 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\setup3.11\setup.exe
[2011.01.27 08:18:50 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\setup3.13\setup.exe
[2011.11.18 16:37:54 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Admin\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 22:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.11 15:14:24 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.02.11 16:26:18 | 000,407,576 | ---- | M] (Intel Corporation) MD5=1ADAA4F16073FD0C7270F451FD024E97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\drivers\iaStor.sys
[2009.02.11 16:11:50 | 000,329,752 | ---- | M] (Intel Corporation) MD5=71ECC07BC7C5E24C3DD01D8A29A24054 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_ea118ff5\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 22:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 22:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 22:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.03.04 13:23:14 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl1.sys
[2011.03.04 13:23:20 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\kl2.sys
[2012.01.18 23:12:31 | 000,570,160 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klif.sys
[2011.03.10 18:36:18 | 000,023,856 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\system32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.07 21:38:22 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.04.07 21:38:22 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.04.24 23:13:10 | 000,229,776 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\system32\klogon.dll

< End of report >
--- --- ---

cosinus 22.02.2012 15:19
Sieht ziemlich unauffällig aus.

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

kreisl 22.02.2012 16:06
hier der/die/das log des tdss-killers:

(den fund hab ich mit "skip" behandelt)

Code:
15:55:53.0763 3372        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
15:55:53.0797 3372        ============================================================
15:55:53.0797 3372        Current date / time: 2012/02/22 15:55:53.0797
15:55:53.0797 3372        SystemInfo:
15:55:53.0797 3372       
15:55:53.0797 3372        OS Version: 6.0.6002 ServicePack: 2.0
15:55:53.0797 3372        Product type: Workstation
15:55:53.0797 3372        ComputerName: AKOYA
15:55:53.0798 3372        UserName: Admin
15:55:53.0798 3372        Windows directory: C:\Windows
15:55:53.0798 3372        System windows directory: C:\Windows
15:55:53.0798 3372        Processor architecture: Intel x86
15:55:53.0798 3372        Number of processors: 2
15:55:53.0798 3372        Page size: 0x1000
15:55:53.0798 3372        Boot type: Normal boot
15:55:53.0798 3372        ============================================================
15:55:54.0238 3372        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:55:54.0250 3372        \Device\Harddisk0\DR0:
15:55:54.0250 3372        MBR used
15:55:54.0250 3372        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x21996800
15:55:54.0250 3372        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x21997000, BlocksNum 0x3A97000
15:55:54.0315 3372        Initialize success
15:55:54.0315 3372        ============================================================
15:57:27.0466 2840        ============================================================
15:57:27.0466 2840        Scan started
15:57:27.0466 2840        Mode: Manual; SigCheck; TDLFS;
15:57:27.0466 2840        ============================================================
15:57:27.0782 2840        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:57:27.0883 2840        ACPI - ok
15:57:27.0977 2840        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:57:28.0002 2840        adp94xx - ok
15:57:28.0027 2840        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:57:28.0043 2840        adpahci - ok
15:57:28.0070 2840        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:57:28.0083 2840        adpu160m - ok
15:57:28.0123 2840        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:57:28.0136 2840        adpu320 - ok
15:57:28.0223 2840        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:57:28.0335 2840        AFD - ok
15:57:28.0419 2840        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:57:28.0430 2840        agp440 - ok
15:57:28.0456 2840        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:57:28.0469 2840        aic78xx - ok
15:57:28.0493 2840        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:57:28.0504 2840        aliide - ok
15:57:28.0534 2840        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:57:28.0545 2840        amdagp - ok
15:57:28.0567 2840        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:57:28.0577 2840        amdide - ok
15:57:28.0614 2840        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:57:28.0770 2840        AmdK7 - ok
15:57:28.0880 2840        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:57:28.0937 2840        AmdK8 - ok
15:57:29.0059 2840        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:57:29.0070 2840        arc - ok
15:57:29.0114 2840        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:57:29.0126 2840        arcsas - ok
15:57:29.0190 2840        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:57:29.0241 2840        AsyncMac - ok
15:57:29.0368 2840        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:57:29.0380 2840        atapi - ok
15:57:29.0513 2840        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:57:29.0575 2840        Beep - ok
15:57:29.0666 2840        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:57:29.0707 2840        blbdrive - ok
15:57:29.0780 2840        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:57:29.0821 2840        bowser - ok
15:57:29.0859 2840        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:57:29.0913 2840        BrFiltLo - ok
15:57:29.0934 2840        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:57:29.0998 2840        BrFiltUp - ok
15:57:30.0098 2840        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:57:30.0284 2840        Brserid - ok
15:57:30.0408 2840        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:57:30.0475 2840        BrSerWdm - ok
15:57:30.0512 2840        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:57:30.0567 2840        BrUsbMdm - ok
15:57:30.0603 2840        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:57:30.0660 2840        BrUsbSer - ok
15:57:30.0721 2840        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:57:30.0786 2840        BTHMODEM - ok
15:57:30.0865 2840        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:57:30.0908 2840        cdfs - ok
15:57:30.0992 2840        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:57:31.0051 2840        cdrom - ok
15:57:31.0089 2840        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:57:31.0147 2840        circlass - ok
15:57:31.0215 2840        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:57:31.0231 2840        CLFS - ok
15:57:31.0305 2840        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:57:31.0353 2840        CmBatt - ok
15:57:31.0396 2840        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:57:31.0406 2840        cmdide - ok
15:57:31.0428 2840        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:57:31.0439 2840        Compbatt - ok
15:57:31.0450 2840        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:57:31.0462 2840        crcdisk - ok
15:57:31.0479 2840        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:57:31.0505 2840        Crusoe - ok
15:57:31.0539 2840        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:57:31.0594 2840        DfsC - ok
15:57:31.0666 2840        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:57:31.0678 2840        disk - ok
15:57:31.0740 2840        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:57:31.0781 2840        drmkaud - ok
15:57:31.0846 2840        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:57:31.0872 2840        DXGKrnl - ok
15:57:31.0933 2840        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:57:31.0994 2840        E1G60 - ok
15:57:32.0050 2840        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:57:32.0066 2840        Ecache - ok
15:57:32.0120 2840        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:57:32.0139 2840        elxstor - ok
15:57:32.0175 2840        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:57:32.0235 2840        ErrDev - ok
15:57:32.0322 2840        esgiguard - ok
15:57:32.0362 2840        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:57:32.0407 2840        exfat - ok
15:57:32.0441 2840        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:57:32.0488 2840        fastfat - ok
15:57:32.0549 2840        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:57:32.0591 2840        fdc - ok
15:57:32.0605 2840        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:57:32.0618 2840        FileInfo - ok
15:57:32.0637 2840        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:57:32.0689 2840        Filetrace - ok
15:57:32.0720 2840        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:57:32.0758 2840        flpydisk - ok
15:57:32.0787 2840        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:57:32.0803 2840        FltMgr - ok
15:57:32.0891 2840        fspad_wlh32    (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
15:57:32.0909 2840        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - warning
15:57:32.0909 2840        fspad_wlh32 - detected UnsignedFile.Multi.Generic (1)
15:57:32.0946 2840        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:57:32.0972 2840        Fs_Rec - ok
15:57:33.0002 2840        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:57:33.0013 2840        gagp30kx - ok
15:57:33.0063 2840        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:57:33.0072 2840        GEARAspiWDM - ok
15:57:33.0166 2840        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:57:33.0217 2840        HdAudAddService - ok
15:57:33.0263 2840        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:57:33.0311 2840        HDAudBus - ok
15:57:33.0361 2840        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:57:33.0428 2840        HidBth - ok
15:57:33.0462 2840        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:57:33.0518 2840        HidIr - ok
15:57:33.0560 2840        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:57:33.0605 2840        HidUsb - ok
15:57:33.0647 2840        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:57:33.0658 2840        HpCISSs - ok
15:57:33.0699 2840        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:57:33.0752 2840        HTTP - ok
15:57:33.0769 2840        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:57:33.0779 2840        i2omp - ok
15:57:33.0822 2840        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:57:33.0862 2840        i8042prt - ok
15:57:33.0933 2840        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:57:33.0996 2840        iaStor - ok
15:57:34.0029 2840        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:57:34.0044 2840        iaStorV - ok
15:57:34.0081 2840        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:57:34.0091 2840        iirsp - ok
15:57:34.0204 2840        IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
15:57:34.0355 2840        IntcAzAudAddService - ok
15:57:34.0400 2840        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:57:34.0411 2840        intelide - ok
15:57:34.0441 2840        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:57:34.0473 2840        intelppm - ok
15:57:34.0499 2840        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:57:34.0540 2840        IpFilterDriver - ok
15:57:34.0552 2840        IpInIp - ok
15:57:34.0575 2840        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:57:34.0612 2840        IPMIDRV - ok
15:57:34.0631 2840        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:57:34.0662 2840        IPNAT - ok
15:57:34.0686 2840        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:57:34.0717 2840        IRENUM - ok
15:57:34.0734 2840        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:57:34.0746 2840        isapnp - ok
15:57:34.0791 2840        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:57:34.0805 2840        iScsiPrt - ok
15:57:34.0821 2840        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:57:34.0832 2840        iteatapi - ok
15:57:34.0881 2840        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:57:34.0891 2840        iteraid - ok
15:57:34.0943 2840        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:57:34.0954 2840        kbdclass - ok
15:57:34.0985 2840        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:57:35.0015 2840        kbdhid - ok
15:57:35.0072 2840        KL1            (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
15:57:35.0085 2840        KL1 - ok
15:57:35.0105 2840        kl2            (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
15:57:35.0114 2840        kl2 - ok
15:57:35.0155 2840        KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
15:57:35.0181 2840        KLIF - ok
15:57:35.0197 2840        KLIM6          (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
15:57:35.0208 2840        KLIM6 - ok
15:57:35.0226 2840        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:57:35.0236 2840        klmouflt - ok
15:57:35.0287 2840        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:57:35.0329 2840        KSecDD - ok
15:57:35.0412 2840        libusb0        (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
15:57:35.0460 2840        libusb0 - ok
15:57:35.0496 2840        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:57:35.0538 2840        lltdio - ok
15:57:35.0579 2840        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:57:35.0591 2840        LSI_FC - ok
15:57:35.0610 2840        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:57:35.0622 2840        LSI_SAS - ok
15:57:35.0643 2840        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:57:35.0655 2840        LSI_SCSI - ok
15:57:35.0678 2840        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:57:35.0717 2840        luafv - ok
15:57:35.0748 2840        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:57:35.0759 2840        megasas - ok
15:57:35.0789 2840        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:57:35.0818 2840        MegaSR - ok
15:57:35.0862 2840        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:57:35.0887 2840        Modem - ok
15:57:35.0920 2840        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:57:35.0952 2840        monitor - ok
15:57:35.0967 2840        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:57:35.0978 2840        mouclass - ok
15:57:35.0999 2840        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:57:36.0036 2840        mouhid - ok
15:57:36.0057 2840        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:57:36.0068 2840        MountMgr - ok
15:57:36.0100 2840        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:57:36.0112 2840        mpio - ok
15:57:36.0135 2840        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:57:36.0173 2840        mpsdrv - ok
15:57:36.0200 2840        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:57:36.0211 2840        Mraid35x - ok
15:57:36.0250 2840        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:57:36.0287 2840        MRxDAV - ok
15:57:36.0311 2840        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:57:36.0368 2840        mrxsmb - ok
15:57:36.0436 2840        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:57:36.0473 2840        mrxsmb10 - ok
15:57:36.0485 2840        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:57:36.0527 2840        mrxsmb20 - ok
15:57:36.0565 2840        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:57:36.0577 2840        msahci - ok
15:57:36.0624 2840        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:57:36.0636 2840        msdsm - ok
15:57:36.0659 2840        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:57:36.0708 2840        Msfs - ok
15:57:36.0746 2840        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:57:36.0757 2840        msisadrv - ok
15:57:36.0798 2840        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:57:36.0829 2840        MSKSSRV - ok
15:57:36.0863 2840        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:57:36.0893 2840        MSPCLOCK - ok
15:57:36.0913 2840        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:57:36.0938 2840        MSPQM - ok
15:57:36.0977 2840        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:57:36.0990 2840        MsRPC - ok
15:57:37.0006 2840        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:57:37.0017 2840        mssmbios - ok
15:57:37.0034 2840        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:57:37.0070 2840        MSTEE - ok
15:57:37.0084 2840        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:57:37.0096 2840        Mup - ok
15:57:37.0150 2840        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:57:37.0168 2840        NativeWifiP - ok
15:57:37.0212 2840        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:57:37.0234 2840        NDIS - ok
15:57:37.0299 2840        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:57:37.0319 2840        NdisTapi - ok
15:57:37.0332 2840        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:57:37.0357 2840        Ndisuio - ok
15:57:37.0374 2840        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:57:37.0407 2840        NdisWan - ok
15:57:37.0425 2840        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:57:37.0452 2840        NDProxy - ok
15:57:37.0468 2840        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:57:37.0506 2840        NetBIOS - ok
15:57:37.0532 2840        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:57:37.0555 2840        netbt - ok
15:57:37.0593 2840        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:57:37.0606 2840        nfrd960 - ok
15:57:37.0644 2840        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:57:37.0671 2840        Npfs - ok
15:57:37.0691 2840        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:57:37.0730 2840        nsiproxy - ok
15:57:37.0775 2840        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:57:37.0848 2840        Ntfs - ok
15:57:37.0899 2840        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:57:37.0948 2840        ntrigdigi - ok
15:57:37.0957 2840        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:57:37.0985 2840        Null - ok
15:57:38.0032 2840        NVHDA          (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
15:57:38.0043 2840        NVHDA - ok
15:57:38.0240 2840        nvlddmkm        (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:57:38.0524 2840        nvlddmkm - ok
15:57:38.0550 2840        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:57:38.0561 2840        nvraid - ok
15:57:38.0584 2840        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:57:38.0595 2840        nvstor - ok
15:57:38.0618 2840        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:57:38.0630 2840        nv_agp - ok
15:57:38.0639 2840        NwlnkFlt - ok
15:57:38.0650 2840        NwlnkFwd - ok
15:57:38.0678 2840        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:57:38.0730 2840        ohci1394 - ok
15:57:38.0772 2840        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:57:38.0815 2840        Parport - ok
15:57:38.0847 2840        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:57:38.0859 2840        partmgr - ok
15:57:38.0904 2840        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:57:38.0971 2840        Parvdm - ok
15:57:39.0007 2840        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:57:39.0020 2840        pci - ok
15:57:39.0043 2840        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:57:39.0054 2840        pciide - ok
15:57:39.0082 2840        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:57:39.0094 2840        pcmcia - ok
15:57:39.0147 2840        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:57:39.0231 2840        PEAUTH - ok
15:57:39.0284 2840        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:57:39.0350 2840        PptpMiniport - ok
15:57:39.0381 2840        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:57:39.0432 2840        Processor - ok
15:57:39.0502 2840        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:57:39.0549 2840        PSched - ok
15:57:39.0604 2840        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:57:39.0621 2840        PxHelp20 - ok
15:57:39.0692 2840        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:57:39.0775 2840        ql2300 - ok
15:57:39.0819 2840        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:57:39.0830 2840        ql40xx - ok
15:57:39.0853 2840        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:57:39.0902 2840        QWAVEdrv - ok
15:57:39.0926 2840        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:57:39.0974 2840        RasAcd - ok
15:57:40.0005 2840        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:40.0051 2840        Rasl2tp - ok
15:57:40.0094 2840        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:40.0115 2840        RasPppoe - ok
15:57:40.0125 2840        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:57:40.0151 2840        RasSstp - ok
15:57:40.0189 2840        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:57:40.0222 2840        rdbss - ok
15:57:40.0252 2840        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:40.0286 2840        RDPCDD - ok
15:57:40.0312 2840        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:57:40.0341 2840        rdpdr - ok
15:57:40.0357 2840        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:57:40.0389 2840        RDPENCDD - ok
15:57:40.0430 2840        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:57:40.0451 2840        RDPWD - ok
15:57:40.0524 2840        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:57:40.0574 2840        rspndr - ok
15:57:40.0623 2840        RTL8169        (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:57:40.0692 2840        RTL8169 - ok
15:57:40.0733 2840        rtl8192se      (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:57:40.0757 2840        rtl8192se - ok
15:57:40.0806 2840        RTSTOR          (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
15:57:40.0859 2840        RTSTOR - ok
15:57:40.0912 2840        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:57:40.0923 2840        sbp2port - ok
15:57:40.0961 2840        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:57:41.0004 2840        secdrv - ok
15:57:41.0029 2840        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:57:41.0094 2840        Serenum - ok
15:57:41.0119 2840        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:57:41.0184 2840        Serial - ok
15:57:41.0212 2840        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:57:41.0262 2840        sermouse - ok
15:57:41.0283 2840        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:57:41.0314 2840        sffdisk - ok
15:57:41.0344 2840        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:57:41.0392 2840        sffp_mmc - ok
15:57:41.0426 2840        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:57:41.0461 2840        sffp_sd - ok
15:57:41.0483 2840        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:57:41.0532 2840        sfloppy - ok
15:57:41.0553 2840        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:57:41.0564 2840        sisagp - ok
15:57:41.0589 2840        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:57:41.0600 2840        SiSRaid2 - ok
15:57:41.0616 2840        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:57:41.0627 2840        SiSRaid4 - ok
15:57:41.0665 2840        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:57:41.0686 2840        Smb - ok
15:57:41.0777 2840        SNP2UVC        (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:57:41.0907 2840        SNP2UVC - ok
15:57:41.0941 2840        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:57:41.0951 2840        spldr - ok
15:57:41.0989 2840        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:57:42.0044 2840        srv - ok
15:57:42.0084 2840        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:57:42.0121 2840        srv2 - ok
15:57:42.0156 2840        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:42.0187 2840        srvnet - ok
15:57:42.0248 2840        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:57:42.0258 2840        swenum - ok
15:57:42.0284 2840        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:57:42.0294 2840        Symc8xx - ok
15:57:42.0311 2840        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:57:42.0322 2840        Sym_hi - ok
15:57:42.0336 2840        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:57:42.0347 2840        Sym_u3 - ok
15:57:42.0416 2840        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:57:42.0484 2840        Tcpip - ok
15:57:42.0505 2840        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:42.0562 2840        Tcpip6 - ok
15:57:42.0602 2840        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:57:42.0651 2840        tcpipreg - ok
15:57:42.0677 2840        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:57:42.0702 2840        TDPIPE - ok
15:57:42.0726 2840        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:57:42.0767 2840        TDTCP - ok
15:57:42.0798 2840        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:57:42.0841 2840        tdx - ok
15:57:42.0890 2840        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:57:42.0902 2840        TermDD - ok
15:57:42.0939 2840        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:42.0972 2840        tssecsrv - ok
15:57:42.0997 2840        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:57:43.0047 2840        tunmp - ok
15:57:43.0073 2840        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:43.0110 2840        tunnel - ok
15:57:43.0135 2840        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:57:43.0146 2840        uagp35 - ok
15:57:43.0171 2840        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:57:43.0195 2840        udfs - ok
15:57:43.0216 2840        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:57:43.0227 2840        uliagpkx - ok
15:57:43.0250 2840        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:57:43.0268 2840        uliahci - ok
15:57:43.0294 2840        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:57:43.0306 2840        UlSata - ok
15:57:43.0324 2840        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:57:43.0336 2840        ulsata2 - ok
15:57:43.0359 2840        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:57:43.0392 2840        umbus - ok
15:57:43.0476 2840        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:57:43.0521 2840        USBAAPL - ok
15:57:43.0555 2840        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:43.0597 2840        usbccgp - ok
15:57:43.0639 2840        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:57:43.0703 2840        usbcir - ok
15:57:43.0751 2840        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:57:43.0771 2840        usbehci - ok
15:57:43.0790 2840        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:43.0828 2840        usbhub - ok
15:57:43.0844 2840        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:57:43.0907 2840        usbohci - ok
15:57:43.0948 2840        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:57:43.0996 2840        usbprint - ok
15:57:44.0053 2840        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:57:44.0091 2840        usbscan - ok
15:57:44.0135 2840        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:44.0173 2840        USBSTOR - ok
15:57:44.0211 2840        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:57:44.0239 2840        usbuhci - ok
15:57:44.0288 2840        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:57:44.0335 2840        usbvideo - ok
15:57:44.0392 2840        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:44.0438 2840        vga - ok
15:57:44.0459 2840        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:57:44.0485 2840        VgaSave - ok
15:57:44.0509 2840        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:57:44.0520 2840        viaagp - ok
15:57:44.0543 2840        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:57:44.0584 2840        ViaC7 - ok
15:57:44.0604 2840        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:57:44.0614 2840        viaide - ok
15:57:44.0635 2840        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:57:44.0646 2840        volmgr - ok
15:57:44.0709 2840        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:57:44.0726 2840        volmgrx - ok
15:57:44.0760 2840        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:57:44.0776 2840        volsnap - ok
15:57:44.0810 2840        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:57:44.0823 2840        vsmraid - ok
15:57:44.0864 2840        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:57:44.0919 2840        WacomPen - ok
15:57:44.0939 2840        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:44.0977 2840        Wanarp - ok
15:57:44.0981 2840        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:45.0002 2840        Wanarpv6 - ok
15:57:45.0039 2840        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:57:45.0049 2840        Wd - ok
15:57:45.0076 2840        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:57:45.0106 2840        Wdf01000 - ok
15:57:45.0168 2840        WINIO - ok
15:57:45.0201 2840        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:45.0245 2840        WmiAcpi - ok
15:57:45.0311 2840        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:57:45.0363 2840        WpdUsb - ok
15:57:45.0384 2840        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:45.0411 2840        ws2ifsl - ok
15:57:45.0451 2840        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:57:45.0487 2840        WUDFRd - ok
15:57:45.0516 2840        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:57:45.0658 2840        \Device\Harddisk0\DR0 - ok
15:57:45.0662 2840        Boot (0x1200)  (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
15:57:45.0663 2840        \Device\Harddisk0\DR0\Partition0 - ok
15:57:45.0682 2840        Boot (0x1200)  (a15a16879fa9e5db0f2295689336535c) \Device\Harddisk0\DR0\Partition1
15:57:45.0682 2840        \Device\Harddisk0\DR0\Partition1 - ok
15:57:45.0683 2840        ============================================================
15:57:45.0683 2840        Scan finished
15:57:45.0683 2840        ============================================================
15:57:45.0696 2764        Detected object count: 1
15:57:45.0696 2764        Actual detected object count: 1
15:58:35.0910 2764        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:58:35.0910 2764        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:58:46.0218 3704        ============================================================
15:58:46.0218 3704        Scan started
15:58:46.0218 3704        Mode: Manual; SigCheck; TDLFS;
15:58:46.0218 3704        ============================================================
15:58:46.0418 3704        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
15:58:46.0444 3704        ACPI - ok
15:58:46.0513 3704        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
15:58:46.0533 3704        adp94xx - ok
15:58:46.0563 3704        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
15:58:46.0577 3704        adpahci - ok
15:58:46.0606 3704        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
15:58:46.0618 3704        adpu160m - ok
15:58:46.0648 3704        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
15:58:46.0660 3704        adpu320 - ok
15:58:46.0715 3704        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
15:58:46.0734 3704        AFD - ok
15:58:46.0755 3704        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
15:58:46.0766 3704        agp440 - ok
15:58:46.0792 3704        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
15:58:46.0804 3704        aic78xx - ok
15:58:46.0840 3704        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
15:58:46.0851 3704        aliide - ok
15:58:46.0903 3704        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
15:58:46.0915 3704        amdagp - ok
15:58:46.0958 3704        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
15:58:46.0970 3704        amdide - ok
15:58:46.0994 3704        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
15:58:47.0020 3704        AmdK7 - ok
15:58:47.0038 3704        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
15:58:47.0063 3704        AmdK8 - ok
15:58:47.0079 3704        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
15:58:47.0091 3704        arc - ok
15:58:47.0100 3704        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
15:58:47.0112 3704        arcsas - ok
15:58:47.0126 3704        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
15:58:47.0151 3704        AsyncMac - ok
15:58:47.0181 3704        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
15:58:47.0193 3704        atapi - ok
15:58:47.0212 3704        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
15:58:47.0240 3704        Beep - ok
15:58:47.0268 3704        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
15:58:47.0293 3704        blbdrive - ok
15:58:47.0327 3704        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
15:58:47.0342 3704        bowser - ok
15:58:47.0361 3704        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
15:58:47.0382 3704        BrFiltLo - ok
15:58:47.0403 3704        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
15:58:47.0423 3704        BrFiltUp - ok
15:58:47.0444 3704        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
15:58:47.0488 3704        Brserid - ok
15:58:47.0521 3704        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
15:58:47.0565 3704        BrSerWdm - ok
15:58:47.0580 3704        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
15:58:47.0623 3704        BrUsbMdm - ok
15:58:47.0638 3704        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
15:58:47.0681 3704        BrUsbSer - ok
15:58:47.0700 3704        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
15:58:47.0744 3704        BTHMODEM - ok
15:58:47.0766 3704        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
15:58:47.0792 3704        cdfs - ok
15:58:47.0827 3704        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
15:58:47.0847 3704        cdrom - ok
15:58:47.0869 3704        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
15:58:47.0894 3704        circlass - ok
15:58:47.0917 3704        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
15:58:47.0934 3704        CLFS - ok
15:58:47.0962 3704        CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
15:58:47.0989 3704        CmBatt - ok
15:58:48.0008 3704        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
15:58:48.0019 3704        cmdide - ok
15:58:48.0041 3704        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
15:58:48.0052 3704        Compbatt - ok
15:58:48.0066 3704        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
15:58:48.0078 3704        crcdisk - ok
15:58:48.0102 3704        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
15:58:48.0128 3704        Crusoe - ok
15:58:48.0162 3704        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
15:58:48.0177 3704        DfsC - ok
15:58:48.0223 3704        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
15:58:48.0236 3704        disk - ok
15:58:48.0275 3704        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
15:58:48.0295 3704        drmkaud - ok
15:58:48.0359 3704        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
15:58:48.0383 3704        DXGKrnl - ok
15:58:48.0424 3704        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:58:48.0450 3704        E1G60 - ok
15:58:48.0484 3704        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
15:58:48.0498 3704        Ecache - ok
15:58:48.0532 3704        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
15:58:48.0549 3704        elxstor - ok
15:58:48.0576 3704        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
15:58:48.0601 3704        ErrDev - ok
15:58:48.0645 3704        esgiguard - ok
15:58:48.0685 3704        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
15:58:48.0716 3704        exfat - ok
15:58:48.0742 3704        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
15:58:48.0764 3704        fastfat - ok
15:58:48.0795 3704        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
15:58:48.0820 3704        fdc - ok
15:58:48.0835 3704        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
15:58:48.0846 3704        FileInfo - ok
15:58:48.0871 3704        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
15:58:48.0897 3704        Filetrace - ok
15:58:48.0910 3704        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
15:58:48.0937 3704        flpydisk - ok
15:58:48.0955 3704        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
15:58:48.0969 3704        FltMgr - ok
15:58:49.0003 3704        fspad_wlh32    (4875e6384310e3aafb9847312edb0cff) C:\Windows\system32\DRIVERS\fspad_wlh32.sys
15:58:49.0007 3704        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - warning
15:58:49.0007 3704        fspad_wlh32 - detected UnsignedFile.Multi.Generic (1)
15:58:49.0025 3704        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
15:58:49.0045 3704        Fs_Rec - ok
15:58:49.0070 3704        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
15:58:49.0081 3704        gagp30kx - ok
15:58:49.0104 3704        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:58:49.0114 3704        GEARAspiWDM - ok
15:58:49.0167 3704        HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
15:58:49.0184 3704        HdAudAddService - ok
15:58:49.0231 3704        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:58:49.0259 3704        HDAudBus - ok
15:58:49.0306 3704        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
15:58:49.0349 3704        HidBth - ok
15:58:49.0363 3704        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
15:58:49.0405 3704        HidIr - ok
15:58:49.0439 3704        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
15:58:49.0459 3704        HidUsb - ok
15:58:49.0482 3704        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
15:58:49.0493 3704        HpCISSs - ok
15:58:49.0533 3704        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
15:58:49.0553 3704        HTTP - ok
15:58:49.0581 3704        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
15:58:49.0592 3704        i2omp - ok
15:58:49.0612 3704        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
15:58:49.0634 3704        i8042prt - ok
15:58:49.0678 3704        iaStor          (71ecc07bc7c5e24c3dd01d8a29a24054) C:\Windows\system32\DRIVERS\iaStor.sys
15:58:49.0697 3704        iaStor - ok
15:58:49.0730 3704        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
15:58:49.0744 3704        iaStorV - ok
15:58:49.0771 3704        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
15:58:49.0781 3704        iirsp - ok
15:58:49.0861 3704        IntcAzAudAddService (56ac584fe02e0c1d5924892562cbd572) C:\Windows\system32\drivers\RTKVHDA.sys
15:58:49.0946 3704        IntcAzAudAddService - ok
15:58:49.0968 3704        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
15:58:49.0981 3704        intelide - ok
15:58:49.0998 3704        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
15:58:50.0023 3704        intelppm - ok
15:58:50.0044 3704        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:58:50.0072 3704        IpFilterDriver - ok
15:58:50.0082 3704        IpInIp - ok
15:58:50.0098 3704        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
15:58:50.0124 3704        IPMIDRV - ok
15:58:50.0143 3704        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
15:58:50.0170 3704        IPNAT - ok
15:58:50.0187 3704        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
15:58:50.0214 3704        IRENUM - ok
15:58:50.0235 3704        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
15:58:50.0247 3704        isapnp - ok
15:58:50.0280 3704        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
15:58:50.0294 3704        iScsiPrt - ok
15:58:50.0311 3704        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
15:58:50.0321 3704        iteatapi - ok
15:58:50.0337 3704        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
15:58:50.0348 3704        iteraid - ok
15:58:50.0366 3704        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:58:50.0377 3704        kbdclass - ok
15:58:50.0408 3704        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
15:58:50.0430 3704        kbdhid - ok
15:58:50.0472 3704        KL1            (186b54479d98e48aee0e9ada4b3c4d31) C:\Windows\system32\DRIVERS\kl1.sys
15:58:50.0486 3704        KL1 - ok
15:58:50.0516 3704        kl2            (bf485bfba13c0ab116701fd9c55324d0) C:\Windows\system32\DRIVERS\kl2.sys
15:58:50.0526 3704        kl2 - ok
15:58:50.0567 3704        KLIF            (af04d0ce7939324e9a605b159295706c) C:\Windows\system32\DRIVERS\klif.sys
15:58:50.0590 3704        KLIF - ok
15:58:50.0609 3704        KLIM6          (6295a19003f935ecc6ccbe9e2376427b) C:\Windows\system32\DRIVERS\klim6.sys
15:58:50.0620 3704        KLIM6 - ok
15:58:50.0638 3704        klmouflt        (3de1771c135328420315e21dde229bba) C:\Windows\system32\DRIVERS\klmouflt.sys
15:58:50.0648 3704        klmouflt - ok
15:58:50.0711 3704        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
15:58:50.0733 3704        KSecDD - ok
15:58:50.0780 3704        libusb0        (03e12dbfacf1aeb86c553b0db488fb81) C:\Windows\system32\DRIVERS\libusb0.sys
15:58:50.0792 3704        libusb0 - ok
15:58:50.0819 3704        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
15:58:50.0844 3704        lltdio - ok
15:58:50.0880 3704        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
15:58:50.0891 3704        LSI_FC - ok
15:58:50.0910 3704        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
15:58:50.0922 3704        LSI_SAS - ok
15:58:50.0944 3704        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
15:58:50.0955 3704        LSI_SCSI - ok
15:58:50.0979 3704        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
15:58:51.0005 3704        luafv - ok
15:58:51.0027 3704        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
15:58:51.0038 3704        megasas - ok
15:58:51.0067 3704        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
15:58:51.0094 3704        MegaSR - ok
15:58:51.0151 3704        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
15:58:51.0176 3704        Modem - ok
15:58:51.0198 3704        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
15:58:51.0224 3704        monitor - ok
15:58:51.0246 3704        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
15:58:51.0256 3704        mouclass - ok
15:58:51.0277 3704        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
15:58:51.0303 3704        mouhid - ok
15:58:51.0324 3704        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
15:58:51.0337 3704        MountMgr - ok
15:58:51.0356 3704        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
15:58:51.0368 3704        mpio - ok
15:58:51.0391 3704        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
15:58:51.0412 3704        mpsdrv - ok
15:58:51.0434 3704        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
15:58:51.0445 3704        Mraid35x - ok
15:58:51.0468 3704        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
15:58:51.0486 3704        MRxDAV - ok
15:58:51.0512 3704        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:58:51.0527 3704        mrxsmb - ok
15:58:51.0581 3704        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:58:51.0597 3704        mrxsmb10 - ok
15:58:51.0607 3704        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:58:51.0622 3704        mrxsmb20 - ok
15:58:51.0654 3704        msahci          (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
15:58:51.0666 3704        msahci - ok
15:58:51.0703 3704        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
15:58:51.0714 3704        msdsm - ok
15:58:51.0748 3704        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
15:58:51.0773 3704        Msfs - ok
15:58:51.0791 3704        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
15:58:51.0801 3704        msisadrv - ok
15:58:51.0820 3704        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
15:58:51.0846 3704        MSKSSRV - ok
15:58:51.0864 3704        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
15:58:51.0889 3704        MSPCLOCK - ok
15:58:51.0903 3704        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
15:58:51.0928 3704        MSPQM - ok
15:58:51.0966 3704        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
15:58:51.0980 3704        MsRPC - ok
15:58:52.0007 3704        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
15:58:52.0018 3704        mssmbios - ok
15:58:52.0034 3704        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
15:58:52.0060 3704        MSTEE - ok
15:58:52.0073 3704        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
15:58:52.0087 3704        Mup - ok
15:58:52.0117 3704        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
15:58:52.0133 3704        NativeWifiP - ok
15:58:52.0162 3704        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
15:58:52.0183 3704        NDIS - ok
15:58:52.0222 3704        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
15:58:52.0243 3704        NdisTapi - ok
15:58:52.0255 3704        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
15:58:52.0280 3704        Ndisuio - ok
15:58:52.0297 3704        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:58:52.0318 3704        NdisWan - ok
15:58:52.0336 3704        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
15:58:52.0356 3704        NDProxy - ok
15:58:52.0379 3704        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
15:58:52.0405 3704        NetBIOS - ok
15:58:52.0422 3704        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
15:58:52.0443 3704        netbt - ok
15:58:52.0471 3704        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
15:58:52.0482 3704        nfrd960 - ok
15:58:52.0522 3704        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
15:58:52.0542 3704        Npfs - ok
15:58:52.0558 3704        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
15:58:52.0583 3704        nsiproxy - ok
15:58:52.0623 3704        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
15:58:52.0682 3704        Ntfs - ok
15:58:52.0710 3704        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
15:58:52.0753 3704        ntrigdigi - ok
15:58:52.0762 3704        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
15:58:52.0788 3704        Null - ok
15:58:52.0821 3704        NVHDA          (603b0c9bb86f7b3efb88a482c6663ec4) C:\Windows\system32\drivers\nvhda32v.sys
15:58:52.0832 3704        NVHDA - ok
15:58:53.0074 3704        nvlddmkm        (2877cd56310938a170810bde50fd3f01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:58:53.0323 3704        nvlddmkm - ok
15:58:53.0362 3704        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
15:58:53.0374 3704        nvraid - ok
15:58:53.0396 3704        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
15:58:53.0407 3704        nvstor - ok
15:58:53.0430 3704        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
15:58:53.0442 3704        nv_agp - ok
15:58:53.0450 3704        NwlnkFlt - ok
15:58:53.0461 3704        NwlnkFwd - ok
15:58:53.0490 3704        ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
15:58:53.0533 3704        ohci1394 - ok
15:58:53.0573 3704        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
15:58:53.0616 3704        Parport - ok
15:58:53.0647 3704        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
15:58:53.0659 3704        partmgr - ok
15:58:53.0671 3704        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
15:58:53.0714 3704        Parvdm - ok
15:58:53.0740 3704        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
15:58:53.0754 3704        pci - ok
15:58:53.0777 3704        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
15:58:53.0787 3704        pciide - ok
15:58:53.0816 3704        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
15:58:53.0828 3704        pcmcia - ok
15:58:53.0870 3704        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
15:58:53.0953 3704        PEAUTH - ok
15:58:54.0007 3704        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
15:58:54.0033 3704        PptpMiniport - ok
15:58:54.0059 3704        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
15:58:54.0084 3704        Processor - ok
15:58:54.0125 3704        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
15:58:54.0146 3704        PSched - ok
15:58:54.0182 3704        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
15:58:54.0200 3704        PxHelp20 - ok
15:58:54.0267 3704        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
15:58:54.0337 3704        ql2300 - ok
15:58:54.0386 3704        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
15:58:54.0397 3704        ql40xx - ok
15:58:54.0420 3704        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
15:58:54.0433 3704        QWAVEdrv - ok
15:58:54.0448 3704        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
15:58:54.0474 3704        RasAcd - ok
15:58:54.0494 3704        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:58:54.0520 3704        Rasl2tp - ok
15:58:54.0550 3704        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
15:58:54.0570 3704        RasPppoe - ok
15:58:54.0580 3704        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
15:58:54.0595 3704        RasSstp - ok
15:58:54.0622 3704        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
15:58:54.0644 3704        rdbss - ok
15:58:54.0663 3704        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:58:54.0689 3704        RDPCDD - ok
15:58:54.0712 3704        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
15:58:54.0742 3704        rdpdr - ok
15:58:54.0751 3704        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
15:58:54.0777 3704        RDPENCDD - ok
15:58:54.0819 3704        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
15:58:54.0840 3704        RDPWD - ok
15:58:54.0902 3704        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
15:58:54.0927 3704        rspndr - ok
15:58:54.0957 3704        RTL8169        (d6fae13afacef23a6471d23284b8a164) C:\Windows\system32\DRIVERS\Rtlh86.sys
15:58:54.0983 3704        RTL8169 - ok
15:58:55.0022 3704        rtl8192se      (8b2a43f1bf79e623e7e780afe4412d7c) C:\Windows\system32\DRIVERS\rtl8192se.sys
15:58:55.0042 3704        rtl8192se - ok
15:58:55.0084 3704        RTSTOR          (4501c8fe11df3192fb68d0d595ea94cc) C:\Windows\system32\drivers\RTSTOR.SYS
15:58:55.0097 3704        RTSTOR - ok
15:58:55.0134 3704        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
15:58:55.0145 3704        sbp2port - ok
15:58:55.0172 3704        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:58:55.0215 3704        secdrv - ok
15:58:55.0241 3704        Serenum        (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
15:58:55.0283 3704        Serenum - ok
15:58:55.0308 3704        Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
15:58:55.0351 3704        Serial - ok
15:58:55.0367 3704        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
15:58:55.0393 3704        sermouse - ok
15:58:55.0413 3704        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
15:58:55.0434 3704        sffdisk - ok
15:58:55.0455 3704        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
15:58:55.0480 3704        sffp_mmc - ok
15:58:55.0493 3704        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
15:58:55.0518 3704        sffp_sd - ok
15:58:55.0539 3704        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
15:58:55.0581 3704        sfloppy - ok
15:58:55.0608 3704        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
15:58:55.0619 3704        sisagp - ok
15:58:55.0644 3704        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
15:58:55.0655 3704        SiSRaid2 - ok
15:58:55.0671 3704        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
15:58:55.0682 3704        SiSRaid4 - ok
15:58:55.0721 3704        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
15:58:55.0742 3704        Smb - ok
15:58:55.0821 3704        SNP2UVC        (82e3315b1b3e76b9a9643f987ed3ae5c) C:\Windows\system32\DRIVERS\snp2uvc.sys
15:58:55.0891 3704        SNP2UVC - ok
15:58:55.0929 3704        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
15:58:55.0940 3704        spldr - ok
15:58:55.0977 3704        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
15:58:55.0995 3704        srv - ok
15:58:56.0039 3704        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
15:58:56.0054 3704        srv2 - ok
15:58:56.0090 3704        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
15:58:56.0105 3704        srvnet - ok
15:58:56.0136 3704        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
15:58:56.0147 3704        swenum - ok
15:58:56.0172 3704        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
15:58:56.0183 3704        Symc8xx - ok
15:58:56.0200 3704        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
15:58:56.0211 3704        Sym_hi - ok
15:58:56.0225 3704        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
15:58:56.0245 3704        Sym_u3 - ok
15:58:56.0305 3704        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
15:58:56.0362 3704        Tcpip - ok
15:58:56.0405 3704        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
15:58:56.0462 3704        Tcpip6 - ok
15:58:56.0502 3704        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
15:58:56.0517 3704        tcpipreg - ok
15:58:56.0543 3704        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
15:58:56.0569 3704        TDPIPE - ok
15:58:56.0592 3704        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
15:58:56.0618 3704        TDTCP - ok
15:58:56.0654 3704        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
15:58:56.0675 3704        tdx - ok
15:58:56.0712 3704        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
15:58:56.0724 3704        TermDD - ok
15:58:56.0761 3704        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:58:56.0787 3704        tssecsrv - ok
15:58:56.0808 3704        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
15:58:56.0823 3704        tunmp - ok
15:58:56.0851 3704        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
15:58:56.0865 3704        tunnel - ok
15:58:56.0912 3704        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
15:58:56.0923 3704        uagp35 - ok
15:58:56.0948 3704        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
15:58:56.0971 3704        udfs - ok
15:58:57.0005 3704        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
15:58:57.0016 3704        uliagpkx - ok
15:58:57.0039 3704        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
15:58:57.0053 3704        uliahci - ok
15:58:57.0083 3704        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
15:58:57.0094 3704        UlSata - ok
15:58:57.0113 3704        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
15:58:57.0124 3704        ulsata2 - ok
15:58:57.0148 3704        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
15:58:57.0173 3704        umbus - ok
15:58:57.0232 3704        USBAAPL        (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
15:58:57.0244 3704        USBAAPL - ok
15:58:57.0277 3704        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
15:58:57.0299 3704        usbccgp - ok
15:58:57.0317 3704        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
15:58:57.0360 3704        usbcir - ok
15:58:57.0373 3704        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
15:58:57.0393 3704        usbehci - ok
15:58:57.0412 3704        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
15:58:57.0435 3704        usbhub - ok
15:58:57.0455 3704        usbohci        (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
15:58:57.0500 3704        usbohci - ok
15:58:57.0537 3704        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
15:58:57.0562 3704        usbprint - ok
15:58:57.0598 3704        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
15:58:57.0618 3704        usbscan - ok
15:58:57.0634 3704        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:58:57.0655 3704        USBSTOR - ok
15:58:57.0678 3704        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
15:58:57.0698 3704        usbuhci - ok
15:58:57.0721 3704        usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
15:58:57.0748 3704        usbvideo - ok
15:58:57.0769 3704        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
15:58:57.0795 3704        vga - ok
15:58:57.0814 3704        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
15:58:57.0840 3704        VgaSave - ok
15:58:57.0864 3704        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
15:58:57.0875 3704        viaagp - ok
15:58:57.0898 3704        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
15:58:57.0924 3704        ViaC7 - ok
15:58:57.0946 3704        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
15:58:57.0957 3704        viaide - ok
15:58:57.0979 3704        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
15:58:57.0990 3704        volmgr - ok
15:58:58.0030 3704        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
15:58:58.0046 3704        volmgrx - ok
15:58:58.0081 3704        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
15:58:58.0096 3704        volsnap - ok
15:58:58.0121 3704        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
15:58:58.0133 3704        vsmraid - ok
15:58:58.0163 3704        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
15:58:58.0206 3704        WacomPen - ok
15:58:58.0227 3704        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:58.0249 3704        Wanarp - ok
15:58:58.0254 3704        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
15:58:58.0275 3704        Wanarpv6 - ok
15:58:58.0294 3704        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
15:58:58.0304 3704        Wd - ok
15:58:58.0331 3704        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
15:58:58.0351 3704        Wdf01000 - ok
15:58:58.0390 3704        WINIO - ok
15:58:58.0422 3704        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:58:58.0442 3704        WmiAcpi - ok
15:58:58.0488 3704        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
15:58:58.0505 3704        WpdUsb - ok
15:58:58.0528 3704        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
15:58:58.0553 3704        ws2ifsl - ok
15:58:58.0584 3704        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:58.0611 3704        WUDFRd - ok
15:58:58.0638 3704        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
15:58:58.0780 3704        \Device\Harddisk0\DR0 - ok
15:58:58.0783 3704        Boot (0x1200)  (a7136288fb2b2555c003adfd2a9656c5) \Device\Harddisk0\DR0\Partition0
15:58:58.0784 3704        \Device\Harddisk0\DR0\Partition0 - ok
15:58:58.0803 3704        Boot (0x1200)  (a15a16879fa9e5db0f2295689336535c) \Device\Harddisk0\DR0\Partition1
15:58:58.0804 3704        \Device\Harddisk0\DR0\Partition1 - ok
15:58:58.0804 3704        ============================================================
15:58:58.0804 3704        Scan finished
15:58:58.0804 3704        ============================================================
15:58:58.0815 3572        Detected object count: 1
15:58:58.0815 3572        Actual detected object count: 1
15:59:41.0163 3572        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - skipped by user
15:59:41.0163 3572        fspad_wlh32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:59:49.0489 5760        Deinitialize success

cosinus 22.02.2012 19:40
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

kreisl 22.02.2012 20:21
Arne, danke für den link zu ComboFix (gelesen und verstanden)

Hier die log-Datei

Combofix Logfile:
Code:
ComboFix 12-02-22.01 - Admin 22.02.2012  20:06:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3066.1734 [GMT 1:00]
ausgeführt von:: c:\users\Admin\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\sss
c:\program files\sss\licence.txt
c:\program files\sss\ReadMe.txt
c:\program files\sss\SimpleScreenshot.exe
c:\program files\sss\upload.php
c:\users\Admin\4.0
c:\users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.dll
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))
.
.
2012-02-22 19:13 . 2012-02-22 19:13        --------        d-----w-        c:\users\Admin\AppData\Local\temp
2012-02-21 20:00 . 2012-02-21 20:00        --------        d-----w-        c:\program files\7-Zip
2012-02-20 19:50 . 2012-02-20 19:50        --------        d-----w-        c:\program files\ESET
2012-02-20 15:04 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{A16E5472-FAD7-48B8-87EE-0D61BA918413}\mpengine.dll
2012-02-16 21:56 . 2012-02-16 21:56        --------        d-----w-        c:\program files\Common Files\Java
2012-02-15 17:20 . 2012-02-15 17:53        --------        d-----w-        C:\sh4ldr
2012-02-15 17:20 . 2012-02-15 17:20        --------        d-----w-        c:\program files\Enigma Software Group
2012-02-15 17:19 . 2012-02-15 17:53        --------        d-----w-        c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-02-15 17:05 . 2012-02-15 17:05        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-02-15 17:05 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-15 17:00 . 2012-01-12 19:52        2044416        ----a-w-        c:\windows\system32\win32k.sys
2012-02-15 17:00 . 2011-12-20 10:56        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2012-02-15 17:00 . 2011-12-14 16:17        680448        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-15 10:25 . 2012-02-22 19:05        423        ----a-w-        c:\users\Public\{10584EDE-F64E-4d16-80BC-BA1BA0668199}.pif
2012-01-31 00:20 . 2012-01-31 00:20        --------        d-----w-        c:\users\Admin\AppData\Local\PDF24
2012-01-31 00:19 . 2012-01-31 00:19        --------        d-----w-        c:\program files\PDF24
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 21:55 . 2010-07-19 22:32        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-01-26 23:21 . 2009-10-04 09:37        237072        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-25 15:59 . 2012-01-10 18:04        376320        ----a-w-        c:\windows\system32\winsrv.dll
2012-02-18 08:50 . 2011-05-18 10:18        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-10 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-22 202256]
"UCam_Menu"="c:\program files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"PDVD8LanguageShortcut"="c:\program files\HomeCinema\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"MDS_Menu"="c:\program files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2008-08-28 233472]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-08 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-08 13605408]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"AVP"="c:\program files\Kaspersky\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2012-01-21 220744]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMwBaAEMAOQAtAEUASwBBAFIAUwAtADYAUgBXAEcAQQAtAEEAQQBUAEMAVQAtAFYAUAA5AEYATgA&inst=NwA3AC0ANAA0ADgAOAA3ADAANgA2ADEALQBYAEwAKwAxAC0AVAA1AC0ARgBMACsAOQAtAEYAOQBNADYAKwAxAC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AA&prod=90&ver=9.0.872" [?]
.
c:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
{10584EDE-F64E-4d16-80BC-BA1BA0668199}.lnk - c:\windows\System32\rundll32.exe [2006-11-2 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files\WISO\Steuersoftware 2011\mshaktuell.exe [2011-2-14 1199400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANT Agent]
2011-11-07 15:16        14767976        ----a-w-        c:\program files\Garmin\ANT Agent\ANT Agent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
2004-01-14 01:10        409600        ----a-w-        c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-11 16:18        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 70453146
*Deregistered* - 70453146
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-11 17:43]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 23:18]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-12 23:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Free YouTube to MP3 Converter - c:\users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jbi9blw3.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
MSConfigStartUp-Skype - c:\program files\Skype\Phone\Skype.exe
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-_{E1A63F75-1F72-4450-980D-434496FFC646} - c:\program files\Corel\Corel Painter Essentials 4\MSILauncher {E1A63F75-1F72-4450-980D-434496FFC646}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-02-22 20:13
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-22  20:15:28
ComboFix-quarantined-files.txt  2012-02-22 19:15
.
Vor Suchlauf: 16 Verzeichnis(se), 111.606.095.872 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 114.634.649.600 Bytes frei
.
- - End Of File - - BE9CFF52489EB113E6A6685C658E4042
--- --- ---

kreisl 22.02.2012 20:41
Liste der Anhänge anzeigen (Anzahl: 2)
Ich habe den Computer neu gestatet.

Falls es Dir hilfr: Kasperky wirft immernoch
folgende Meldung aus: Bild1, Bild2

Die Datei c7e0edbe.exe scheint
problematisch zu sein.

cosinus 22.02.2012 21:17
Leeren wir den Müll mal mit OTL. Kaspersky bitte VORHER deaktivieren!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

kreisl 22.02.2012 21:39
Danke für das Sonderscript, Arne!

Computer wurde automatisch neu gestartet;
Kasperky spuckt die Meldung allerdings immernoch aus.

Kasperky gibt hier die Möglichkeit: "Korrigieren". Soll
ich das `Mal tun?

(Der user "test" und "T******" sind auch völlg
überflüssig. Aber das ist ja jetzt gerade nicht das
Wichtigste)

hier die OTL log

Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Admin
->Temp folder emptied: 33309 bytes
->Temporary Internet Files folder emptied: 5033665 bytes
->Java cache emptied: 91871987 bytes
->FireFox cache emptied: 49239302 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 501 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: T******
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1278833 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 49632 bytes
RecycleBin emptied: 30510535 bytes
 
Total Files Cleaned = 170,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02222012_212353

Files\Folders moved on Reboot...
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FLQJUSUA\bg_site_n[1].png moved successfully.

Registry entries deleted on Reboot...

cosinus 22.02.2012 21:58
Meckert Kaspersky immer noch die selbe Datei an?

kreisl 22.02.2012 22:22
Liste der Anhänge anzeigen (Anzahl: 1)
Ja, genau die selbe Datei wird angemeckert.

Soll ich auf "Korrigieren" klicken?

(Beim Starten gibts übrigens eine Meldung:
Bild 1. Diese existiert sei dem Scan mit ComboFix;
dies aber nur am Rande)

cosinus 22.02.2012 22:44
Hattest du Kaspersky VOR dem OTL-Fix deaktiviert?

kreisl 22.02.2012 22:56
Ja. Ich habe mir die Anleitungen ausgedruckt
und eine Abhakliste erstellt....definitiv ja!

edit: soll OTL im abgesicherten Modus laufen?

kreisl 22.02.2012 23:32
Ach Du Sch....!

Ich habe soeben gestöbert und im Verzeichnis
C:\Benutzer\Öffentlich\AppData\eMuleMorphXT
gefunden. Im Ornder "Incoming" sind Archive welche
alle die selbe Speicherkapazität haben (5.799KB).
Es sind genau 500 Archive. Die Archivnamen sind alle
unterschiedlich und die Namen der Archive treiben
mir die Schamesröte ins Gesicht! Das Programm taucht in
in der Liste aller installierten Prgramme (CCleaner) nicht auf!

Arne, ich habe dieses Programm nicht benutzt!
Pfandfinderehrenwort!

cosinus 23.02.2012 09:36
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:53 Uhr.
Seite 2 von 6 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131