| |
| |||||||
Log-Analyse und Auswertung: TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle ProgrammWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
13.07.2011, 12:13
| #1 | |
| |  TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Hallo trojaner-board-Community! Wie der Titel schon sagt versuche ich den "TR/Crypt.XPACK.Gen3"-Trojaner loszuwerden. Die Symptome sind wie beschrieben: ein schwarzer Desktophintergrund,ohne Icons , ohne Wallpaper; ein System welches nach 15-30min arbeiten zu rebooten beginnt (nach einigen ignorierten Aufforderungen neuzustarten und Warnungen dass Daten nicht gespeichert werden konnten und die Festplatte gefaehrdet ist); ein Browser, egal ob Internet Explorer oder Firefox der mich staendig auf irgendwelche dubiose Seiten redirected; was es super erschweren das Problem zu beheben bzw. danach zu recherchieren. Also angefangen hat alles damit dass ich fuer meine Tante, Avira installierte. Nach dem Abschluss, folgte ein Scan mit dem Fund des Trojaners und dem Kommentar, dass er doch harmlos sei. Seitdem ist es so als ob ein Geist im Computer waere. Was ich noch in Erfahrung bringen konnte ist, dass der Computer (eigentlich Laptop) auf den Philippinen neu aufgesetzt wurde, weil er bereits langsam geworden ist, vielleicht auch schon mit einem Virus zu kaempfen hatte. Zum Arbeiten hinzuzufuegen ist vielleicht noch dass ich mich in Amerika im Urlaub befinde und dass daher eine Zeitverschiebung zustande kommt. Ich werde natuerlich versuchen so oft als moeglich ins Board zu schauen und am Laptop zu seien, um das Problem so rasch als moeglich zu beseitigen. Leider bin ich nur noch bis 16. Juli, circa 6: oo Wiener Ortszeit hier. Ich hoffe auch wenn es sich vielleicht nur sehr schwer ausgeht den Trojaner bis dahin beseitigt, bzw. das System gereinigt haben, weil fuer sie wahrscheinlich das Ganze, ein Ding der Unmoeglichkeit wird. Eines ist mir jetzt noch aufgefallen. Die letzte Meldung die erscheint, bevor sich das System neustartet lautet: Zitat:
Ich hoffe die Infos sind zu gebrauchen und haenge jetzt noch die "logfiles" an. OTL: Code:
ATTFilter OTL logfile created on: 7/13/2011 4:27:15 AM - Run 3 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\user\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.99 Gb Total Physical Memory | 1.24 Gb Available Physical Memory | 62.38% Memory free 3.98 Gb Paging File | 3.10 Gb Available in Paging File | 77.93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 186.21 Gb Total Space | 150.23 Gb Free Space | 80.68% Space Free | Partition Type: NTFS Computer Name: USER-PC | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\ProgramData\RvPnjPacEdkXNJg.exe (CACE Technologies, Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\System32\SupportAppXL\cdrom_mon.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\attrib.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (Autorun CDROM Monitor) -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe () SRV - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated) DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated) DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated) DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation) DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation) DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation) DRV - (JRAID) -- C:\Windows\system32\DRIVERS\jraid.sys (JMicron Technology Corp.) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments) DRV - (R5U870FLx86) -- C:\Windows\System32\drivers\R5U870FLx86.sys (Ricoh) DRV - (R5U870FUx86) -- C:\Windows\System32\drivers\R5U870FUx86.sys (Ricoh) DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.41108.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/05 00:06:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/28 14:15:32 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\user\AppData\Roaming\Mozilla\Extensions [2011/05/28 14:15:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- [2011/07/05 00:06:19 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml O1 HOSTS File: ([2009/06/10 14:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [USB Security] C:\Program Files\USB Disk Security\USBGuard.exe (Zbshareware Lab) O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKCU..\Run: [RvPnjPacEdkXNJg] C:\ProgramData\RvPnjPacEdkXNJg.exe (CACE Technologies, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\Shell - "" = AutoRun O33 - MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\Shell - "" = AutoRun O33 - MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\Shell - "" = AutoRun O33 - MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\Shell - "" = AutoRun O33 - MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\Shell - "" = AutoRun O33 - MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {47B3BDBB-F2AE-4B55-95C8-921C25DB3B76} - .NET Framework ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/07/13 03:47:03 | 000,000,000 | -H-D | C] -- C:\Users\user\Desktop\first OTL without extra [2011/07/13 03:27:06 | 000,579,584 | -H-- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/07/10 19:01:28 | 000,489,472 | -H-- | C] (CACE Technologies, Inc.) -- C:\ProgramData\RvPnjPacEdkXNJg.exe [2011/06/27 09:23:08 | 000,000,000 | -H-D | C] -- C:\Users\user\Documents\priceAdvisorPage.do_files [2011/06/25 20:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\Safari [2011/06/25 20:29:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011/06/25 20:29:18 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/06/25 20:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/06/14 07:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/13 04:33:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/13 04:33:15 | 000,013,536 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/13 04:27:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/13 04:22:02 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2011/07/13 04:21:59 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/13 04:21:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/13 04:21:23 | 1603,067,904 | -HS- | M] () -- C:\hiberfil.sys [2011/07/13 03:27:17 | 000,579,584 | -H-- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2011/07/13 03:15:44 | 000,000,000 | -H-- | M] () -- C:\Users\user\defogger_reenable [2011/07/13 03:13:27 | 000,050,477 | -H-- | M] () -- C:\Users\user\Desktop\Defogger.exe [2011/07/13 02:20:46 | 000,412,464 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/10 19:11:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\29351672.exe [2011/07/10 19:01:18 | 000,489,472 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\RvPnjPacEdkXNJg.exe [2011/07/08 22:52:22 | 000,732,302 | ---- | M] () -- C:\Windows\System32\perfh019.dat [2011/07/08 22:52:22 | 000,700,410 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011/07/08 22:52:22 | 000,672,364 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/08 22:52:22 | 000,153,122 | ---- | M] () -- C:\Windows\System32\perfc019.dat [2011/07/08 22:52:22 | 000,150,142 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011/07/08 22:52:22 | 000,127,044 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/27 09:23:11 | 000,128,732 | -H-- | M] () -- C:\Users\user\Documents\priceAdvisorPage.do.htm [2011/06/25 20:47:17 | 000,002,503 | -H-- | M] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/06/17 12:35:50 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/06/17 12:35:50 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/13 03:15:44 | 000,000,000 | -H-- | C] () -- C:\Users\user\defogger_reenable [2011/07/13 03:13:26 | 000,050,477 | -H-- | C] () -- C:\Users\user\Desktop\Defogger.exe [2011/07/10 19:11:47 | 000,000,000 | -H-- | C] () -- C:\ProgramData\29351672.exe [2011/06/27 09:23:07 | 000,128,732 | -H-- | C] () -- C:\Users\user\Documents\priceAdvisorPage.do.htm [2011/06/25 20:47:17 | 000,002,503 | -H-- | C] () -- C:\Users\user\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/06/02 09:44:33 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2011/05/19 01:40:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll [2010/02/27 08:33:11 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010/02/21 11:13:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2010/02/21 06:42:50 | 000,732,302 | ---- | C] () -- C:\Windows\System32\perfh019.dat [2010/02/21 06:42:50 | 000,336,704 | ---- | C] () -- C:\Windows\System32\perfi019.dat [2010/02/21 06:42:50 | 000,153,122 | ---- | C] () -- C:\Windows\System32\perfc019.dat [2010/02/21 06:42:50 | 000,039,446 | ---- | C] () -- C:\Windows\System32\perfd019.dat [2010/02/21 06:34:12 | 000,700,410 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010/02/21 06:34:12 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010/02/21 06:34:12 | 000,150,142 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010/02/21 06:34:12 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009/09/23 19:16:08 | 002,050,952 | ---- | C] () -- C:\Windows\System32\igkrng400.bin [2009/07/13 21:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009/07/13 21:33:53 | 000,412,464 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2009/07/13 19:05:48 | 000,672,364 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2009/07/13 19:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2009/07/13 19:05:48 | 000,127,044 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2009/07/13 19:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2009/07/13 19:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2009/07/13 19:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2009/07/13 16:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009/07/13 16:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI ========== LOP Check ========== [2011/05/19 00:18:47 | 000,000,000 | -H-D | M] -- C:\Users\user\AppData\Roaming\Zbshareware Lab [2009/07/13 21:53:46 | 000,031,350 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011/07/08 23:44:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2009/07/13 21:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011/05/19 00:01:21 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011/06/25 20:47:14 | 000,000,000 | R--D | M] -- C:\Program Files [2011/07/13 04:22:57 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/05/18 23:24:10 | 000,000,000 | -HSD | M] -- C:\Recovery [2011/07/13 04:30:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/05/18 23:30:08 | 000,000,000 | R--D | M] -- C:\Users [2011/06/03 09:25:22 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2010/02/21 11:00:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_523cdab8f40fe558\explorer.exe [2009/07/13 18:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2010/02/21 11:28:58 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_521a6a60f42a067d\explorer.exe [2010/02/21 11:17:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2010/11/20 05:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2010/02/21 10:45:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2010/02/21 10:45:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2010/02/21 11:17:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe [2010/02/21 11:28:58 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\explorer.exe [2010/02/21 11:28:58 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_51ad6f73daf5e032\explorer.exe [2010/02/21 11:00:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_51c00e6ddae85c4b\explorer.exe < MD5 for: REGEDIT.EXE > [2009/07/13 18:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009/07/13 18:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe < MD5 for: USERINIT.EXE > [2010/11/20 05:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/13 18:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/13 18:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010/02/21 11:31:03 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1C4707299926AF0E555C2DC98E411B59 -- C:\Windows\System32\winlogon.exe [2010/02/21 11:31:03 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=1C4707299926AF0E555C2DC98E411B59 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20574_none_702cc58d4f5b790f\winlogon.exe [2010/02/21 11:21:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010/02/21 11:21:47 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010/11/20 05:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/13 18:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe [2010/02/21 11:10:27 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=AB59486E41610AB13B1555D7D585AE8F -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_705136794f3f8a98\winlogon.exe [2010/02/21 11:10:27 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=B151128D1FEBF745BC7EFDE9FACB165A -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_6fbf975e36292016\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-13 04:30:44 < > < End of report > Gmer: Code:
ATTFilter GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-07-13 05:34:34
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK2035GSS rev.DK022A
Running: 56oxjeuw.exe; Driver: C:\Users\user\AppData\Local\Temp\kxldapob.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C80A19 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBA352 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:200] 85E460B3
Thread System [4:208] 85E46923
Thread System [4:212] 85E477FB
Thread System [4:188] AA0A8F2E
---- EOF - GMER 1.0.15 ----
 |
|
13.07.2011, 12:19
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle ProgrammZitat:
__________________ |
|
13.07.2011, 18:15
| #3 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Wow, das war male ne schnelle Antwort.
__________________So hoffentlich jetzt mit der benoetigten logfile: Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Wednesday, July 13, 2011 05:59
Es wird nach 2789985 Virenstämmen gesucht.
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira AntiVir Personal - FREE Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : USER-PC
Versionsinformationen:
BUILD.DAT : 10.0.0.650 31822 Bytes 6/17/2011 15:21:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 6/17/2011 19:34:55
AVSCAN.DLL : 10.0.3.0 56168 Bytes 6/17/2011 19:35:46
LUKE.DLL : 10.0.3.2 104296 Bytes 6/17/2011 19:35:33
LUKERES.DLL : 10.0.0.0 13672 Bytes 1/14/2010 21:22:40
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 16:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 21:16:18
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 17:35:15
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 17:35:16
VBASE004.VDF : 7.11.8.178 2354176 Bytes 5/31/2011 16:36:18
VBASE005.VDF : 7.11.8.179 2048 Bytes 5/31/2011 19:18:22
VBASE006.VDF : 7.11.8.180 2048 Bytes 5/31/2011 19:18:22
VBASE007.VDF : 7.11.8.181 2048 Bytes 5/31/2011 19:18:23
VBASE008.VDF : 7.11.8.182 2048 Bytes 5/31/2011 19:18:23
VBASE009.VDF : 7.11.8.183 2048 Bytes 5/31/2011 19:18:23
VBASE010.VDF : 7.11.8.184 2048 Bytes 5/31/2011 19:18:23
VBASE011.VDF : 7.11.8.185 2048 Bytes 5/31/2011 19:18:23
VBASE012.VDF : 7.11.8.186 2048 Bytes 5/31/2011 19:18:23
VBASE013.VDF : 7.11.8.222 121856 Bytes 6/2/2011 08:49:15
VBASE014.VDF : 7.11.9.7 134656 Bytes 6/4/2011 22:10:35
VBASE015.VDF : 7.11.9.42 136192 Bytes 6/6/2011 22:39:56
VBASE016.VDF : 7.11.9.72 117248 Bytes 6/7/2011 21:44:57
VBASE017.VDF : 7.11.9.107 130560 Bytes 6/9/2011 14:03:40
VBASE018.VDF : 7.11.9.143 132096 Bytes 6/10/2011 23:53:41
VBASE019.VDF : 7.11.9.172 141824 Bytes 6/14/2011 13:29:55
VBASE020.VDF : 7.11.9.214 144896 Bytes 6/15/2011 23:32:34
VBASE021.VDF : 7.11.9.244 196608 Bytes 6/16/2011 00:51:31
VBASE022.VDF : 7.11.9.245 2048 Bytes 6/16/2011 00:51:31
VBASE023.VDF : 7.11.9.246 2048 Bytes 6/16/2011 00:51:31
VBASE024.VDF : 7.11.9.247 2048 Bytes 6/16/2011 00:51:31
VBASE025.VDF : 7.11.9.248 2048 Bytes 6/16/2011 00:51:31
VBASE026.VDF : 7.11.9.249 2048 Bytes 6/16/2011 00:51:31
VBASE027.VDF : 7.11.9.250 2048 Bytes 6/16/2011 00:51:31
VBASE028.VDF : 7.11.9.251 2048 Bytes 6/16/2011 00:51:31
VBASE029.VDF : 7.11.9.252 2048 Bytes 6/16/2011 00:51:31
VBASE030.VDF : 7.11.9.253 2048 Bytes 6/16/2011 00:51:31
VBASE031.VDF : 7.11.10.5 45056 Bytes 6/17/2011 19:49:39
Engineversion : 8.2.5.20
AEVDF.DLL : 8.1.2.1 106868 Bytes 1/10/2011 21:15:55
AESCRIPT.DLL : 8.1.3.65 1606010 Bytes 6/16/2011 07:54:00
AESCN.DLL : 8.1.7.2 127349 Bytes 1/10/2011 21:15:54
AESBX.DLL : 8.2.1.34 323957 Bytes 6/2/2011 18:57:25
AERDL.DLL : 8.1.9.9 639347 Bytes 6/17/2011 19:34:32
AEPACK.DLL : 8.2.6.9 557429 Bytes 6/16/2011 07:54:00
AEOFFICE.DLL : 8.1.1.25 205178 Bytes 6/16/2011 07:54:00
AEHEUR.DLL : 8.1.2.128 3547512 Bytes 6/16/2011 07:54:00
AEHELP.DLL : 8.1.17.2 246135 Bytes 6/16/2011 07:54:00
AEGEN.DLL : 8.1.5.6 401780 Bytes 5/20/2011 17:35:17
AEEMU.DLL : 8.1.3.0 393589 Bytes 1/10/2011 21:15:48
AECORE.DLL : 8.1.21.1 196983 Bytes 5/28/2011 06:37:37
AEBB.DLL : 8.1.1.0 53618 Bytes 1/10/2011 21:15:48
AVWINLL.DLL : 10.0.0.0 19304 Bytes 4/21/2011 14:52:39
AVPREF.DLL : 10.0.0.0 44904 Bytes 6/17/2011 19:34:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2011 19:34:52
AVREG.DLL : 10.0.3.2 53096 Bytes 6/17/2011 19:34:52
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 6/17/2011 19:34:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 6/17/2011 19:34:40
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 6/17/2011 19:34:47
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 21:23:04
AVSMTP.DLL : 10.0.0.17 63848 Bytes 1/10/2011 21:16:00
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 21:23:03
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 6/17/2011 19:35:48
RCTEXT.DLL : 10.0.58.0 98152 Bytes 6/17/2011 19:35:48
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4e3f1d31\guard_slideup.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: hoch
Beginn des Suchlaufs: Wednesday, July 13, 2011 05:59
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ymsgr_tray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'attrib.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'attrib.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mobsync.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RvPnjPacEdkXNJg.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'GrooveMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'USBGuard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sqlservr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'cdrom_mon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\ProgramData\26795768.exe'
C:\ProgramData\26795768.exe
[FUND] Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a8637dd.qua' verschoben!
Ende des Suchlaufs: Wednesday, July 13, 2011 05:59
Benötigte Zeit: 00:09 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
57 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
56 Dateien ohne Befall
0 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
|
|
13.07.2011, 20:05
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.07.2011, 21:00
| #5 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Super, Danke! Werd' ich dann machen. Ich komme leider erst in ein paar Stunden zurück, darum kann ich die Files nicht jetzt gleich mitschicken. |
|
14.07.2011, 10:10
| #6 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm So! Leider spaet aber doch. Hier ist die logfile von Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Datenbank Version: 7121
Windows 6.1.7600
Internet Explorer 9.0.8112.16421
7/14/2011 5:01:54 AM
mbam-log-2011-07-14 (05-01-54).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 326306
Laufzeit: 1 Stunde(n), 14 Minute(n), 27 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
c:\programdata\rvpnjpacedkxnjg.exe (Trojan.FakeAlert) -> 3516 -> Failed to unload process.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RvPnjPacEdkXNJg (Trojan.FakeAlert) -> Value: RvPnjPacEdkXNJg -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\programdata\rvpnjpacedkxnjg.exe (Trojan.FakeAlert) -> Delete on reboot.
c:\programdata\29351672.exe (Trojan.Agent) -> Quarantined and deleted successfully.
|
|
14.07.2011, 11:30
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O4 - HKCU..\Run: [RvPnjPacEdkXNJg] C:\ProgramData\RvPnjPacEdkXNJg.exe (CACE Technologies, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 14:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\Shell - "" = AutoRun
O33 - MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
[2011/07/10 19:11:47 | 000,000,000 | -H-- | M] () -- C:\ProgramData\29351672.exe
[2011/07/10 19:01:18 | 000,489,472 | -H-- | M] (CACE Technologies, Inc.) -- C:\ProgramData\RvPnjPacEdkXNJg.exe
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2011, 11:50
| #8 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Hi! Hier ist die logfile vom OTL-Fix: Code:
ATTFilter ========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RvPnjPacEdkXNJg not found.
File C:\ProgramData\RvPnjPacEdkXNJg.exe not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4d2a82e3-82b2-11e0-b904-001a8040a5f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b4d861-82be-11e0-a560-001a8040a5f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{59b4d861-82be-11e0-a560-001a8040a5f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59b4d861-82be-11e0-a560-001a8040a5f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc40f7-82dc-11e0-a82e-001a8040a5f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9ad7f82a-9165-11e0-af33-001a8040a5f9}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{be5636f5-8cb1-11e0-9280-001a8040a5f9}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
File C:\ProgramData\29351672.exe not found.
File C:\ProgramData\RvPnjPacEdkXNJg.exe not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.26.1 log created on 07142011_064205
|
|
14.07.2011, 12:50
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2011, 15:30
| #10 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Hey! Danke dass du so daran bist. Das ist die logfile vom TDSSKiller: Code:
ATTFilter 2011/07/14 10:19:23.0472 2552 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/14 10:19:24.0001 2552 ================================================================================
2011/07/14 10:19:24.0001 2552 SystemInfo:
2011/07/14 10:19:24.0001 2552
2011/07/14 10:19:24.0001 2552 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/14 10:19:24.0001 2552 Product type: Workstation
2011/07/14 10:19:24.0001 2552 ComputerName: USER-PC
2011/07/14 10:19:24.0001 2552 UserName: user
2011/07/14 10:19:24.0002 2552 Windows directory: C:\Windows
2011/07/14 10:19:24.0002 2552 System windows directory: C:\Windows
2011/07/14 10:19:24.0002 2552 Processor architecture: Intel x86
2011/07/14 10:19:24.0002 2552 Number of processors: 2
2011/07/14 10:19:24.0002 2552 Page size: 0x1000
2011/07/14 10:19:24.0002 2552 Boot type: Normal boot
2011/07/14 10:19:24.0002 2552 ================================================================================
2011/07/14 10:19:25.0605 2552 Initialize success
2011/07/14 10:19:46.0003 4204 ================================================================================
2011/07/14 10:19:46.0003 4204 Scan started
2011/07/14 10:19:46.0003 4204 Mode: Manual;
2011/07/14 10:19:46.0003 4204 ================================================================================
2011/07/14 10:19:47.0660 4204 1394ohci (b96e330044afcce6384061ed8c45b067) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/14 10:19:47.0702 4204 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/14 10:19:47.0743 4204 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/14 10:19:47.0799 4204 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/14 10:19:47.0960 4204 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/14 10:19:48.0013 4204 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/14 10:19:48.0099 4204 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/14 10:19:48.0269 4204 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/14 10:19:48.0310 4204 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/14 10:19:48.0355 4204 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/14 10:19:48.0385 4204 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/14 10:19:48.0415 4204 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/14 10:19:48.0449 4204 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/14 10:19:48.0511 4204 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/14 10:19:48.0658 4204 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/14 10:19:48.0693 4204 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/14 10:19:48.0728 4204 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/14 10:19:48.0959 4204 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/14 10:19:49.0031 4204 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/14 10:19:49.0068 4204 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/14 10:19:49.0252 4204 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/14 10:19:49.0285 4204 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/14 10:19:49.0518 4204 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/14 10:19:49.0557 4204 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/14 10:19:49.0620 4204 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/14 10:19:49.0782 4204 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/14 10:19:49.0855 4204 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/14 10:19:49.0898 4204 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/14 10:19:50.0081 4204 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/14 10:19:50.0122 4204 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/14 10:19:50.0174 4204 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/14 10:19:50.0219 4204 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/14 10:19:50.0364 4204 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/14 10:19:50.0398 4204 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/14 10:19:50.0438 4204 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/14 10:19:50.0469 4204 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/14 10:19:50.0537 4204 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/14 10:19:50.0572 4204 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/14 10:19:50.0696 4204 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/14 10:19:50.0743 4204 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/14 10:19:50.0814 4204 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/14 10:19:50.0847 4204 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/14 10:19:51.0004 4204 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/14 10:19:51.0063 4204 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/14 10:19:51.0086 4204 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/14 10:19:51.0135 4204 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/14 10:19:51.0313 4204 CSC (f825f3de9dfbd3f95f00697eb501b4fd) C:\Windows\system32\drivers\csc.sys
2011/07/14 10:19:51.0406 4204 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/14 10:19:51.0465 4204 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/14 10:19:51.0634 4204 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/14 10:19:51.0719 4204 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/14 10:19:51.0806 4204 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/14 10:19:52.0057 4204 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/14 10:19:52.0290 4204 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/14 10:19:52.0336 4204 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/14 10:19:52.0377 4204 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/14 10:19:52.0404 4204 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/14 10:19:52.0443 4204 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/14 10:19:52.0489 4204 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/14 10:19:52.0522 4204 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/14 10:19:52.0681 4204 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/14 10:19:52.0726 4204 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/14 10:19:52.0778 4204 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/14 10:19:52.0819 4204 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/14 10:19:52.0862 4204 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/14 10:19:52.0996 4204 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/14 10:19:53.0059 4204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/14 10:19:53.0268 4204 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/14 10:19:53.0313 4204 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/14 10:19:53.0352 4204 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/14 10:19:53.0384 4204 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/14 10:19:53.0537 4204 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/14 10:19:53.0581 4204 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/14 10:19:53.0626 4204 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/14 10:19:53.0683 4204 HTTP (c3c667cbd66399e7cadb7dbfef38382d) C:\Windows\system32\drivers\HTTP.sys
2011/07/14 10:19:53.0829 4204 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/14 10:19:53.0874 4204 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/14 10:19:53.0926 4204 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/14 10:19:54.0254 4204 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/14 10:19:54.0564 4204 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/14 10:19:54.0748 4204 IntcAzAudAddService (01abfe5f855dec02ee61a09a71586943) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/14 10:19:54.0926 4204 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/14 10:19:54.0962 4204 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/14 10:19:55.0014 4204 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/14 10:19:55.0039 4204 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/14 10:19:55.0102 4204 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/14 10:19:55.0273 4204 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/14 10:19:55.0314 4204 iScsiPrt (bb1b120fed24d379a9d523eb27f78953) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/14 10:19:55.0358 4204 JRAID (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/14 10:19:55.0389 4204 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/14 10:19:55.0431 4204 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/14 10:19:55.0544 4204 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/14 10:19:55.0590 4204 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/14 10:19:55.0646 4204 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/14 10:19:55.0728 4204 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/14 10:19:55.0841 4204 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/14 10:19:55.0871 4204 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/14 10:19:55.0901 4204 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/14 10:19:55.0938 4204 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/14 10:19:56.0109 4204 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/07/14 10:19:56.0254 4204 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/14 10:19:56.0429 4204 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/14 10:19:56.0472 4204 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/14 10:19:56.0530 4204 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/14 10:19:56.0559 4204 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/14 10:19:56.0683 4204 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/14 10:19:56.0723 4204 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/14 10:19:56.0757 4204 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/14 10:19:56.0788 4204 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/14 10:19:56.0825 4204 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/14 10:19:56.0964 4204 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/14 10:19:57.0031 4204 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/14 10:19:57.0078 4204 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/14 10:19:57.0116 4204 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/14 10:19:57.0273 4204 msahci (380597027b1488d3dddb1af4a4af5f69) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/14 10:19:57.0321 4204 msdsm (9fae90514bc7e5b6cb0b71e5a70b5d6f) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/14 10:19:57.0364 4204 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/14 10:19:57.0395 4204 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/14 10:19:57.0431 4204 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/14 10:19:57.0620 4204 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/14 10:19:57.0645 4204 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/14 10:19:57.0679 4204 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/14 10:19:57.0719 4204 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/14 10:19:57.0762 4204 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/14 10:19:57.0900 4204 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/14 10:19:57.0941 4204 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/14 10:19:57.0973 4204 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/14 10:19:58.0047 4204 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/14 10:19:58.0123 4204 NDIS (eee89ed812dea8ead72bd35e8a36ab67) C:\Windows\system32\drivers\ndis.sys
2011/07/14 10:19:58.0237 4204 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/14 10:19:58.0279 4204 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/14 10:19:58.0319 4204 Ndisuio (bf6d06b889915b252333ee887479c5ac) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/14 10:19:58.0369 4204 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/14 10:19:58.0412 4204 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/14 10:19:58.0443 4204 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/14 10:19:58.0556 4204 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/14 10:19:58.0766 4204 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/14 10:19:59.0046 4204 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/14 10:19:59.0090 4204 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/14 10:19:59.0134 4204 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/14 10:19:59.0217 4204 Ntfs (fed54e74411d02521adcbd4f05c30004) C:\Windows\system32\drivers\Ntfs.sys
2011/07/14 10:19:59.0372 4204 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/14 10:19:59.0409 4204 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/14 10:19:59.0463 4204 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/14 10:19:59.0501 4204 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/14 10:19:59.0631 4204 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/14 10:19:59.0700 4204 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/14 10:19:59.0734 4204 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/14 10:19:59.0765 4204 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/14 10:19:59.0906 4204 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\DRIVERS\pci.sys
2011/07/14 10:19:59.0939 4204 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/14 10:19:59.0977 4204 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/14 10:20:00.0012 4204 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/14 10:20:00.0166 4204 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/14 10:20:00.0273 4204 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/14 10:20:00.0318 4204 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/14 10:20:00.0383 4204 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/14 10:20:00.0548 4204 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/14 10:20:00.0615 4204 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/14 10:20:00.0733 4204 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/14 10:20:00.0801 4204 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/07/14 10:20:00.0842 4204 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/07/14 10:20:00.0883 4204 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/14 10:20:01.0003 4204 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/14 10:20:01.0064 4204 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/14 10:20:01.0104 4204 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/14 10:20:01.0148 4204 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/14 10:20:01.0283 4204 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/14 10:20:01.0348 4204 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/14 10:20:01.0380 4204 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/14 10:20:01.0438 4204 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/14 10:20:01.0563 4204 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/14 10:20:01.0613 4204 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/14 10:20:01.0648 4204 RDPWD (2ac60bd1ee821c8892d46271d6474d07) C:\Windows\system32\drivers\RDPWD.sys
2011/07/14 10:20:01.0698 4204 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/14 10:20:01.0762 4204 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/14 10:20:01.0855 4204 RTL8167 (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/14 10:20:01.0965 4204 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/14 10:20:02.0032 4204 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/14 10:20:02.0071 4204 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/14 10:20:02.0170 4204 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/14 10:20:02.0280 4204 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/14 10:20:02.0332 4204 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/14 10:20:02.0370 4204 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/14 10:20:02.0447 4204 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/07/14 10:20:02.0565 4204 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/14 10:20:02.0622 4204 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/14 10:20:02.0654 4204 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/14 10:20:02.0692 4204 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/14 10:20:02.0833 4204 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/14 10:20:02.0891 4204 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/14 10:20:02.0925 4204 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/14 10:20:02.0951 4204 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/14 10:20:03.0020 4204 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/14 10:20:03.0197 4204 srv (110ad8cd36f173e917b1145950042b79) C:\Windows\system32\DRIVERS\srv.sys
2011/07/14 10:20:03.0241 4204 srv2 (0460a195747ec2cb8d07b9634e85d637) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/14 10:20:03.0319 4204 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/14 10:20:03.0478 4204 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/14 10:20:03.0568 4204 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/14 10:20:03.0736 4204 srvnet (e461231d570586f158becc94c342cbe0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/14 10:20:03.0798 4204 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/14 10:20:03.0863 4204 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/14 10:20:03.0900 4204 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/14 10:20:04.0032 4204 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/14 10:20:04.0059 4204 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/14 10:20:04.0196 4204 Tcpip (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\drivers\tcpip.sys
2011/07/14 10:20:04.0346 4204 TCPIP6 (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/14 10:20:04.0421 4204 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/14 10:20:04.0459 4204 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/14 10:20:04.0500 4204 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/14 10:20:04.0553 4204 tdx (3ce2cc0b2b5e5b422dd20a2f0b340299) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/14 10:20:04.0656 4204 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/14 10:20:04.0744 4204 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2011/07/14 10:20:04.0820 4204 tssecsrv (9dff45630df6e13b48bc01b8e799a781) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/14 10:20:04.0865 4204 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/14 10:20:04.0996 4204 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/14 10:20:05.0041 4204 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/14 10:20:05.0090 4204 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/14 10:20:05.0129 4204 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/14 10:20:05.0175 4204 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/14 10:20:05.0357 4204 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/14 10:20:05.0409 4204 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/14 10:20:05.0444 4204 usbcir (6eb45c02e2c8a5dbf9a119f76ae9bd95) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/14 10:20:05.0496 4204 usbehci (8b6c14ffe8beb32ffaaca9fbce4a8e01) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/14 10:20:05.0608 4204 usbhub (f47d65c0d6ed5b82cba28904afa9a24d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/14 10:20:05.0665 4204 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/14 10:20:05.0702 4204 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/14 10:20:05.0742 4204 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/14 10:20:05.0846 4204 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/14 10:20:05.0911 4204 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/14 10:20:05.0968 4204 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/14 10:20:06.0015 4204 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/14 10:20:06.0112 4204 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/14 10:20:06.0157 4204 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/14 10:20:06.0183 4204 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/14 10:20:06.0210 4204 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/14 10:20:06.0255 4204 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/14 10:20:06.0296 4204 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/14 10:20:06.0346 4204 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/14 10:20:06.0396 4204 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/14 10:20:06.0512 4204 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/14 10:20:06.0566 4204 volsnap (f6aeec98d1f6a338548f4936f382eb71) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/14 10:20:06.0651 4204 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/14 10:20:06.0774 4204 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/14 10:20:06.0837 4204 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/14 10:20:06.0907 4204 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/14 10:20:06.0971 4204 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/14 10:20:07.0089 4204 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/14 10:20:07.0136 4204 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/14 10:20:07.0205 4204 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 10:20:07.0219 4204 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 10:20:07.0293 4204 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/14 10:20:07.0348 4204 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/14 10:20:07.0482 4204 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/14 10:20:07.0553 4204 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/14 10:20:07.0679 4204 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/14 10:20:07.0715 4204 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/14 10:20:07.0864 4204 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/14 10:20:07.0948 4204 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
2011/07/14 10:20:08.0018 4204 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/14 10:20:08.0118 4204 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/07/14 10:20:08.0230 4204 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/07/14 10:20:08.0313 4204 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/07/14 10:20:08.0348 4204 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0
2011/07/14 10:20:08.0354 4204 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0)
2011/07/14 10:20:08.0372 4204 Boot (0x1200) (a55ea2a04ae028c507ae13acea7c8df8) \Device\Harddisk0\DR0\Partition0
2011/07/14 10:20:08.0389 4204 Boot (0x1200) (1ef96485626bd805ea48ee76fdce2630) \Device\Harddisk0\DR0\Partition1
2011/07/14 10:20:08.0395 4204 ================================================================================
2011/07/14 10:20:08.0395 4204 Scan finished
2011/07/14 10:20:08.0395 4204 ================================================================================
2011/07/14 10:20:08.0408 6112 Detected object count: 1
2011/07/14 10:20:08.0408 6112 Actual detected object count: 1
2011/07/14 10:22:17.0124 6112 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot
2011/07/14 10:22:17.0124 6112 \Device\Harddisk0\DR0 - ok
2011/07/14 10:22:17.0158 6112 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure
|
|
14.07.2011, 17:13
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle ProgrammZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2011, 21:14
| #12 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm So das ist der TDSSKiller-Log zur Kontrolle: Code:
ATTFilter 2011/07/14 16:02:57.0566 3676 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/14 16:02:58.0034 3676 ================================================================================
2011/07/14 16:02:58.0034 3676 SystemInfo:
2011/07/14 16:02:58.0034 3676
2011/07/14 16:02:58.0034 3676 OS Version: 6.1.7600 ServicePack: 0.0
2011/07/14 16:02:58.0034 3676 Product type: Workstation
2011/07/14 16:02:58.0034 3676 ComputerName: USER-PC
2011/07/14 16:02:58.0034 3676 UserName: user
2011/07/14 16:02:58.0034 3676 Windows directory: C:\Windows
2011/07/14 16:02:58.0034 3676 System windows directory: C:\Windows
2011/07/14 16:02:58.0034 3676 Processor architecture: Intel x86
2011/07/14 16:02:58.0034 3676 Number of processors: 2
2011/07/14 16:02:58.0034 3676 Page size: 0x1000
2011/07/14 16:02:58.0034 3676 Boot type: Normal boot
2011/07/14 16:02:58.0034 3676 ================================================================================
2011/07/14 16:02:59.0188 3676 Initialize success
2011/07/14 16:03:04.0352 1812 ================================================================================
2011/07/14 16:03:04.0352 1812 Scan started
2011/07/14 16:03:04.0352 1812 Mode: Manual;
2011/07/14 16:03:04.0352 1812 ================================================================================
2011/07/14 16:03:05.0506 1812 1394ohci (b96e330044afcce6384061ed8c45b067) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/14 16:03:05.0553 1812 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/14 16:03:05.0584 1812 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/14 16:03:05.0647 1812 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/14 16:03:05.0818 1812 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/14 16:03:05.0881 1812 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/14 16:03:05.0959 1812 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/14 16:03:06.0130 1812 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/14 16:03:06.0177 1812 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/14 16:03:06.0208 1812 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/14 16:03:06.0255 1812 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/14 16:03:06.0302 1812 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/14 16:03:06.0333 1812 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/14 16:03:06.0364 1812 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/14 16:03:06.0489 1812 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/14 16:03:06.0520 1812 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/14 16:03:06.0567 1812 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/14 16:03:06.0770 1812 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/14 16:03:06.0832 1812 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/14 16:03:06.0879 1812 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/14 16:03:07.0051 1812 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/14 16:03:07.0082 1812 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/14 16:03:07.0316 1812 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/14 16:03:07.0347 1812 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/14 16:03:07.0441 1812 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/14 16:03:07.0488 1812 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/14 16:03:07.0659 1812 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/14 16:03:07.0722 1812 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/14 16:03:07.0784 1812 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/14 16:03:07.0846 1812 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/14 16:03:07.0971 1812 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/14 16:03:08.0034 1812 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/14 16:03:08.0065 1812 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/14 16:03:08.0096 1812 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/14 16:03:08.0112 1812 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/14 16:03:08.0158 1812 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/14 16:03:08.0314 1812 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/14 16:03:08.0361 1812 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/14 16:03:08.0408 1812 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/14 16:03:08.0470 1812 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/14 16:03:08.0626 1812 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/14 16:03:08.0673 1812 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/14 16:03:08.0720 1812 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/14 16:03:08.0767 1812 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/14 16:03:08.0798 1812 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/14 16:03:08.0860 1812 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/14 16:03:09.0032 1812 CSC (f825f3de9dfbd3f95f00697eb501b4fd) C:\Windows\system32\drivers\csc.sys
2011/07/14 16:03:09.0110 1812 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/14 16:03:09.0188 1812 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/14 16:03:09.0235 1812 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/14 16:03:09.0391 1812 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/14 16:03:09.0484 1812 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/14 16:03:09.0687 1812 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/14 16:03:09.0968 1812 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/14 16:03:10.0015 1812 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/14 16:03:10.0077 1812 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/14 16:03:10.0108 1812 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/14 16:03:10.0280 1812 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/14 16:03:10.0327 1812 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/14 16:03:10.0358 1812 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/14 16:03:10.0389 1812 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/14 16:03:10.0436 1812 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/14 16:03:10.0483 1812 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/14 16:03:10.0608 1812 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/14 16:03:10.0654 1812 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/14 16:03:10.0686 1812 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/14 16:03:10.0748 1812 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/14 16:03:10.0951 1812 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/14 16:03:10.0998 1812 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/14 16:03:11.0029 1812 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/14 16:03:11.0060 1812 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/14 16:03:11.0122 1812 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/14 16:03:11.0247 1812 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/14 16:03:11.0310 1812 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/14 16:03:11.0356 1812 HTTP (c3c667cbd66399e7cadb7dbfef38382d) C:\Windows\system32\drivers\HTTP.sys
2011/07/14 16:03:11.0388 1812 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/14 16:03:11.0450 1812 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/14 16:03:11.0637 1812 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/14 16:03:11.0887 1812 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/14 16:03:12.0199 1812 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/14 16:03:12.0386 1812 IntcAzAudAddService (01abfe5f855dec02ee61a09a71586943) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/14 16:03:12.0604 1812 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/14 16:03:12.0636 1812 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/14 16:03:12.0698 1812 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/14 16:03:12.0714 1812 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/14 16:03:12.0776 1812 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/14 16:03:12.0948 1812 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/14 16:03:12.0994 1812 iScsiPrt (bb1b120fed24d379a9d523eb27f78953) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/14 16:03:13.0057 1812 JRAID (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/14 16:03:13.0228 1812 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/14 16:03:13.0260 1812 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/14 16:03:13.0306 1812 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/14 16:03:13.0338 1812 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/14 16:03:13.0400 1812 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/14 16:03:13.0572 1812 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/14 16:03:13.0618 1812 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/14 16:03:13.0665 1812 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/14 16:03:13.0712 1812 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/14 16:03:13.0743 1812 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/14 16:03:13.0930 1812 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/07/14 16:03:14.0071 1812 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/14 16:03:14.0274 1812 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/14 16:03:14.0320 1812 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/14 16:03:14.0398 1812 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/14 16:03:14.0430 1812 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/14 16:03:14.0570 1812 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/14 16:03:14.0617 1812 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/14 16:03:14.0648 1812 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/14 16:03:14.0679 1812 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/14 16:03:14.0710 1812 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/14 16:03:14.0898 1812 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/14 16:03:14.0960 1812 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/14 16:03:15.0007 1812 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/14 16:03:15.0054 1812 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/14 16:03:15.0210 1812 msahci (380597027b1488d3dddb1af4a4af5f69) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/14 16:03:15.0256 1812 msdsm (9fae90514bc7e5b6cb0b71e5a70b5d6f) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/14 16:03:15.0303 1812 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/14 16:03:15.0334 1812 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/14 16:03:15.0366 1812 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/14 16:03:15.0568 1812 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/14 16:03:15.0771 1812 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/14 16:03:15.0802 1812 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/14 16:03:15.0834 1812 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/14 16:03:15.0880 1812 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/14 16:03:16.0005 1812 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/14 16:03:16.0052 1812 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/14 16:03:16.0083 1812 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/14 16:03:16.0146 1812 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/14 16:03:16.0208 1812 NDIS (eee89ed812dea8ead72bd35e8a36ab67) C:\Windows\system32\drivers\ndis.sys
2011/07/14 16:03:16.0348 1812 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/14 16:03:16.0380 1812 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/14 16:03:16.0426 1812 Ndisuio (bf6d06b889915b252333ee887479c5ac) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/14 16:03:16.0458 1812 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/14 16:03:16.0520 1812 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/14 16:03:16.0645 1812 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/14 16:03:16.0692 1812 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/14 16:03:16.0894 1812 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/14 16:03:17.0175 1812 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/14 16:03:17.0238 1812 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/14 16:03:17.0316 1812 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/14 16:03:17.0394 1812 Ntfs (fed54e74411d02521adcbd4f05c30004) C:\Windows\system32\drivers\Ntfs.sys
2011/07/14 16:03:17.0565 1812 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/14 16:03:17.0596 1812 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/14 16:03:17.0674 1812 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/14 16:03:17.0706 1812 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/14 16:03:17.0846 1812 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/14 16:03:17.0940 1812 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/14 16:03:17.0971 1812 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/14 16:03:18.0002 1812 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/14 16:03:18.0158 1812 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\DRIVERS\pci.sys
2011/07/14 16:03:18.0189 1812 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/14 16:03:18.0220 1812 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/14 16:03:18.0267 1812 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/14 16:03:18.0423 1812 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/14 16:03:18.0548 1812 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/14 16:03:18.0595 1812 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/14 16:03:18.0642 1812 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/14 16:03:18.0844 1812 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/14 16:03:18.0907 1812 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/14 16:03:19.0063 1812 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/14 16:03:19.0141 1812 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/07/14 16:03:19.0172 1812 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/07/14 16:03:19.0250 1812 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/14 16:03:19.0390 1812 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/14 16:03:19.0453 1812 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/14 16:03:19.0500 1812 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/14 16:03:19.0546 1812 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/14 16:03:19.0702 1812 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/14 16:03:19.0749 1812 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/14 16:03:19.0780 1812 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/14 16:03:19.0827 1812 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/14 16:03:19.0968 1812 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/14 16:03:19.0999 1812 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/14 16:03:20.0046 1812 RDPWD (2ac60bd1ee821c8892d46271d6474d07) C:\Windows\system32\drivers\RDPWD.sys
2011/07/14 16:03:20.0092 1812 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/14 16:03:20.0155 1812 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/14 16:03:20.0233 1812 RTL8167 (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/14 16:03:20.0404 1812 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/14 16:03:20.0451 1812 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/14 16:03:20.0498 1812 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/14 16:03:20.0560 1812 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/14 16:03:20.0716 1812 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/14 16:03:20.0763 1812 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/14 16:03:20.0935 1812 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/14 16:03:21.0028 1812 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/07/14 16:03:21.0153 1812 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/14 16:03:21.0216 1812 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/14 16:03:21.0278 1812 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/14 16:03:21.0309 1812 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/14 16:03:21.0387 1812 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/14 16:03:21.0543 1812 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/14 16:03:21.0574 1812 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/14 16:03:21.0606 1812 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/14 16:03:21.0652 1812 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/14 16:03:21.0746 1812 srv (110ad8cd36f173e917b1145950042b79) C:\Windows\system32\DRIVERS\srv.sys
2011/07/14 16:03:21.0886 1812 srv2 (0460a195747ec2cb8d07b9634e85d637) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/14 16:03:21.0949 1812 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/14 16:03:22.0027 1812 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/14 16:03:22.0198 1812 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/14 16:03:22.0292 1812 srvnet (e461231d570586f158becc94c342cbe0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/14 16:03:22.0354 1812 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/14 16:03:22.0510 1812 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/14 16:03:22.0542 1812 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/14 16:03:22.0588 1812 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/14 16:03:22.0635 1812 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/14 16:03:22.0760 1812 Tcpip (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\drivers\tcpip.sys
2011/07/14 16:03:22.0916 1812 TCPIP6 (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/14 16:03:22.0978 1812 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/14 16:03:23.0025 1812 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/14 16:03:23.0056 1812 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/14 16:03:23.0103 1812 tdx (3ce2cc0b2b5e5b422dd20a2f0b340299) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/14 16:03:23.0244 1812 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/14 16:03:23.0368 1812 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2011/07/14 16:03:23.0446 1812 tssecsrv (9dff45630df6e13b48bc01b8e799a781) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/14 16:03:23.0478 1812 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/14 16:03:23.0634 1812 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/14 16:03:23.0680 1812 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/14 16:03:23.0743 1812 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/14 16:03:23.0774 1812 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/14 16:03:23.0805 1812 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/14 16:03:23.0992 1812 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/14 16:03:24.0039 1812 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/14 16:03:24.0086 1812 usbcir (6eb45c02e2c8a5dbf9a119f76ae9bd95) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/14 16:03:24.0117 1812 usbehci (8b6c14ffe8beb32ffaaca9fbce4a8e01) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/14 16:03:24.0164 1812 usbhub (f47d65c0d6ed5b82cba28904afa9a24d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/14 16:03:24.0304 1812 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/14 16:03:24.0351 1812 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/14 16:03:24.0398 1812 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/14 16:03:24.0445 1812 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/14 16:03:24.0601 1812 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/14 16:03:24.0679 1812 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/14 16:03:24.0710 1812 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/14 16:03:24.0741 1812 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/14 16:03:24.0882 1812 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/14 16:03:24.0913 1812 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/14 16:03:24.0944 1812 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/14 16:03:24.0975 1812 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/14 16:03:25.0006 1812 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/14 16:03:25.0069 1812 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/14 16:03:25.0131 1812 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/14 16:03:25.0272 1812 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/14 16:03:25.0350 1812 volsnap (f6aeec98d1f6a338548f4936f382eb71) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/14 16:03:25.0412 1812 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/14 16:03:25.0584 1812 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/14 16:03:25.0646 1812 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/14 16:03:25.0708 1812 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/14 16:03:25.0755 1812 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/14 16:03:25.0896 1812 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/14 16:03:25.0958 1812 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/14 16:03:26.0020 1812 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 16:03:26.0036 1812 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 16:03:26.0114 1812 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/14 16:03:26.0161 1812 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/14 16:03:26.0301 1812 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/14 16:03:26.0348 1812 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/14 16:03:26.0473 1812 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/14 16:03:26.0535 1812 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/14 16:03:26.0598 1812 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/14 16:03:26.0722 1812 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
2011/07/14 16:03:26.0785 1812 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/14 16:03:26.0894 1812 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/07/14 16:03:26.0972 1812 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/07/14 16:03:27.0050 1812 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/07/14 16:03:27.0081 1812 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/14 16:03:27.0097 1812 Boot (0x1200) (a55ea2a04ae028c507ae13acea7c8df8) \Device\Harddisk0\DR0\Partition0
2011/07/14 16:03:27.0128 1812 Boot (0x1200) (1ef96485626bd805ea48ee76fdce2630) \Device\Harddisk0\DR0\Partition1
2011/07/14 16:03:27.0128 1812 ================================================================================
2011/07/14 16:03:27.0128 1812 Scan finished
2011/07/14 16:03:27.0128 1812 ================================================================================
2011/07/14 16:03:27.0144 2872 Detected object count: 0
2011/07/14 16:03:27.0144 2872 Actual detected object count: 0
2011/07/14 16:05:27.0591 2020 ================================================================================
2011/07/14 16:05:27.0591 2020 Scan started
2011/07/14 16:05:27.0591 2020 Mode: Manual;
2011/07/14 16:05:27.0591 2020 ================================================================================
2011/07/14 16:05:28.0059 2020 1394ohci (b96e330044afcce6384061ed8c45b067) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/14 16:05:28.0091 2020 ACPI (c69d550c6b3f8f32913e7e5200de8dd9) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/14 16:05:28.0122 2020 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/14 16:05:28.0169 2020 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/14 16:05:28.0309 2020 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/14 16:05:28.0356 2020 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/14 16:05:28.0418 2020 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/14 16:05:28.0574 2020 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/14 16:05:28.0621 2020 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/14 16:05:28.0652 2020 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/14 16:05:28.0683 2020 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/14 16:05:28.0699 2020 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/14 16:05:28.0730 2020 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/14 16:05:28.0761 2020 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/14 16:05:28.0902 2020 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/14 16:05:28.0964 2020 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/14 16:05:28.0995 2020 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/14 16:05:29.0027 2020 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/14 16:05:29.0073 2020 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/14 16:05:29.0105 2020 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/14 16:05:29.0151 2020 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/14 16:05:29.0183 2020 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/14 16:05:29.0354 2020 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/14 16:05:29.0401 2020 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/14 16:05:29.0463 2020 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/14 16:05:29.0510 2020 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/14 16:05:29.0666 2020 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/14 16:05:29.0713 2020 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/14 16:05:29.0760 2020 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/14 16:05:29.0807 2020 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/14 16:05:29.0838 2020 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/14 16:05:29.0978 2020 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/14 16:05:30.0009 2020 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/14 16:05:30.0056 2020 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/14 16:05:30.0087 2020 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/14 16:05:30.0119 2020 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/14 16:05:30.0165 2020 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/14 16:05:30.0306 2020 cdrom (bb63132c854bc53d2826f4d4b92c9c35) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/14 16:05:30.0353 2020 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/14 16:05:30.0399 2020 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/14 16:05:30.0446 2020 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/14 16:05:30.0602 2020 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/14 16:05:30.0633 2020 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/14 16:05:30.0665 2020 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/14 16:05:30.0711 2020 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/14 16:05:30.0743 2020 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/14 16:05:30.0930 2020 CSC (f825f3de9dfbd3f95f00697eb501b4fd) C:\Windows\system32\drivers\csc.sys
2011/07/14 16:05:31.0101 2020 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/14 16:05:31.0164 2020 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/14 16:05:31.0211 2020 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/14 16:05:31.0367 2020 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/14 16:05:31.0460 2020 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/14 16:05:31.0601 2020 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/14 16:05:31.0803 2020 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/14 16:05:31.0835 2020 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/14 16:05:31.0866 2020 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/14 16:05:31.0897 2020 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/14 16:05:31.0944 2020 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/14 16:05:31.0991 2020 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/14 16:05:32.0037 2020 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/14 16:05:32.0147 2020 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/14 16:05:32.0193 2020 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/14 16:05:32.0225 2020 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/14 16:05:32.0256 2020 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/14 16:05:32.0303 2020 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/14 16:05:32.0427 2020 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/14 16:05:32.0490 2020 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/14 16:05:32.0568 2020 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/14 16:05:32.0615 2020 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/14 16:05:32.0739 2020 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/14 16:05:32.0771 2020 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/14 16:05:32.0802 2020 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/14 16:05:32.0849 2020 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/14 16:05:32.0911 2020 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/14 16:05:33.0036 2020 HTTP (c3c667cbd66399e7cadb7dbfef38382d) C:\Windows\system32\drivers\HTTP.sys
2011/07/14 16:05:33.0067 2020 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/14 16:05:33.0098 2020 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/14 16:05:33.0161 2020 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/07/14 16:05:33.0457 2020 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/07/14 16:05:33.0629 2020 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/14 16:05:33.0785 2020 IntcAzAudAddService (01abfe5f855dec02ee61a09a71586943) C:\Windows\system32\drivers\RTKVHDA.sys
2011/07/14 16:05:33.0941 2020 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/14 16:05:33.0972 2020 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/14 16:05:34.0003 2020 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/14 16:05:34.0034 2020 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/14 16:05:34.0065 2020 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/14 16:05:34.0097 2020 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/14 16:05:34.0237 2020 iScsiPrt (bb1b120fed24d379a9d523eb27f78953) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/14 16:05:34.0268 2020 JRAID (dc8e2779cdf0348a35aaffa3a1bde0c9) C:\Windows\system32\DRIVERS\jraid.sys
2011/07/14 16:05:34.0299 2020 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/14 16:05:34.0331 2020 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/14 16:05:34.0362 2020 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/14 16:05:34.0409 2020 KSecPkg (ebcc522bf6ee19dddfa00057e1d52039) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/14 16:05:34.0565 2020 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/14 16:05:34.0627 2020 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/14 16:05:34.0643 2020 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/14 16:05:34.0674 2020 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/14 16:05:34.0721 2020 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/14 16:05:34.0861 2020 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/14 16:05:34.0908 2020 massfilter (59a2783aba6019bed0c843c706e10a6a) C:\Windows\system32\drivers\massfilter.sys
2011/07/14 16:05:35.0001 2020 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\Windows\system32\drivers\mbamswissarmy.sys
2011/07/14 16:05:35.0064 2020 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/14 16:05:35.0220 2020 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/14 16:05:35.0282 2020 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/14 16:05:35.0313 2020 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/14 16:05:35.0329 2020 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/14 16:05:35.0391 2020 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/14 16:05:35.0516 2020 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/14 16:05:35.0547 2020 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/14 16:05:35.0594 2020 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/14 16:05:35.0657 2020 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/14 16:05:35.0844 2020 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/14 16:05:35.0891 2020 mrxsmb10 (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/14 16:05:35.0922 2020 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/14 16:05:35.0969 2020 msahci (380597027b1488d3dddb1af4a4af5f69) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/14 16:05:36.0125 2020 msdsm (9fae90514bc7e5b6cb0b71e5a70b5d6f) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/14 16:05:36.0265 2020 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/14 16:05:36.0296 2020 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/14 16:05:36.0343 2020 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/14 16:05:36.0390 2020 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/14 16:05:36.0437 2020 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/14 16:05:36.0577 2020 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/14 16:05:36.0608 2020 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/14 16:05:36.0655 2020 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/14 16:05:36.0686 2020 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/14 16:05:36.0717 2020 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/14 16:05:36.0764 2020 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/14 16:05:36.0889 2020 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/14 16:05:36.0951 2020 NDIS (eee89ed812dea8ead72bd35e8a36ab67) C:\Windows\system32\drivers\ndis.sys
2011/07/14 16:05:36.0983 2020 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/14 16:05:37.0029 2020 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/14 16:05:37.0154 2020 Ndisuio (bf6d06b889915b252333ee887479c5ac) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/14 16:05:37.0185 2020 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/14 16:05:37.0217 2020 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/14 16:05:37.0248 2020 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/14 16:05:37.0295 2020 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/14 16:05:37.0497 2020 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
2011/07/14 16:05:37.0685 2020 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/14 16:05:37.0716 2020 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/14 16:05:37.0747 2020 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/14 16:05:37.0825 2020 Ntfs (fed54e74411d02521adcbd4f05c30004) C:\Windows\system32\drivers\Ntfs.sys
2011/07/14 16:05:37.0997 2020 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/14 16:05:38.0028 2020 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/07/14 16:05:38.0075 2020 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/07/14 16:05:38.0106 2020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/14 16:05:38.0137 2020 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/14 16:05:38.0309 2020 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/14 16:05:38.0340 2020 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/14 16:05:38.0371 2020 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/14 16:05:38.0418 2020 pci (80a4748a0304715c29093311795ac448) C:\Windows\system32\DRIVERS\pci.sys
2011/07/14 16:05:38.0449 2020 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/14 16:05:38.0589 2020 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/14 16:05:38.0621 2020 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/14 16:05:38.0667 2020 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/14 16:05:38.0901 2020 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/14 16:05:38.0933 2020 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/14 16:05:38.0979 2020 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/14 16:05:39.0057 2020 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/14 16:05:39.0229 2020 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/14 16:05:39.0276 2020 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/14 16:05:39.0323 2020 R5U870FLx86 (9c9d24115f13af3aea05e1343a032bb1) C:\Windows\system32\Drivers\R5U870FLx86.sys
2011/07/14 16:05:39.0494 2020 R5U870FUx86 (18b4c879647661de37b49c2e48d65820) C:\Windows\system32\Drivers\R5U870FUx86.sys
2011/07/14 16:05:39.0525 2020 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/14 16:05:39.0572 2020 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/14 16:05:39.0697 2020 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/14 16:05:39.0744 2020 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/14 16:05:39.0775 2020 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/14 16:05:39.0822 2020 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/14 16:05:39.0869 2020 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/14 16:05:39.0978 2020 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/14 16:05:40.0025 2020 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/07/14 16:05:40.0040 2020 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/14 16:05:40.0071 2020 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/14 16:05:40.0103 2020 RDPWD (2ac60bd1ee821c8892d46271d6474d07) C:\Windows\system32\drivers\RDPWD.sys
2011/07/14 16:05:40.0149 2020 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/14 16:05:40.0227 2020 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/14 16:05:40.0352 2020 RTL8167 (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys
2011/07/14 16:05:40.0399 2020 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/07/14 16:05:40.0461 2020 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/14 16:05:40.0508 2020 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/14 16:05:40.0633 2020 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/14 16:05:40.0695 2020 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/14 16:05:40.0727 2020 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/14 16:05:40.0758 2020 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/14 16:05:40.0820 2020 SFEP (8b7c1768d2cde2e02e09a66563ddfd16) C:\Windows\system32\DRIVERS\SFEP.sys
2011/07/14 16:05:40.0976 2020 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/14 16:05:41.0007 2020 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/14 16:05:41.0039 2020 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/14 16:05:41.0085 2020 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/14 16:05:41.0132 2020 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/14 16:05:41.0273 2020 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/14 16:05:41.0366 2020 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/14 16:05:41.0382 2020 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/14 16:05:41.0429 2020 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/14 16:05:41.0522 2020 srv (110ad8cd36f173e917b1145950042b79) C:\Windows\system32\DRIVERS\srv.sys
2011/07/14 16:05:41.0569 2020 srv2 (0460a195747ec2cb8d07b9634e85d637) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/14 16:05:41.0709 2020 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/07/14 16:05:41.0772 2020 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/07/14 16:05:41.0834 2020 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/07/14 16:05:42.0006 2020 srvnet (e461231d570586f158becc94c342cbe0) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/14 16:05:42.0068 2020 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/14 16:05:42.0115 2020 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/14 16:05:42.0146 2020 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/07/14 16:05:42.0271 2020 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/07/14 16:05:42.0302 2020 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/14 16:05:42.0411 2020 Tcpip (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\drivers\tcpip.sys
2011/07/14 16:05:42.0552 2020 TCPIP6 (8861b9a06ba99c6e1d62d0c86dfab86c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/14 16:05:42.0614 2020 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/14 16:05:42.0645 2020 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/14 16:05:42.0677 2020 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/14 16:05:42.0723 2020 tdx (3ce2cc0b2b5e5b422dd20a2f0b340299) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/14 16:05:42.0755 2020 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/14 16:05:42.0911 2020 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\Windows\system32\drivers\tifm21.sys
2011/07/14 16:05:42.0973 2020 tssecsrv (9dff45630df6e13b48bc01b8e799a781) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/14 16:05:43.0020 2020 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/14 16:05:43.0051 2020 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/14 16:05:43.0191 2020 udfs (6557d75e8b7d6a06cdc21cd39dbf255c) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/14 16:05:43.0238 2020 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/14 16:05:43.0285 2020 umbus (71bbf3e8078d585abf27411a8986eb95) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/14 16:05:43.0332 2020 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/14 16:05:43.0394 2020 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
2011/07/14 16:05:43.0425 2020 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/14 16:05:43.0581 2020 usbcir (6eb45c02e2c8a5dbf9a119f76ae9bd95) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/14 16:05:43.0628 2020 usbehci (8b6c14ffe8beb32ffaaca9fbce4a8e01) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/14 16:05:43.0675 2020 usbhub (f47d65c0d6ed5b82cba28904afa9a24d) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/14 16:05:43.0706 2020 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/14 16:05:43.0753 2020 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/14 16:05:43.0862 2020 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/07/14 16:05:43.0909 2020 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/07/14 16:05:43.0956 2020 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
2011/07/14 16:05:44.0034 2020 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/14 16:05:44.0159 2020 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/14 16:05:44.0190 2020 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/14 16:05:44.0237 2020 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/14 16:05:44.0252 2020 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/14 16:05:44.0283 2020 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/14 16:05:44.0330 2020 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/14 16:05:44.0361 2020 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/07/14 16:05:44.0393 2020 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/07/14 16:05:44.0533 2020 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/14 16:05:44.0595 2020 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/14 16:05:44.0627 2020 volsnap (f6aeec98d1f6a338548f4936f382eb71) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/14 16:05:44.0689 2020 vpcbus (33e74df34753fcaab06f6f2bdc8cabf5) C:\Windows\system32\DRIVERS\vpchbus.sys
2011/07/14 16:05:44.0814 2020 vpcnfltr (5f04362ceb5fb5901037e9d9eadd3760) C:\Windows\system32\DRIVERS\vpcnfltr.sys
2011/07/14 16:05:44.0861 2020 vpcusb (625088d6ee9ede977fd03cf18d1cd5c5) C:\Windows\system32\DRIVERS\vpcusb.sys
2011/07/14 16:05:44.0907 2020 vpcvmm (1023c696d42268e9071bb376dbec8396) C:\Windows\system32\drivers\vpcvmm.sys
2011/07/14 16:05:44.0970 2020 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/14 16:05:45.0095 2020 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
2011/07/14 16:05:45.0141 2020 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/14 16:05:45.0188 2020 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 16:05:45.0219 2020 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/14 16:05:45.0282 2020 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/14 16:05:45.0360 2020 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/14 16:05:45.0516 2020 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/14 16:05:45.0547 2020 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/14 16:05:45.0625 2020 WinUsb (b5ba3cc19d00f2eba92f1cfbebb5d650) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/07/14 16:05:45.0703 2020 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/14 16:05:45.0765 2020 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/14 16:05:45.0906 2020 WudfPf (a52494b107afc92ddca21f0b64f83376) C:\Windows\system32\drivers\WudfPf.sys
2011/07/14 16:05:45.0953 2020 WUDFRd (90a541c607da0025ae75f0f3673945fe) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/14 16:05:46.0031 2020 ZTEusbmdm6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
2011/07/14 16:05:46.0062 2020 ZTEusbnmea (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
2011/07/14 16:05:46.0202 2020 ZTEusbser6k (3862318f85be7a91957ada5e814ed58c) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
2011/07/14 16:05:46.0249 2020 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/14 16:05:46.0265 2020 Boot (0x1200) (a55ea2a04ae028c507ae13acea7c8df8) \Device\Harddisk0\DR0\Partition0
2011/07/14 16:05:46.0280 2020 Boot (0x1200) (1ef96485626bd805ea48ee76fdce2630) \Device\Harddisk0\DR0\Partition1
2011/07/14 16:05:46.0296 2020 ================================================================================
2011/07/14 16:05:46.0296 2020 Scan finished
2011/07/14 16:05:46.0296 2020 ================================================================================
2011/07/14 16:05:46.0296 1496 Detected object count: 0
2011/07/14 16:05:46.0296 1496 Actual detected object count: 0
|
|
15.07.2011, 10:00
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2011, 19:21
| #14 |
| | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Hallo! ComboFix wurde mit der Fehlermeldung unexpected error unterbrochen. Die Icons in der Taskleiste sehen alle aus wie txt-Dateien. Hier ist die logfile: Code:
ATTFilter ComboFix 11-07-15.01 - user 07/15/2011 12:18:52.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1165 [GMT -7:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Uninstall Windows 7 Fix.lnk
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Fix\Windows 7 Fix.lnk
.
.
((((((((((((((((((((((((( Files Created from 2011-06-15 to 2011-07-15 )))))))))))))))))))))))))))))))
.
.
2011-07-15 19:26 . 2011-07-15 19:26 -------- d-----w- c:\users\user\AppData\Local\temp
2011-07-15 19:26 . 2011-07-15 19:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-15 19:15 . 2011-07-15 19:16 -------- d-----w- C:\32788R22FWJFW
2011-07-15 19:07 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DE336BB-309A-4CFD-8CCA-50FB1DF626F9}\mpengine.dll
2011-07-14 13:42 . 2011-07-14 13:42 -------- d-----w- C:\_OTL
2011-07-14 05:40 . 2011-07-14 05:40 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2011-07-14 05:40 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-14 05:40 . 2011-07-14 05:40 -------- d-----w- c:\programdata\Malwarebytes
2011-07-14 05:40 . 2011-07-14 05:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-13 04:28 . 2011-06-03 05:50 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-05 07:06 . 2011-07-05 07:06 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 07:06 . 2011-07-05 07:06 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-06-29 11:48 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-26 03:47 . 2011-06-26 03:47 -------- d-----w- c:\program files\Safari
2011-06-26 03:29 . 2011-06-26 03:29 -------- d-----w- c:\program files\iPod
2011-06-26 03:29 . 2011-06-26 03:29 -------- d-----w- c:\program files\iTunes
2011-06-26 03:22 . 2011-06-26 03:22 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-06-26 03:21 . 2011-06-26 03:21 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-26 03:20 . 2011-06-26 03:20 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-26 03:20 . 2011-06-26 03:20 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-21 07:08 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-21 07:08 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-21 07:08 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-21 04:33 . 2011-04-29 02:49 311808 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-21 04:33 . 2011-04-29 02:49 311808 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-21 04:33 . 2011-04-29 02:49 114688 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-21 04:33 . 2011-04-25 04:44 1298816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-21 04:33 . 2011-04-25 04:44 187264 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2011-06-21 04:33 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-21 04:33 . 2011-05-03 04:50 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-21 04:33 . 2011-04-27 02:33 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-21 04:33 . 2010-12-18 05:30 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-21 04:33 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-21 04:33 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-21 04:33 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-21 14:26 . 2011-05-31 07:02 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-17 19:35 . 2011-05-20 05:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-17 19:35 . 2011-05-20 05:09 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-03 16:33 . 2011-06-03 16:33 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-03 16:33 . 2011-06-03 16:33 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-03 16:33 . 2011-06-03 16:33 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-03 16:33 . 2011-06-03 16:33 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-06-03 16:33 . 2011-06-03 16:33 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-06-03 16:33 . 2011-06-03 16:33 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-03 16:33 . 2011-06-03 16:33 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-06-03 16:33 . 2011-06-03 16:33 367104 ----a-w- c:\windows\system32\html.iec
2011-06-03 16:33 . 2011-06-03 16:33 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-03 16:33 . 2011-06-03 16:33 161792 ----a-w- c:\windows\system32\msls31.dll
2011-06-03 16:33 . 2011-06-03 16:33 152064 ----a-w- c:\windows\system32\wextract.exe
2011-06-03 16:33 . 2011-06-03 16:33 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-06-03 16:33 . 2011-06-03 16:33 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-03 16:33 . 2011-06-03 16:33 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-06-03 16:33 . 2011-06-03 16:33 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-03 16:33 . 2011-06-03 16:33 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-06-03 16:33 . 2011-06-03 16:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-03 16:33 . 2011-06-03 16:33 11776 ----a-w- c:\windows\system32\mshta.exe
2011-06-03 16:33 . 2011-06-03 16:33 101888 ----a-w- c:\windows\system32\admparse.dll
2011-06-03 16:29 . 2011-06-03 16:29 801792 ----a-w- c:\windows\system32\FntCache.dll
2011-06-03 16:29 . 2011-06-03 16:29 739840 ----a-w- c:\windows\system32\d2d1.dll
2011-06-03 16:29 . 2011-06-03 16:29 728448 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2011-06-03 16:29 . 2011-06-03 16:29 442880 ----a-w- c:\windows\system32\XpsPrint.dll
2011-06-03 16:29 . 2011-06-03 16:29 3181568 ----a-w- c:\windows\system32\mf.dll
2011-06-03 16:29 . 2011-06-03 16:29 309760 ----a-w- c:\windows\system32\actxprxy.dll
2011-06-03 16:29 . 2011-06-03 16:29 283648 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-06-03 16:29 . 2011-06-03 16:29 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-06-03 16:29 . 2011-06-03 16:29 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
2011-06-03 16:29 . 2011-06-03 16:29 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-06-03 16:29 . 2011-06-03 16:29 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-03 16:29 . 2011-06-03 16:29 1495552 ----a-w- c:\windows\system32\ExplorerFrame.dll
2011-06-03 16:29 . 2011-06-03 16:29 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2011-06-03 16:29 . 2011-06-03 16:29 1170944 ----a-w- c:\windows\system32\d3d10warp.dll
2011-06-03 16:29 . 2011-06-03 16:29 1076736 ----a-w- c:\windows\system32\DWrite.dll
2011-06-03 16:29 . 2011-06-03 16:29 107520 ----a-w- c:\windows\system32\cdd.dll
2011-06-03 16:29 . 2011-06-03 16:29 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-06-02 17:01 . 2011-06-02 17:01 20480 ----a-w- c:\windows\system32\cliconfg.728
2011-05-25 02:14 . 2011-05-19 07:09 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 15:06 . 2011-05-10 15:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 15:06 . 2011-05-10 15:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-07-05 07:06 . 2011-05-28 21:15 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-11-05 6174008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"USB Security"="c:\program files\USB Disk Security\USBGuard.exe" [2011-02-01 623520]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 135664]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-21 13080]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 135664]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-10-18 9216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-05-29 39984]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-21 1343400]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [2011-02-17 87888]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2007-10-17 73472]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2007-10-17 43904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-12-19 249888]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2007-08-03 9344]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 16:16]
.
2011-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-20 16:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{1042B3FB-2D32-4019-9DCC-0CDC703CCD78}: NameServer = 121.1.3.168 121.1.3.250
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\crr56o23.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-15 12:42:08
ComboFix-quarantined-files.txt 2011-07-15 19:42
.
Pre-Run: 161,410,686,976 bytes free
Post-Run: 161,783,713,792 bytes free
.
- - End Of File - - AA15C2B8188B14EC08D9C24B97195C95
|
|
15.07.2011, 22:28
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu TR/Crypt.XPACK.Gen3, Desktop schwarz, Icons weg, System Neustart, Redirects, das volle Programm |
| antivir, bho, bingbar, c:\windows\system32\rundll32.exe, festplatte, helper, host.exe, internet explorer, launch, locker, neu aufgesetzt, plug-in, problem, scan, sched.exe, security scan, software, start menu, super, taskhost.exe, tr/crypt xpack.gen, tr/crypt.xpack.ge, tr/crypt.xpack.gen, tr/crypt.xpack.gen3, trojan.agent, trojan.fakealert, version=1.0, webcheck, windows |
Linear-Darstellung
