| |
| |||||||
Log-Analyse und Auswertung: BKA Trojaner und Andere!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
29.01.2012, 18:13
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  BKA Trojaner und Andere! Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 74 12 E2 BF 0B 54 CB 01 [binary data]
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - No CLSID value found
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
[2010.09.14 22:22:14 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O20 - HKLM Winlogon: UserInit - (C:\Users\***\AppData\Roaming\KGBvN0ZvUOHc.exe) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{18fa12e6-ca45-11df-91be-485b39eea4d9}\Shell - "" = AutoRun
O33 - MountPoints2\{18fa12e6-ca45-11df-91be-485b39eea4d9}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
MsConfig:64bit - StartUpReg: Babylon Client - hkey= - key= - C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
[2012.01.22 23:44:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint
[2012.01.22 23:43:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2012.01.22 23:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Conduit
[2012.01.22 23:43:35 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012.01.22 23:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012.01.22 23:41:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
@Alternate Data Stream - 48 bytes -> C:\Windows:664D5458B17D947A
:Files
C:\Program Files (x86)\Babylon
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.01.2012, 18:35
| #17 |
 | BKA Trojaner und Andere! Danke Arne, hier das Log
__________________Code:
ATTFilter All processes killed
========== OTL ==========
No active process named Updater.exe was found!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1b5hvi1m.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}\ deleted successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon\ deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon\ deleted successfully.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}\ not found.
File C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\***\AppData\Roaming\KGBvN0ZvUOHc.exe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18fa12e6-ca45-11df-91be-485b39eea4d9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18fa12e6-ca45-11df-91be-485b39eea4d9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{18fa12e6-ca45-11df-91be-485b39eea4d9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18fa12e6-ca45-11df-91be-485b39eea4d9}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Babylon Client\ not found.
C:\Users\***\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Users\***\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Users\***\AppData\Roaming\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Users\***\AppData\Roaming\CheckPoint folder moved successfully.
C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.
C:\Program Files (x86)\Conduit folder moved successfully.
C:\Users\***\AppData\Local\Conduit folder moved successfully.
C:\Program Files\CheckPoint folder moved successfully.
C:\ProgramData\CheckPoint\ZoneAlarm\Data folder moved successfully.
C:\ProgramData\CheckPoint\ZoneAlarm folder moved successfully.
C:\ProgramData\CheckPoint folder moved successfully.
C:\Program Files (x86)\CheckPoint folder moved successfully.
ADS C:\Windows:664D5458B17D947A deleted successfully.
========== FILES ==========
C:\Program Files (x86)\Babylon\Babylon-Pro\Utils folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Updates folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Media\res folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Media folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Gloss folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Data\LDTs folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Data\BGLs folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Data folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Agent\Graphics folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro\Agent folder moved successfully.
C:\Program Files (x86)\Babylon\Babylon-Pro folder moved successfully.
C:\Program Files (x86)\Babylon folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: ***
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 147858 bytes
->Java cache emptied: 4727204 bytes
->FireFox cache emptied: 84361033 bytes
->Flash cache emptied: 470 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11087 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67798 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 85,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 01292012_183016
Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
|
|
29.01.2012, 19:23
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere! Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ |
|
29.01.2012, 19:49
| #19 |
| | BKA Trojaner und Andere! Hier das TDSS-Killer-Log hat anscheinend nichts gefunden Code:
ATTFilter 19:44:56.0207 1696 TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
19:44:56.0285 1696 ============================================================
19:44:56.0285 1696 Current date / time: 2012/01/29 19:44:56.0285
19:44:56.0285 1696 SystemInfo:
19:44:56.0285 1696
19:44:56.0285 1696 OS Version: 6.1.7601 ServicePack: 1.0
19:44:56.0285 1696 Product type: Workstation
19:44:56.0285 1696 ComputerName: ***-PC
19:44:56.0285 1696 UserName: ***
19:44:56.0285 1696 Windows directory: C:\Windows
19:44:56.0285 1696 System windows directory: C:\Windows
19:44:56.0285 1696 Running under WOW64
19:44:56.0285 1696 Processor architecture: Intel x64
19:44:56.0285 1696 Number of processors: 4
19:44:56.0285 1696 Page size: 0x1000
19:44:56.0285 1696 Boot type: Normal boot
19:44:56.0285 1696 ============================================================
19:44:57.0455 1696 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:44:57.0548 1696 Initialize success
19:45:27.0625 3952 ============================================================
19:45:27.0625 3952 Scan started
19:45:27.0625 3952 Mode: Manual; SigCheck; TDLFS;
19:45:27.0625 3952 ============================================================
19:45:28.0124 3952 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
19:45:28.0187 3952 1394ohci - ok
19:45:28.0218 3952 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
19:45:28.0234 3952 ACPI - ok
19:45:28.0265 3952 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
19:45:28.0296 3952 AcpiPmi - ok
19:45:28.0327 3952 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
19:45:28.0358 3952 adp94xx - ok
19:45:28.0374 3952 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
19:45:28.0390 3952 adpahci - ok
19:45:28.0405 3952 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
19:45:28.0421 3952 adpu320 - ok
19:45:28.0468 3952 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
19:45:28.0499 3952 AFD - ok
19:45:28.0514 3952 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
19:45:28.0530 3952 agp440 - ok
19:45:28.0546 3952 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
19:45:28.0561 3952 aliide - ok
19:45:28.0577 3952 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
19:45:28.0577 3952 amdide - ok
19:45:28.0608 3952 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
19:45:28.0624 3952 AmdK8 - ok
19:45:28.0904 3952 amdkmdag (8d8d3e85efd9dd9718f879a49f9180a4) C:\Windows\system32\DRIVERS\atikmdag.sys
19:45:29.0185 3952 amdkmdag - ok
19:45:29.0201 3952 amdkmdap (b5ec8aef50fe15b294ebc6aa3bda1be6) C:\Windows\system32\DRIVERS\atikmpag.sys
19:45:29.0248 3952 amdkmdap - ok
19:45:29.0263 3952 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
19:45:29.0263 3952 AmdPPM - ok
19:45:29.0294 3952 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
19:45:29.0310 3952 amdsata - ok
19:45:29.0326 3952 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
19:45:29.0341 3952 amdsbs - ok
19:45:29.0372 3952 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
19:45:29.0372 3952 amdxata - ok
19:45:29.0466 3952 AnyDVD (af9428517b74afd1c43c156b3ce11210) C:\Windows\system32\Drivers\AnyDVD.sys
19:45:29.0513 3952 AnyDVD - ok
19:45:29.0528 3952 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
19:45:29.0560 3952 AppID - ok
19:45:29.0591 3952 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
19:45:29.0606 3952 arc - ok
19:45:29.0622 3952 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
19:45:29.0638 3952 arcsas - ok
19:45:29.0669 3952 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
19:45:29.0700 3952 AsyncMac - ok
19:45:29.0716 3952 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
19:45:29.0731 3952 atapi - ok
19:45:29.0778 3952 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys
19:45:29.0856 3952 athr - ok
19:45:29.0887 3952 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
19:45:29.0903 3952 AtiHdmiService - ok
19:45:29.0918 3952 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:45:29.0918 3952 AtiPcie - ok
19:45:29.0965 3952 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
19:45:29.0965 3952 avgntflt - ok
19:45:29.0996 3952 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
19:45:30.0012 3952 avipbb - ok
19:45:30.0028 3952 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
19:45:30.0043 3952 avkmgr - ok
19:45:30.0059 3952 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
19:45:30.0106 3952 b06bdrv - ok
19:45:30.0121 3952 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
19:45:30.0152 3952 b57nd60a - ok
19:45:30.0168 3952 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
19:45:30.0199 3952 Beep - ok
19:45:30.0215 3952 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
19:45:30.0215 3952 blbdrive - ok
19:45:30.0246 3952 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
19:45:30.0277 3952 bowser - ok
19:45:30.0293 3952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:45:30.0324 3952 BrFiltLo - ok
19:45:30.0324 3952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:45:30.0340 3952 BrFiltUp - ok
19:45:30.0371 3952 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
19:45:30.0386 3952 Brserid - ok
19:45:30.0418 3952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
19:45:30.0433 3952 BrSerWdm - ok
19:45:30.0433 3952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:45:30.0464 3952 BrUsbMdm - ok
19:45:30.0480 3952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
19:45:30.0496 3952 BrUsbSer - ok
19:45:30.0527 3952 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
19:45:30.0542 3952 BTHMODEM - ok
19:45:30.0558 3952 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
19:45:30.0605 3952 cdfs - ok
19:45:30.0636 3952 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
19:45:30.0667 3952 cdrom - ok
19:45:30.0683 3952 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
19:45:30.0698 3952 circlass - ok
19:45:30.0730 3952 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
19:45:30.0730 3952 CLFS - ok
19:45:30.0761 3952 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
19:45:30.0776 3952 CmBatt - ok
19:45:30.0808 3952 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
19:45:30.0823 3952 cmdide - ok
19:45:30.0854 3952 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
19:45:30.0870 3952 CNG - ok
19:45:30.0886 3952 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
19:45:30.0886 3952 Compbatt - ok
19:45:30.0917 3952 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
19:45:30.0964 3952 CompositeBus - ok
19:45:30.0979 3952 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
19:45:30.0995 3952 crcdisk - ok
19:45:31.0026 3952 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
19:45:31.0057 3952 CSC - ok
19:45:31.0104 3952 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
19:45:31.0135 3952 DfsC - ok
19:45:31.0182 3952 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
19:45:31.0213 3952 discache - ok
19:45:31.0229 3952 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
19:45:31.0229 3952 Disk - ok
19:45:31.0260 3952 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
19:45:31.0291 3952 Dot4 - ok
19:45:31.0322 3952 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
19:45:31.0338 3952 Dot4Print - ok
19:45:31.0354 3952 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
19:45:31.0369 3952 dot4usb - ok
19:45:31.0385 3952 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
19:45:31.0416 3952 drmkaud - ok
19:45:31.0463 3952 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
19:45:31.0478 3952 DXGKrnl - ok
19:45:31.0556 3952 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
19:45:31.0634 3952 ebdrv - ok
19:45:31.0650 3952 ElbyCDFL - ok
19:45:31.0681 3952 ElbyCDIO (a14d6e3ef78f6d6ac42f98d633f2400a) C:\Windows\system32\Drivers\ElbyCDIO.sys
19:45:31.0697 3952 ElbyCDIO - ok
19:45:31.0712 3952 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
19:45:31.0744 3952 elxstor - ok
19:45:31.0775 3952 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
19:45:31.0790 3952 ErrDev - ok
19:45:31.0822 3952 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
19:45:31.0837 3952 exfat - ok
19:45:31.0853 3952 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
19:45:31.0900 3952 fastfat - ok
19:45:31.0931 3952 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
19:45:31.0962 3952 fdc - ok
19:45:31.0993 3952 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
19:45:31.0993 3952 FileInfo - ok
19:45:32.0009 3952 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
19:45:32.0056 3952 Filetrace - ok
19:45:32.0071 3952 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
19:45:32.0087 3952 flpydisk - ok
19:45:32.0118 3952 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
19:45:32.0118 3952 FltMgr - ok
19:45:32.0134 3952 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
19:45:32.0149 3952 FsDepends - ok
19:45:32.0165 3952 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
19:45:32.0165 3952 Fs_Rec - ok
19:45:32.0212 3952 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
19:45:32.0227 3952 fvevol - ok
19:45:32.0243 3952 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:45:32.0243 3952 gagp30kx - ok
19:45:32.0274 3952 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
19:45:32.0274 3952 hcw85cir - ok
19:45:32.0321 3952 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
19:45:32.0352 3952 HdAudAddService - ok
19:45:32.0368 3952 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
19:45:32.0399 3952 HDAudBus - ok
19:45:32.0414 3952 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
19:45:32.0430 3952 HidBatt - ok
19:45:32.0446 3952 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
19:45:32.0461 3952 HidBth - ok
19:45:32.0477 3952 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
19:45:32.0492 3952 HidIr - ok
19:45:32.0508 3952 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
19:45:32.0508 3952 HidUsb - ok
19:45:32.0539 3952 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
19:45:32.0555 3952 HpSAMD - ok
19:45:32.0586 3952 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
19:45:32.0617 3952 HTTP - ok
19:45:32.0648 3952 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
19:45:32.0648 3952 hwpolicy - ok
19:45:32.0680 3952 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
19:45:32.0680 3952 i8042prt - ok
19:45:32.0711 3952 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
19:45:32.0742 3952 iaStorV - ok
19:45:32.0758 3952 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
19:45:32.0773 3952 iirsp - ok
19:45:32.0789 3952 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
19:45:32.0804 3952 intelide - ok
19:45:32.0820 3952 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
19:45:32.0836 3952 intelppm - ok
19:45:32.0867 3952 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:45:32.0898 3952 IpFilterDriver - ok
19:45:32.0929 3952 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
19:45:32.0945 3952 IPMIDRV - ok
19:45:32.0960 3952 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
19:45:32.0976 3952 IPNAT - ok
19:45:33.0007 3952 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
19:45:33.0038 3952 IRENUM - ok
19:45:33.0054 3952 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
19:45:33.0054 3952 isapnp - ok
19:45:33.0085 3952 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
19:45:33.0101 3952 iScsiPrt - ok
19:45:33.0116 3952 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
19:45:33.0132 3952 kbdclass - ok
19:45:33.0132 3952 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
19:45:33.0148 3952 kbdhid - ok
19:45:33.0194 3952 KMWDFILTER (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
19:45:33.0210 3952 KMWDFILTER - ok
19:45:33.0444 3952 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
19:45:33.0460 3952 KSecDD - ok
19:45:33.0538 3952 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
19:45:33.0538 3952 KSecPkg - ok
19:45:33.0553 3952 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
19:45:33.0600 3952 ksthunk - ok
19:45:33.0631 3952 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
19:45:33.0662 3952 lltdio - ok
19:45:33.0678 3952 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:45:33.0694 3952 LSI_FC - ok
19:45:33.0725 3952 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:45:33.0725 3952 LSI_SAS - ok
19:45:33.0740 3952 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:45:33.0756 3952 LSI_SAS2 - ok
19:45:33.0772 3952 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:45:33.0772 3952 LSI_SCSI - ok
19:45:33.0787 3952 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
19:45:33.0834 3952 luafv - ok
19:45:33.0865 3952 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:45:33.0881 3952 LVPr2M64 - ok
19:45:33.0896 3952 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:45:33.0896 3952 LVPr2Mon - ok
19:45:33.0943 3952 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys
19:45:33.0959 3952 LVRS64 - ok
19:45:34.0037 3952 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys
19:45:34.0099 3952 LVUVC64 - ok
19:45:34.0130 3952 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
19:45:34.0130 3952 megasas - ok
19:45:34.0162 3952 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
19:45:34.0177 3952 MegaSR - ok
19:45:34.0208 3952 MEMSWEEP2 - ok
19:45:34.0224 3952 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
19:45:34.0271 3952 Modem - ok
19:45:34.0286 3952 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
19:45:34.0302 3952 monitor - ok
19:45:34.0333 3952 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
19:45:34.0349 3952 mouclass - ok
19:45:34.0364 3952 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
19:45:34.0380 3952 mouhid - ok
19:45:34.0411 3952 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
19:45:34.0427 3952 mountmgr - ok
19:45:34.0458 3952 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
19:45:34.0458 3952 mpio - ok
19:45:34.0489 3952 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
19:45:34.0536 3952 mpsdrv - ok
19:45:34.0583 3952 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
19:45:34.0614 3952 MRxDAV - ok
19:45:34.0645 3952 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:45:34.0676 3952 mrxsmb - ok
19:45:34.0708 3952 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:45:34.0723 3952 mrxsmb10 - ok
19:45:34.0739 3952 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:45:34.0754 3952 mrxsmb20 - ok
19:45:34.0770 3952 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
19:45:34.0786 3952 msahci - ok
19:45:34.0801 3952 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
19:45:34.0817 3952 msdsm - ok
19:45:34.0832 3952 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
19:45:34.0864 3952 Msfs - ok
19:45:34.0879 3952 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
19:45:34.0926 3952 mshidkmdf - ok
19:45:34.0942 3952 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
19:45:34.0942 3952 msisadrv - ok
19:45:34.0973 3952 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
19:45:35.0004 3952 MSKSSRV - ok
19:45:35.0020 3952 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
19:45:35.0035 3952 MSPCLOCK - ok
19:45:35.0051 3952 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
19:45:35.0098 3952 MSPQM - ok
19:45:35.0129 3952 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
19:45:35.0144 3952 MsRPC - ok
19:45:35.0160 3952 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
19:45:35.0160 3952 mssmbios - ok
19:45:35.0191 3952 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
19:45:35.0222 3952 MSTEE - ok
19:45:35.0238 3952 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
19:45:35.0254 3952 MTConfig - ok
19:45:35.0269 3952 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
19:45:35.0285 3952 MTsensor - ok
19:45:35.0300 3952 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
19:45:35.0316 3952 Mup - ok
19:45:35.0347 3952 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
19:45:35.0378 3952 NativeWifiP - ok
19:45:35.0425 3952 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
19:45:35.0441 3952 NDIS - ok
19:45:35.0456 3952 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
19:45:35.0488 3952 NdisCap - ok
19:45:35.0503 3952 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
19:45:35.0550 3952 NdisTapi - ok
19:45:35.0581 3952 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
19:45:35.0612 3952 Ndisuio - ok
19:45:35.0628 3952 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
19:45:35.0690 3952 NdisWan - ok
19:45:35.0706 3952 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
19:45:35.0737 3952 NDProxy - ok
19:45:35.0753 3952 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
19:45:35.0784 3952 NetBIOS - ok
19:45:35.0815 3952 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
19:45:35.0862 3952 NetBT - ok
19:45:35.0893 3952 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
19:45:35.0893 3952 nfrd960 - ok
19:45:35.0909 3952 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
19:45:35.0940 3952 Npfs - ok
19:45:35.0956 3952 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
19:45:35.0987 3952 nsiproxy - ok
19:45:36.0049 3952 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
19:45:36.0080 3952 Ntfs - ok
19:45:36.0096 3952 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
19:45:36.0221 3952 Null - ok
19:45:36.0252 3952 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
19:45:36.0268 3952 nusb3hub - ok
19:45:36.0299 3952 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
19:45:36.0314 3952 nusb3xhc - ok
19:45:36.0346 3952 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
19:45:36.0361 3952 nvraid - ok
19:45:36.0377 3952 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
19:45:36.0392 3952 nvstor - ok
19:45:36.0408 3952 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
19:45:36.0408 3952 nv_agp - ok
19:45:36.0439 3952 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
19:45:36.0455 3952 ohci1394 - ok
19:45:36.0486 3952 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
19:45:36.0502 3952 Parport - ok
19:45:36.0548 3952 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
19:45:36.0548 3952 partmgr - ok
19:45:36.0564 3952 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
19:45:36.0580 3952 pci - ok
19:45:36.0580 3952 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
19:45:36.0595 3952 pciide - ok
19:45:36.0611 3952 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
19:45:36.0626 3952 pcmcia - ok
19:45:36.0642 3952 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
19:45:36.0658 3952 pcw - ok
19:45:36.0673 3952 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
19:45:36.0736 3952 PEAUTH - ok
19:45:36.0798 3952 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
19:45:36.0829 3952 PptpMiniport - ok
19:45:36.0845 3952 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
19:45:36.0876 3952 Processor - ok
19:45:36.0907 3952 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
19:45:36.0954 3952 Psched - ok
19:45:37.0001 3952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
19:45:37.0063 3952 ql2300 - ok
19:45:37.0094 3952 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
19:45:37.0110 3952 ql40xx - ok
19:45:37.0126 3952 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
19:45:37.0141 3952 QWAVEdrv - ok
19:45:37.0157 3952 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
19:45:37.0204 3952 RasAcd - ok
19:45:37.0235 3952 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:45:37.0266 3952 RasAgileVpn - ok
19:45:37.0297 3952 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:45:37.0328 3952 Rasl2tp - ok
19:45:37.0344 3952 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
19:45:37.0391 3952 RasPppoe - ok
19:45:37.0406 3952 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
19:45:37.0453 3952 RasSstp - ok
19:45:37.0484 3952 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
19:45:37.0516 3952 rdbss - ok
19:45:37.0531 3952 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
19:45:37.0562 3952 rdpbus - ok
19:45:37.0578 3952 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:45:37.0609 3952 RDPCDD - ok
19:45:37.0640 3952 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
19:45:37.0656 3952 RDPDR - ok
19:45:37.0687 3952 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
19:45:37.0718 3952 RDPENCDD - ok
19:45:37.0734 3952 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
19:45:37.0765 3952 RDPREFMP - ok
19:45:37.0796 3952 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
19:45:37.0828 3952 RDPWD - ok
19:45:37.0859 3952 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
19:45:37.0859 3952 rdyboost - ok
19:45:37.0890 3952 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
19:45:37.0921 3952 rspndr - ok
19:45:37.0952 3952 RTL8167 (8de1701afcc1855c6a9df28a25a0ef3e) C:\Windows\system32\DRIVERS\Rt64win7.sys
19:45:37.0968 3952 RTL8167 - ok
19:45:37.0999 3952 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
19:45:38.0015 3952 s3cap - ok
19:45:38.0108 3952 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
19:45:38.0108 3952 SASDIFSV - ok
19:45:38.0124 3952 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
19:45:38.0140 3952 SASKUTIL - ok
19:45:38.0140 3952 SAVRKBootTasks - ok
19:45:38.0186 3952 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
19:45:38.0202 3952 sbp2port - ok
19:45:38.0233 3952 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
19:45:38.0264 3952 scfilter - ok
19:45:38.0280 3952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:45:38.0311 3952 secdrv - ok
19:45:38.0342 3952 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
19:45:38.0358 3952 Serenum - ok
19:45:38.0389 3952 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
19:45:38.0420 3952 Serial - ok
19:45:38.0436 3952 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
19:45:38.0452 3952 sermouse - ok
19:45:38.0483 3952 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
19:45:38.0498 3952 sffdisk - ok
19:45:38.0514 3952 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
19:45:38.0530 3952 sffp_mmc - ok
19:45:38.0592 3952 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
19:45:38.0608 3952 sffp_sd - ok
19:45:38.0623 3952 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
19:45:38.0654 3952 sfloppy - ok
19:45:38.0701 3952 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:45:38.0701 3952 SiSRaid2 - ok
19:45:38.0732 3952 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
19:45:38.0732 3952 SiSRaid4 - ok
19:45:38.0748 3952 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
19:45:38.0779 3952 Smb - ok
19:45:38.0810 3952 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
19:45:38.0810 3952 spldr - ok
19:45:38.0857 3952 sptd (34f974f8b3c86de03a30dcbe79091c97) C:\Windows\System32\Drivers\sptd.sys
19:45:38.0888 3952 sptd - ok
19:45:38.0920 3952 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
19:45:38.0935 3952 srv - ok
19:45:38.0966 3952 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
19:45:38.0982 3952 srv2 - ok
19:45:38.0998 3952 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
19:45:39.0029 3952 srvnet - ok
19:45:39.0060 3952 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
19:45:39.0060 3952 stexstor - ok
19:45:39.0091 3952 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
19:45:39.0091 3952 storflt - ok
19:45:39.0122 3952 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
19:45:39.0122 3952 storvsc - ok
19:45:39.0154 3952 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
19:45:39.0154 3952 swenum - ok
19:45:39.0216 3952 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
19:45:39.0263 3952 Tcpip - ok
19:45:39.0310 3952 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
19:45:39.0341 3952 TCPIP6 - ok
19:45:39.0372 3952 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
19:45:39.0419 3952 tcpipreg - ok
19:45:39.0434 3952 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
19:45:39.0481 3952 TDPIPE - ok
19:45:39.0497 3952 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
19:45:39.0528 3952 TDTCP - ok
19:45:39.0559 3952 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
19:45:39.0590 3952 tdx - ok
19:45:39.0622 3952 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
19:45:39.0637 3952 TermDD - ok
19:45:39.0684 3952 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:45:39.0715 3952 tssecsrv - ok
19:45:39.0762 3952 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
19:45:39.0778 3952 TsUsbFlt - ok
19:45:39.0793 3952 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
19:45:39.0840 3952 tunnel - ok
19:45:39.0856 3952 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
19:45:39.0871 3952 uagp35 - ok
19:45:39.0902 3952 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
19:45:39.0934 3952 udfs - ok
19:45:39.0965 3952 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
19:45:39.0965 3952 uliagpkx - ok
19:45:39.0996 3952 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
19:45:40.0012 3952 umbus - ok
19:45:40.0027 3952 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
19:45:40.0043 3952 UmPass - ok
19:45:40.0090 3952 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
19:45:40.0121 3952 usbaudio - ok
19:45:40.0152 3952 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
19:45:40.0183 3952 usbccgp - ok
19:45:40.0214 3952 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
19:45:40.0230 3952 usbcir - ok
19:45:40.0261 3952 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
19:45:40.0277 3952 usbehci - ok
19:45:40.0292 3952 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
19:45:40.0308 3952 usbfilter - ok
19:45:40.0324 3952 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
19:45:40.0355 3952 usbhub - ok
19:45:40.0386 3952 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
19:45:40.0386 3952 usbohci - ok
19:45:40.0402 3952 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
19:45:40.0417 3952 usbprint - ok
19:45:40.0448 3952 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
19:45:40.0480 3952 usbscan - ok
19:45:40.0495 3952 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:45:40.0526 3952 USBSTOR - ok
19:45:40.0542 3952 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
19:45:40.0573 3952 usbuhci - ok
19:45:40.0589 3952 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
19:45:40.0604 3952 usb_rndisx - ok
19:45:40.0620 3952 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
19:45:40.0620 3952 vdrvroot - ok
19:45:40.0651 3952 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
19:45:40.0667 3952 vga - ok
19:45:40.0682 3952 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
19:45:40.0729 3952 VgaSave - ok
19:45:40.0745 3952 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
19:45:40.0760 3952 vhdmp - ok
19:45:40.0776 3952 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
19:45:40.0792 3952 viaide - ok
19:45:40.0807 3952 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
19:45:40.0807 3952 vmbus - ok
19:45:40.0823 3952 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
19:45:40.0838 3952 VMBusHID - ok
19:45:40.0870 3952 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
19:45:40.0870 3952 volmgr - ok
19:45:40.0901 3952 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
19:45:40.0916 3952 volmgrx - ok
19:45:40.0948 3952 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
19:45:40.0963 3952 volsnap - ok
19:45:40.0979 3952 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
19:45:40.0994 3952 vsmraid - ok
19:45:41.0010 3952 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
19:45:41.0041 3952 vwifibus - ok
19:45:41.0057 3952 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
19:45:41.0088 3952 vwififlt - ok
19:45:41.0104 3952 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
19:45:41.0119 3952 WacomPen - ok
19:45:41.0135 3952 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:41.0166 3952 WANARP - ok
19:45:41.0166 3952 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
19:45:41.0197 3952 Wanarpv6 - ok
19:45:41.0228 3952 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
19:45:41.0228 3952 Wd - ok
19:45:41.0260 3952 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
19:45:41.0275 3952 Wdf01000 - ok
19:45:41.0306 3952 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
19:45:41.0338 3952 WfpLwf - ok
19:45:41.0353 3952 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
19:45:41.0369 3952 WIMMount - ok
19:45:41.0416 3952 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
19:45:41.0447 3952 WinUsb - ok
19:45:41.0478 3952 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
19:45:41.0478 3952 WmiAcpi - ok
19:45:41.0509 3952 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
19:45:41.0540 3952 ws2ifsl - ok
19:45:41.0587 3952 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
19:45:41.0634 3952 WudfPf - ok
19:45:41.0650 3952 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:45:41.0681 3952 WUDFRd - ok
19:45:41.0712 3952 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:45:41.0837 3952 \Device\Harddisk0\DR0 - ok
19:45:41.0837 3952 Boot (0x1200) (8e54a165db20d98aa68ce1f0b42cd02e) \Device\Harddisk0\DR0\Partition0
19:45:41.0853 3952 \Device\Harddisk0\DR0\Partition0 - ok
19:45:41.0868 3952 Boot (0x1200) (3a9b28eef02de1b5c0b91c557ea81151) \Device\Harddisk0\DR0\Partition1
19:45:41.0868 3952 \Device\Harddisk0\DR0\Partition1 - ok
19:45:41.0884 3952 Boot (0x1200) (975d7d136488dfc42470a312b7a4d331) \Device\Harddisk0\DR0\Partition2
19:45:41.0884 3952 \Device\Harddisk0\DR0\Partition2 - ok
19:45:41.0899 3952 Boot (0x1200) (377df91eec91875d917c1d1987b55305) \Device\Harddisk0\DR0\Partition3
19:45:41.0899 3952 \Device\Harddisk0\DR0\Partition3 - ok
19:45:41.0899 3952 ============================================================
19:45:41.0899 3952 Scan finished
19:45:41.0899 3952 ============================================================
19:45:41.0915 0880 Detected object count: 0
19:45:41.0915 0880 Actual detected object count: 0
|
|
30.01.2012, 08:48
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 18:41
| #21 |
| | BKA Trojaner und Andere! Danke für die bisherige Hilfe! hier das ComboFix-log Code:
ATTFilter ComboFix 12-01-30.02 - *** 30.01.2012 18:31:26.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2906 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Roaming\chrtmp
c:\users\***\AppData\Roaming\System.Data.SQLite.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-12-28 bis 2012-01-30 ))))))))))))))))))))))))))))))
.
.
2012-01-30 17:36 . 2012-01-30 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-30 17:32 . 2012-01-30 17:32 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D78AEF-EECB-40A7-BB97-FA81F1DFB3AA}\offreg.dll
2012-01-30 17:27 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll
2012-01-30 17:26 . 2012-01-03 18:42 112056 ----a-w- c:\windows\SysWow64\acaptuser32.dll
2012-01-30 17:25 . 2012-01-03 07:22 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-01-30 17:24 . 2012-01-30 17:27 -------- d-----w- C:\_AcroTemp
2012-01-29 17:30 . 2012-01-29 17:30 -------- d-----w- C:\_OTL
2012-01-27 20:06 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7D78AEF-EECB-40A7-BB97-FA81F1DFB3AA}\mpengine.dll
2012-01-26 18:45 . 2012-01-26 18:45 -------- d-----w- c:\program files (x86)\ESET
2012-01-23 23:42 . 2011-05-12 13:05 18816 ------w- c:\windows\SysWow64\SAVRKBootTasks.sys
2012-01-22 21:10 . 2012-01-22 21:10 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-01-22 21:09 . 2012-01-22 21:09 -------- d-----w- c:\programdata\Malwarebytes
2012-01-22 21:09 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-22 21:09 . 2012-01-22 21:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-01-22 18:42 . 2012-01-22 18:42 -------- d-----w- c:\users\***\AppData\Roaming\Avira
2012-01-22 18:39 . 2012-01-29 17:30 -------- d-----w- c:\program files (x86)\Ask.com
2012-01-22 18:39 . 2012-01-22 18:40 -------- d-----w- c:\programdata\Avira
2012-01-22 18:39 . 2012-01-22 18:39 -------- d-----w- c:\program files (x86)\Avira
2012-01-22 18:39 . 2011-12-15 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-22 18:39 . 2011-12-15 13:59 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-22 18:39 . 2011-12-15 13:59 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-22 18:38 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-22 18:38 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-22 18:38 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-22 18:38 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-22 18:38 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-22 18:38 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-22 18:38 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-22 18:38 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-03 11:22 . 2012-01-03 11:22 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-03 11:22 . 2012-01-03 11:22 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-03 11:22 . 2012-01-03 11:22 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-03 11:22 . 2012-01-03 11:22 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-07 09:39 . 2010-09-14 12:59 279096 ------w- c:\windows\system32\MpSigStub.exe
2011-11-24 04:52 . 2011-12-15 21:15 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 05:41 . 2011-12-15 21:15 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-15 21:15 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-15 21:15 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-15 21:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-15 21:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-15 21:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\CFDE.tmp [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-12-15 463824]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =
mLocal Page =
IE: &Citavi Picker... - file://c:\programdata\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pbwx1cq3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.4.3&q=
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\uninstbb.exe
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\CFDE.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-30 18:37:40
ComboFix-quarantined-files.txt 2012-01-30 17:37
.
Vor Suchlauf: 11 Verzeichnis(se), 63.417.630.720 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 63.033.573.376 Bytes frei
.
- - End Of File - - E056A4DDAB9EF9B99413D950481219C2
|
|
30.01.2012, 22:02
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere! Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.01.2012, 22:41
| #23 |
| | BKA Trojaner und Andere! hat alles geklappt und hier das aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-01-30 22:09:17
-----------------------------
22:09:17.148 OS Version: Windows x64 6.1.7601 Service Pack 1
22:09:17.148 Number of processors: 4 586 0x503
22:09:17.163 ComputerName: ***-PC UserName: ***
22:09:17.585 Initialize success
22:16:09.494 AVAST engine defs: 12013000
22:27:15.693 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:27:15.693 Disk 0 Vendor: WDC_WD15EARS-22Z5B1 80.00A80 Size: 1430799MB BusType: 3
22:27:15.708 Disk 0 MBR read successfully
22:27:15.708 Disk 0 MBR scan
22:27:15.724 Disk 0 Windows 7 default MBR code
22:27:15.724 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:27:15.740 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 99899 MB offset 206848
22:27:15.771 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 300000 MB offset 204800000
22:27:15.786 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 1030798 MB offset 819200000
22:27:15.786 Service scanning
22:27:19.062 Modules scanning
22:27:19.062 Disk 0 trace - called modules:
22:27:19.062 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:27:19.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b3e060]
22:27:19.078 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8004a8c9b0]
22:27:19.078 5 ACPI.sys[fffff88000f1f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004b32060]
22:27:19.421 AVAST engine scan C:\Windows
22:27:23.306 AVAST engine scan C:\Windows\system32
22:30:23.876 AVAST engine scan C:\Windows\system32\drivers
22:30:35.888 AVAST engine scan C:\Users\***
22:31:39.988 AVAST engine scan C:\ProgramData
22:32:58.051 Scan finished successfully
22:39:24.011 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
22:39:24.011 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"
|
|
30.01.2012, 22:45
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere! Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2012, 22:10
| #25 |
| | BKA Trojaner und Andere! ok hier noch die Vollscans Malwarebytes Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 30.01.2012 22:48:55 mbam-log-2012-01-30 (22-48-55).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 364729 Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 01/31/2012 at 08:34 PM
Application Version : 5.0.1142
Core Rules Database Version : 8184
Trace Rules Database Version: 5996
Scan type : Complete Scan
Total Scan Time : 01:21:48
Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 482
Memory threats detected : 0
Registry items scanned : 43369
Registry threats detected : 0
File items scanned : 189634
File threats detected : 4
Adware.Tracking Cookie
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBWX1CQ3.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBWX1CQ3.DEFAULT\COOKIES.SQLITE ]
.doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBWX1CQ3.DEFAULT\COOKIES.SQLITE ]
ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PBWX1CQ3.DEFAULT\COOKIES.SQLITE ]
ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=89f8a0127f16c04f9260c65683b6fa9c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-26 07:57:50
# local_time=2012-01-26 08:57:50 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 349646 349646 0 0
# compatibility_mode=5893 16776573 100 94 175558 79233475 0 0
# compatibility_mode=8192 67108863 100 0 3723 3723 0 0
# compatibility_mode=9217 16777214 75 4 335011 335011 0 0
# scanned=197567
# found=2
# cleaned=0
# scan_time=4245
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\8dc21f6-30ead1a1 Java/Exploit.CVE-2011-3544.AA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\***\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5c47777e-4f1f485a Java/Exploit.CVE-2011-3544.AC trojan (unable to clean) 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=89f8a0127f16c04f9260c65683b6fa9c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-31 09:02:33
# local_time=2012-01-31 10:02:33 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 785799 785799 0 0
# compatibility_mode=5893 16776573 100 94 9108 79669628 0 0
# compatibility_mode=8192 67108863 100 0 439876 439876 0 0
# scanned=196118
# found=0
# cleaned=0
# scan_time=3975
|
|
31.01.2012, 22:26
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere! Sieht ok aus, da wurden nur Cookies gefunden. Die können weg. Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ist das System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.01.2012, 23:07
| #27 |
| | BKA Trojaner und Andere! Habe keine weiteren Funde. Vielen Dank nochmal für deine Hilfe und Hut ab vor dem was hier im trojaner board geleistet wird. Allerdings hätte ich noch ein paar kleine Fragen. Du meintest ja, dass man die Nichtexistenz nicht nachweisen kann, aber bin ich diesen einen Trojaner nun los? Und was haben Combofix und aswMBR genau gemacht? Könntest du mir vielleicht dann noch abschließend ein paar Tipps geben um mein System besser abzusichern. Sind die Antivirenprogramme wie Avira, Superantispyware, Cureit (Dr. Web) und Malwarebytes ausreichend oder sollte ich mir besser Kaspersky Internet Security 2012 zulegen? Vielleicht kannst du ja ein paar nützliche Tools empfehlen? VIELEN DANK Geändert von Impressum (31.01.2012 um 23:20 Uhr) |
|
01.02.2012, 11:14
| #28 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Trojaner und Andere!Zitat:
Die Frage - welcher Virenscanner oder ob der installierte reicht - taucht ständig auf. Der Virenscanner - egal welcher - kann und wird niemals 100% Schutz bieten können. Neue/unbekannte Schädlinge können immer durch die Lappen gehen. Geld ausgeben muss man nicht für einen Scanner, sowas wie Avast oder Microsoft Security Essentials sind für die privaten Gebrauch völlig ausreichend. Abgesehen davon nutzen verschiedene Virenscanner unterschiedliche Signaturen und Techniken, das führt dazu, dass zB Scanner1 Schädling X entdeckt, aber Schädling Y übersieht. Scanner2 erkennt Schädling Y, dafür aber Schädling X nicht... Wichtiger ist, dass du dich an Regeln hälst. Der beste Virenscanner bringt nichts, wenn du dich falsch verhälst und fahrlässig/unvorsichtig bist. Airbag und Sicherheitsgurt im Auto sind ja auch keine Gründe dafür auf die Verkehrsregeln zu pfeifen. Halte Dich am besten grob an diese Regeln:
Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.02.2012, 22:58
| #29 |
| | BKA Trojaner und Andere! Ok danke, ich werde das alles berücksichtigen. |
|
| Themen zu BKA Trojaner und Andere! |
| anschluss, avira, blockiert, clean, desktop, diverse, dr.web, e-mail, file, foren, frage, free, malwarebytes, neustart, problem, programme, registry, rootkit, rootkits, sophos, superantispyware, trojaner, verbindung, virus, windows, wurde ihr |
Linear-Darstellung
