| |
| |||||||
Log-Analyse und Auswertung: 3x Trojan.VUPX.GenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.02.2012, 22:30
| #1 |
 |  3x Trojan.VUPX.Gen MalwareBytes QuickScan: Code:
ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Annette :: ANNETTE-PC [Administrator] 30.01.2012 20:03:11 mbam-log-2012-01-30 (20-03-11).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 168849 Laufzeit: 16 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> 380 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.VUPX.Gen) -> Daten: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Annette\AppData\Local\Temp\0.2222913525765341.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.02.15.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Annette :: ANNETTE-PC [Administrator] 15.02.2012 18:47:21 mbam-log-2012-02-15 (18-47-21).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 260054 Laufzeit: 1 Stunde(n), 20 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Annette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\37abc3c2-516bfa30 (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:50 on 15/02/2012 (Annette)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Starter Boot Device: \Device\HarddiskVolume2 Install Date: 31.01.2010 09:31:28 System Uptime: 15.02.2012 20:16:06 (0 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | NC10 Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz | U2E1 | 1600/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 67 GiB total, 47,454 GiB free. D: is FIXED (NTFS) - 67 GiB total, 66,887 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe Flash Player 10 ActiveX Adobe Reader 9.1 - Deutsch Alice Greenfingers AnyPC Client Atheros Client Installation Program Compatibility Pack für 2007 Office System CyberLink YouCam Dairy Dash Easy Display Manager Easy Network Manager Easy Resolution Manager Easy SpeedUp Manager EasyBatteryManager Farm Frenzy 2 Firebird SQL Server - MAGIX Edition Game Pack Go-Go Gourmet Google Toolbar for Internet Explorer Google Update Helper Intel(R) Graphics Media Accelerator Driver Java Auto Updater Java(TM) 6 Update 31 Junk Mail filter update MAGIX Foto Manager 10 MAGIX Online Druck Service MAGIX Screenshare Malwarebytes Anti-Malware Version 1.60.1.1000 Marvell Miniport Driver Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Excel MUI (German) 2007 Microsoft Office Home and Student 2007 Microsoft Office Live Add-in 1.3 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Shared MUI (German) 2007 Microsoft Office Suite Activation Assistant Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Works MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Namuga 1.3M Webcam OpenOffice.org 3.2 PDFCreator Picasa 3 Realtek High Definition Audio Driver Samsung Recovery Solution 4 Samsung Support Center Samsung Update Plus Security Update for 2007 Microsoft Office System (KB2288621) Security Update for 2007 Microsoft Office System (KB2288931) Security Update for 2007 Microsoft Office System (KB2345043) Security Update for 2007 Microsoft Office System (KB2553089) Security Update for 2007 Microsoft Office System (KB2553090) Security Update for 2007 Microsoft Office System (KB2584063) Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB2344993) Synaptics Pointing Device Driver Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office 2007 System (KB2539530) Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office OneNote 2007 (KB980729) User Guide WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000) Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live-Uploadtool Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Sync Windows Live Writer . ==== End Of File =========================== Code:
ATTFilter .
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7601.17514
Run by Annette at 20:46:46 on 2012-02-15
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.329 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k yksvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\4416679646028416373756C686F66666 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\44166796468416373756C686F66666 : DhcpNameServer = 85.216.127.130 82.212.63.122 192.168.0.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\452716E63777162707B616E616C6 : DhcpNameServer = 217.0.43.97 217.0.43.113
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\7457563747 : DhcpNameServer = 134.2.200.2 134.2.3.191
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\75C414E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E} : DhcpNameServer = 82.212.62.62 78.42.43.62
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-11-3 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-1-31 44312]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-31 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-11-3 237696]
.
=============== Created Last 30 ================
.
2012-02-15 18:54:09 6557240 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d942106d-b9c9-4e49-a3c6-ac0a7666cbae}\mpengine.dll
2012-02-15 18:18:49 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 18:12:32 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:00:41 -------- d-----w- c:\users\annette\appdata\local\WindowsUpdate
2012-01-30 19:19:47 -------- d-----w- c:\windows\system32\SPReview
2012-01-30 19:18:37 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 19:08:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-30 19:02:08 -------- d-----w- c:\users\annette\appdata\roaming\Malwarebytes
2012-01-30 19:01:58 -------- d-----w- c:\programdata\Malwarebytes
2012-01-30 19:01:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-30 19:01:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-17 21:08:17 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-17 21:08:16 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-17 21:08:16 314880 ----a-w- c:\windows\system32\webio.dll
2012-01-17 21:08:16 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-17 21:08:16 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 21:08:15 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-17 21:08:15 22528 ----a-w- c:\windows\system32\lsass.exe
2012-01-17 21:08:15 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-17 21:08:15 15872 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-17 21:08:15 100352 ----a-w- c:\windows\system32\sspicli.dll
.
==================== Find3M ====================
.
2012-01-30 19:36:50 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-01-29 04:10:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-30 05:27:56 478720 ----a-w- c:\windows\system32\timedate.cpl
2011-12-16 07:54:22 981504 ----a-w- c:\windows\system32\wininet.dll
2011-12-16 07:52:58 690688 ----a-w- c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-19 14:01:00 67072 ----a-w- c:\windows\system32\packager.dll
.
============= FINISH: 20:47:58,13 ===============
{code]
GMER stürzt immer ab bzw. hängt sich auf.  |
|
17.02.2012, 12:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 3x Trojan.VUPX.Gen Hast du auch ne Problembeschreibung? Einfach nur Logs hinknallen ist nicht gerade schön
__________________
__________________ |
|
17.02.2012, 12:50
| #3 |
| | 3x Trojan.VUPX.Gen Hallo cosinus,
__________________tut mir leid. Es ist der 50 Euro-Absperr-Trojaner, der hier massenweise vertreten ist. Es sind auch keine weiteren Logs vorhanden von Malwarebytes. Geändert von lilalaune (17.02.2012 um 13:27 Uhr) |
|
17.02.2012, 14:16
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.02.2012, 18:48
| #5 |
| | 3x Trojan.VUPX.Gen Hallo cosinus, vielen Dank erstmal. Hier das OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 2/17/2012 6:21:56 PM - Run 1 OTL by OldTimer - Version 3.2.32.0 Folder = C:\Users\Annette\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1014.43 Mb Total Physical Memory | 360.55 Mb Available Physical Memory | 35.54% Memory free 1.99 Gb Paging File | 1.37 Gb Available in Paging File | 68.58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 66.97 Gb Total Space | 47.00 Gb Free Space | 70.17% Space Free | Partition Type: NTFS Drive D: | 66.98 Gb Total Space | 66.89 Gb Free Space | 99.87% Space Free | Partition Type: NTFS Drive E: | 7.45 Gb Total Space | 7.22 Gb Free Space | 96.90% Space Free | Partition Type: FAT32 Computer Name: ANNETTE-PC | User Name: Annette | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Annette\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll () ========== Win32 Services (SafeList) ========== SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation) DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E}: DhcpNameServer = 82.212.62.62 78.42.43.62 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: mcmscsvc - Service SafeBootMin: MCODS - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: mcmscsvc - Service SafeBootNet: MCODS - Service SafeBootNet: Messenger - Service SafeBootNet: MpfService - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: vsmon - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/02/17 18:00:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe [2012/02/15 21:00:20 | 000,100,864 | ---- | C] (GMER) -- C:\fgdiqfow.sys [2012/02/15 19:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/02/15 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Local\WindowsUpdate [2012/02/15 18:54:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Annette\Desktop\dds.com [2012/02/15 18:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012/02/15 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012/01/30 20:19:47 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview [2012/01/30 20:18:37 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders [2012/01/30 20:09:51 | 000,000,000 | ---D | C] -- C:\windows\Sun [2012/01/30 20:02:08 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Malwarebytes [2012/01/30 20:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/01/30 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/01/30 20:01:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2012/01/30 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/01/21 00:15:04 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Mozilla [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/02/17 17:59:11 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012/02/17 17:58:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe [2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/02/17 17:45:44 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012/02/17 17:45:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/02/17 17:45:13 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys [2012/02/15 22:07:51 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat [2012/02/15 22:07:51 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat [2012/02/15 22:07:51 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat [2012/02/15 22:07:51 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat [2012/02/15 21:00:20 | 000,100,864 | ---- | M] (GMER) -- C:\fgdiqfow.sys [2012/02/15 20:17:28 | 000,349,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2012/02/15 18:56:19 | 000,302,592 | ---- | M] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe [2012/02/15 18:54:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Annette\Desktop\dds.com [2012/02/15 18:50:42 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable [2012/02/15 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\Annette\Desktop\Defogger.exe [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/02/15 18:56:07 | 000,302,592 | ---- | C] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe [2012/02/15 18:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable [2012/02/15 18:50:07 | 000,050,477 | ---- | C] () -- C:\Users\Annette\Desktop\Defogger.exe [2011/12/24 04:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Annette\AppData\Local\{A6056EA3-3AEF-496F-A7F0-70B645FE866A} [2011/03/07 17:41:56 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE [2010/10/30 13:01:43 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll [2010/01/31 15:24:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini [2010/01/31 09:50:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009/11/03 22:35:06 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat [2009/11/03 22:35:06 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat [2009/11/03 22:35:06 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat [2009/11/03 22:35:06 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat [2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2009/07/14 05:33:53 | 000,349,304 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT [2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat [2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat [2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat [2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat [2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT [2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat [2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin [2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin [2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin [2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin [2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat [2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll ========== LOP Check ========== [2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint [2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys [2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze [2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX [2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org [2011/11/05 19:29:10 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/01/31 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Adobe [2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint [2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys [2010/01/31 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Google [2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze [2010/01/31 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Identities [2010/01/31 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Macromedia [2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX [2012/01/30 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Malwarebytes [2010/12/13 21:29:52 | 000,000,000 | --SD | M] -- C:\Users\Annette\AppData\Roaming\Microsoft [2012/01/21 00:15:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Mozilla [2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org < %APPDATA%\*.exe /s > [2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze\uninstall.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
17.02.2012, 19:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> 3x Trojan.VUPX.Gen |
|
17.02.2012, 22:01
| #7 |
| | 3x Trojan.VUPX.Gen Hallo cosinus, hier das Log: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Annette\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Annette
->Temp folder emptied: 220150552 bytes
->Temporary Internet Files folder emptied: 254367849 bytes
->Java cache emptied: 41158 bytes
->Flash cache emptied: 35846 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 30720 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 189849737 bytes
RecycleBin emptied: 140834111 bytes
Total Files Cleaned = 768.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.32.0 log created on 02172012_215005
Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
17.02.2012, 22:18
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.02.2012, 22:35
| #9 |
| | 3x Trojan.VUPX.GenCode:
ATTFilter 22:25:49.0516 2512 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:25:49.0594 2512 ============================================================
22:25:49.0594 2512 Current date / time: 2012/02/17 22:25:49.0594
22:25:49.0594 2512 SystemInfo:
22:25:49.0594 2512
22:25:49.0594 2512 OS Version: 6.1.7601 ServicePack: 1.0
22:25:49.0594 2512 Product type: Workstation
22:25:49.0594 2512 ComputerName: ANNETTE-PC
22:25:49.0594 2512 UserName: Annette
22:25:49.0594 2512 Windows directory: C:\windows
22:25:49.0594 2512 System windows directory: C:\windows
22:25:49.0594 2512 Processor architecture: Intel x86
22:25:49.0594 2512 Number of processors: 2
22:25:49.0594 2512 Page size: 0x1000
22:25:49.0594 2512 Boot type: Normal boot
22:25:49.0594 2512 ============================================================
22:25:54.0835 2512 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:25:54.0851 2512 Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:25:54.0851 2512 \Device\Harddisk0\DR0:
22:25:54.0851 2512 MBR used
22:25:54.0851 2512 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:25:54.0851 2512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x85F2800
22:25:54.0851 2512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA425000, BlocksNum 0x85F4000
22:25:54.0851 2512 \Device\Harddisk1\DR1:
22:25:54.0851 2512 MBR used
22:25:54.0851 2512 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080
22:25:54.0929 2512 Initialize success
22:25:54.0929 2512 ============================================================
22:26:32.0821 3588 ============================================================
22:26:32.0821 3588 Scan started
22:26:32.0821 3588 Mode: Manual; SigCheck; TDLFS;
22:26:32.0821 3588 ============================================================
22:26:34.0023 3588 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
22:26:34.0303 3588 1394ohci - ok
22:26:34.0381 3588 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
22:26:34.0475 3588 ACPI - ok
22:26:34.0537 3588 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
22:26:34.0709 3588 AcpiPmi - ok
22:26:34.0771 3588 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:26:34.0896 3588 adp94xx - ok
22:26:34.0927 3588 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:26:35.0021 3588 adpahci - ok
22:26:35.0037 3588 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:26:35.0224 3588 adpu320 - ok
22:26:35.0302 3588 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
22:26:35.0442 3588 AFD - ok
22:26:35.0489 3588 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:26:35.0629 3588 agp440 - ok
22:26:35.0661 3588 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:26:35.0785 3588 aic78xx - ok
22:26:35.0848 3588 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:26:35.0910 3588 aliide - ok
22:26:35.0957 3588 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:26:36.0097 3588 amdagp - ok
22:26:36.0144 3588 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:26:36.0207 3588 amdide - ok
22:26:36.0253 3588 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:26:36.0409 3588 AmdK8 - ok
22:26:36.0425 3588 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:26:36.0581 3588 AmdPPM - ok
22:26:36.0628 3588 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
22:26:36.0768 3588 amdsata - ok
22:26:36.0815 3588 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:26:37.0111 3588 amdsbs - ok
22:26:37.0143 3588 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
22:26:37.0236 3588 amdxata - ok
22:26:37.0283 3588 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
22:26:37.0611 3588 AppID - ok
22:26:37.0735 3588 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:26:37.0891 3588 arc - ok
22:26:37.0923 3588 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:26:38.0063 3588 arcsas - ok
22:26:38.0110 3588 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:26:38.0344 3588 AsyncMac - ok
22:26:38.0422 3588 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:26:38.0469 3588 atapi - ok
22:26:38.0593 3588 athr (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
22:26:38.0796 3588 athr - ok
22:26:38.0937 3588 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:26:39.0280 3588 b06bdrv - ok
22:26:39.0327 3588 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:26:39.0654 3588 b57nd60x - ok
22:26:39.0732 3588 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:26:39.0841 3588 Beep - ok
22:26:39.0888 3588 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:26:40.0075 3588 blbdrive - ok
22:26:40.0107 3588 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
22:26:40.0341 3588 bowser - ok
22:26:40.0372 3588 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:26:40.0528 3588 BrFiltLo - ok
22:26:40.0543 3588 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:26:40.0621 3588 BrFiltUp - ok
22:26:40.0668 3588 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:26:40.0887 3588 Brserid - ok
22:26:40.0902 3588 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:26:41.0089 3588 BrSerWdm - ok
22:26:41.0105 3588 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:26:41.0245 3588 BrUsbMdm - ok
22:26:41.0261 3588 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:26:41.0370 3588 BrUsbSer - ok
22:26:41.0433 3588 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:26:41.0620 3588 BthEnum - ok
22:26:41.0667 3588 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:26:41.0854 3588 BTHMODEM - ok
22:26:41.0901 3588 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:26:42.0025 3588 BthPan - ok
22:26:42.0119 3588 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
22:26:42.0275 3588 BTHPORT - ok
22:26:42.0337 3588 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
22:26:42.0525 3588 BTHUSB - ok
22:26:42.0587 3588 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
22:26:42.0868 3588 btwaudio - ok
22:26:42.0930 3588 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
22:26:43.0102 3588 btwavdt - ok
22:26:43.0164 3588 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:26:43.0258 3588 btwl2cap - ok
22:26:43.0289 3588 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
22:26:43.0367 3588 btwrchid - ok
22:26:43.0414 3588 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:26:43.0648 3588 cdfs - ok
22:26:43.0710 3588 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
22:26:43.0819 3588 cdrom - ok
22:26:43.0851 3588 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:26:43.0991 3588 circlass - ok
22:26:44.0053 3588 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:26:44.0131 3588 CLFS - ok
22:26:44.0241 3588 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:26:44.0334 3588 CmBatt - ok
22:26:44.0365 3588 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:26:44.0443 3588 cmdide - ok
22:26:44.0490 3588 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
22:26:44.0677 3588 CNG - ok
22:26:44.0724 3588 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:26:44.0802 3588 Compbatt - ok
22:26:44.0849 3588 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
22:26:44.0974 3588 CompositeBus - ok
22:26:45.0021 3588 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:26:45.0099 3588 crcdisk - ok
22:26:45.0208 3588 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
22:26:45.0457 3588 DfsC - ok
22:26:45.0489 3588 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:26:45.0629 3588 discache - ok
22:26:45.0691 3588 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:26:45.0832 3588 Disk - ok
22:26:45.0910 3588 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:26:45.0988 3588 drmkaud - ok
22:26:46.0050 3588 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
22:26:46.0206 3588 DXGKrnl - ok
22:26:46.0347 3588 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:26:46.0643 3588 ebdrv - ok
22:26:46.0705 3588 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:26:46.0846 3588 elxstor - ok
22:26:46.0893 3588 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:26:46.0971 3588 ErrDev - ok
22:26:47.0033 3588 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:26:47.0220 3588 exfat - ok
22:26:47.0298 3588 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:26:47.0470 3588 fastfat - ok
22:26:47.0517 3588 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:26:47.0641 3588 fdc - ok
22:26:47.0688 3588 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:26:47.0844 3588 FileInfo - ok
22:26:47.0875 3588 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:26:48.0031 3588 Filetrace - ok
22:26:48.0094 3588 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:26:48.0234 3588 flpydisk - ok
22:26:48.0281 3588 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:26:48.0437 3588 FltMgr - ok
22:26:48.0484 3588 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:26:48.0624 3588 FsDepends - ok
22:26:48.0671 3588 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
22:26:48.0827 3588 fssfltr - ok
22:26:48.0874 3588 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:26:48.0952 3588 Fs_Rec - ok
22:26:49.0014 3588 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
22:26:49.0108 3588 fvevol - ok
22:26:49.0155 3588 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:26:49.0311 3588 gagp30kx - ok
22:26:49.0389 3588 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:26:49.0498 3588 hcw85cir - ok
22:26:49.0576 3588 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
22:26:49.0701 3588 HdAudAddService - ok
22:26:49.0747 3588 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
22:26:49.0857 3588 HDAudBus - ok
22:26:49.0903 3588 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:26:50.0013 3588 HidBatt - ok
22:26:50.0028 3588 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:26:50.0153 3588 HidBth - ok
22:26:50.0184 3588 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:26:50.0325 3588 HidIr - ok
22:26:50.0403 3588 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
22:26:50.0527 3588 HidUsb - ok
22:26:50.0605 3588 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:26:50.0746 3588 HpSAMD - ok
22:26:50.0808 3588 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
22:26:50.0980 3588 HTTP - ok
22:26:51.0027 3588 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
22:26:51.0073 3588 hwpolicy - ok
22:26:51.0136 3588 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:26:51.0354 3588 i8042prt - ok
22:26:51.0448 3588 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
22:26:51.0604 3588 iaStorV - ok
22:26:51.0838 3588 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
22:26:52.0290 3588 igfx - ok
22:26:52.0415 3588 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:26:52.0540 3588 iirsp - ok
22:26:52.0711 3588 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys
22:26:53.0023 3588 IntcAzAudAddService - ok
22:26:53.0086 3588 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:26:53.0148 3588 intelide - ok
22:26:53.0226 3588 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:26:53.0367 3588 intelppm - ok
22:26:53.0413 3588 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:26:53.0632 3588 IpFilterDriver - ok
22:26:53.0694 3588 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
22:26:53.0913 3588 IPMIDRV - ok
22:26:53.0944 3588 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:26:54.0100 3588 IPNAT - ok
22:26:54.0147 3588 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:26:54.0318 3588 IRENUM - ok
22:26:54.0365 3588 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:26:54.0490 3588 isapnp - ok
22:26:54.0568 3588 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
22:26:54.0693 3588 iScsiPrt - ok
22:26:54.0755 3588 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
22:26:54.0942 3588 kbdclass - ok
22:26:55.0051 3588 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
22:26:55.0223 3588 kbdhid - ok
22:26:55.0395 3588 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
22:26:55.0582 3588 KSecDD - ok
22:26:55.0816 3588 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
22:26:56.0128 3588 KSecPkg - ok
22:26:56.0299 3588 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:26:56.0502 3588 lltdio - ok
22:26:56.0596 3588 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:26:56.0767 3588 LSI_FC - ok
22:26:56.0783 3588 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:26:56.0939 3588 LSI_SAS - ok
22:26:56.0970 3588 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:26:57.0095 3588 LSI_SAS2 - ok
22:26:57.0111 3588 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:26:57.0282 3588 LSI_SCSI - ok
22:26:57.0329 3588 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:26:57.0579 3588 luafv - ok
22:26:57.0610 3588 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:26:57.0703 3588 megasas - ok
22:26:57.0735 3588 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:26:57.0844 3588 MegaSR - ok
22:26:57.0875 3588 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:26:58.0047 3588 Modem - ok
22:26:58.0093 3588 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:26:58.0171 3588 monitor - ok
22:26:58.0218 3588 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
22:26:58.0359 3588 mouclass - ok
22:26:58.0405 3588 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:26:58.0530 3588 mouhid - ok
22:26:58.0577 3588 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
22:26:58.0686 3588 mountmgr - ok
22:26:58.0749 3588 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
22:26:58.0920 3588 MpFilter - ok
22:26:58.0967 3588 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
22:26:59.0201 3588 mpio - ok
22:26:59.0232 3588 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
22:26:59.0310 3588 MpNWMon - ok
22:26:59.0357 3588 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:26:59.0591 3588 mpsdrv - ok
22:26:59.0653 3588 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
22:26:59.0809 3588 MRxDAV - ok
22:26:59.0872 3588 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
22:26:59.0997 3588 mrxsmb - ok
22:27:00.0059 3588 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:27:00.0199 3588 mrxsmb10 - ok
22:27:00.0246 3588 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:27:00.0465 3588 mrxsmb20 - ok
22:27:00.0511 3588 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
22:27:00.0589 3588 msahci - ok
22:27:00.0636 3588 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
22:27:00.0745 3588 msdsm - ok
22:27:00.0808 3588 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:27:00.0964 3588 Msfs - ok
22:27:00.0995 3588 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:27:01.0104 3588 mshidkmdf - ok
22:27:01.0135 3588 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:27:01.0213 3588 msisadrv - ok
22:27:01.0245 3588 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:27:01.0385 3588 MSKSSRV - ok
22:27:01.0432 3588 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:27:01.0541 3588 MSPCLOCK - ok
22:27:01.0557 3588 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:27:01.0650 3588 MSPQM - ok
22:27:01.0697 3588 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:27:01.0962 3588 MsRPC - ok
22:27:02.0025 3588 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:27:02.0087 3588 mssmbios - ok
22:27:02.0118 3588 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:27:02.0227 3588 MSTEE - ok
22:27:02.0243 3588 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:27:02.0337 3588 MTConfig - ok
22:27:02.0368 3588 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:27:02.0508 3588 Mup - ok
22:27:02.0571 3588 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:27:02.0773 3588 NativeWifiP - ok
22:27:02.0836 3588 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
22:27:02.0976 3588 NDIS - ok
22:27:03.0007 3588 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:27:03.0148 3588 NdisCap - ok
22:27:03.0179 3588 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:27:03.0351 3588 NdisTapi - ok
22:27:03.0429 3588 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
22:27:03.0616 3588 Ndisuio - ok
22:27:03.0663 3588 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
22:27:03.0787 3588 NdisWan - ok
22:27:03.0834 3588 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
22:27:04.0037 3588 NDProxy - ok
22:27:04.0084 3588 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:27:04.0271 3588 NetBIOS - ok
22:27:04.0333 3588 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
22:27:04.0489 3588 NetBT - ok
22:27:04.0567 3588 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:27:04.0692 3588 nfrd960 - ok
22:27:04.0739 3588 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:27:04.0817 3588 NisDrv - ok
22:27:04.0879 3588 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:27:05.0051 3588 Npfs - ok
22:27:05.0098 3588 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:27:05.0207 3588 nsiproxy - ok
22:27:05.0285 3588 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
22:27:06.0159 3588 Ntfs - ok
22:27:06.0315 3588 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:27:06.0455 3588 Null - ok
22:27:06.0517 3588 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
22:27:06.0783 3588 nvraid - ok
22:27:06.0829 3588 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
22:27:07.0063 3588 nvstor - ok
22:27:07.0126 3588 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:27:07.0251 3588 nv_agp - ok
22:27:07.0375 3588 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:27:07.0531 3588 ohci1394 - ok
22:27:07.0641 3588 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:27:07.0859 3588 Parport - ok
22:27:07.0906 3588 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
22:27:08.0077 3588 partmgr - ok
22:27:08.0124 3588 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:27:08.0202 3588 Parvdm - ok
22:27:08.0265 3588 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
22:27:08.0389 3588 pci - ok
22:27:08.0436 3588 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:27:08.0530 3588 pciide - ok
22:27:08.0577 3588 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:27:08.0701 3588 pcmcia - ok
22:27:08.0764 3588 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:27:08.0904 3588 pcw - ok
22:27:09.0045 3588 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:27:09.0247 3588 PEAUTH - ok
22:27:09.0403 3588 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:27:09.0653 3588 PptpMiniport - ok
22:27:09.0700 3588 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:27:09.0856 3588 Processor - ok
22:27:09.0934 3588 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:27:10.0121 3588 Psched - ok
22:27:10.0199 3588 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:27:10.0417 3588 ql2300 - ok
22:27:10.0433 3588 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:27:10.0667 3588 ql40xx - ok
22:27:10.0714 3588 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:27:10.0854 3588 QWAVEdrv - ok
22:27:10.0885 3588 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:27:11.0057 3588 RasAcd - ok
22:27:11.0119 3588 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:27:11.0338 3588 RasAgileVpn - ok
22:27:11.0416 3588 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:27:11.0665 3588 Rasl2tp - ok
22:27:11.0712 3588 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:27:11.0868 3588 RasPppoe - ok
22:27:11.0899 3588 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:27:12.0149 3588 RasSstp - ok
22:27:12.0211 3588 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
22:27:12.0399 3588 rdbss - ok
22:27:12.0430 3588 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:27:12.0555 3588 rdpbus - ok
22:27:12.0601 3588 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
22:27:12.0711 3588 RDPCDD - ok
22:27:12.0757 3588 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:27:12.0851 3588 RDPENCDD - ok
22:27:12.0913 3588 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:27:12.0991 3588 RDPREFMP - ok
22:27:13.0054 3588 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
22:27:13.0366 3588 RDPWD - ok
22:27:13.0444 3588 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
22:27:13.0771 3588 rdyboost - ok
22:27:13.0849 3588 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:27:13.0990 3588 RFCOMM - ok
22:27:14.0083 3588 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:27:14.0333 3588 rspndr - ok
22:27:14.0380 3588 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
22:27:14.0614 3588 RTL8167 - ok
22:27:14.0676 3588 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
22:27:14.0785 3588 SABI - ok
22:27:14.0863 3588 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
22:27:15.0082 3588 sbp2port - ok
22:27:15.0144 3588 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
22:27:15.0285 3588 scfilter - ok
22:27:15.0363 3588 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:27:15.0519 3588 secdrv - ok
22:27:15.0597 3588 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:27:15.0706 3588 Serenum - ok
22:27:15.0737 3588 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:27:16.0049 3588 Serial - ok
22:27:16.0158 3588 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:27:16.0267 3588 sermouse - ok
22:27:16.0345 3588 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
22:27:16.0439 3588 sffdisk - ok
22:27:16.0470 3588 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
22:27:16.0548 3588 sffp_mmc - ok
22:27:16.0579 3588 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
22:27:16.0673 3588 sffp_sd - ok
22:27:16.0689 3588 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:27:16.0798 3588 sfloppy - ok
22:27:16.0860 3588 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:27:17.0001 3588 sisagp - ok
22:27:17.0047 3588 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:27:17.0141 3588 SiSRaid2 - ok
22:27:17.0157 3588 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:27:17.0297 3588 SiSRaid4 - ok
22:27:17.0328 3588 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:27:17.0578 3588 Smb - ok
22:27:17.0625 3588 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:27:17.0718 3588 spldr - ok
22:27:17.0812 3588 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
22:27:17.0983 3588 srv - ok
22:27:18.0030 3588 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
22:27:18.0202 3588 srv2 - ok
22:27:18.0249 3588 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
22:27:18.0373 3588 srvnet - ok
22:27:18.0436 3588 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:27:18.0514 3588 stexstor - ok
22:27:18.0561 3588 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:27:18.0639 3588 swenum - ok
22:27:18.0717 3588 SynTP (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys
22:27:18.0826 3588 SynTP - ok
22:27:18.0982 3588 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
22:27:19.0216 3588 Tcpip - ok
22:27:19.0356 3588 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
22:27:19.0481 3588 TCPIP6 - ok
22:27:19.0543 3588 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
22:27:19.0715 3588 tcpipreg - ok
22:27:19.0762 3588 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
22:27:19.0902 3588 TDPIPE - ok
22:27:19.0933 3588 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
22:27:20.0074 3588 TDTCP - ok
22:27:20.0121 3588 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
22:27:20.0370 3588 tdx - ok
22:27:20.0417 3588 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
22:27:20.0573 3588 TermDD - ok
22:27:20.0698 3588 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
22:27:20.0869 3588 tssecsrv - ok
22:27:20.0932 3588 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
22:27:21.0119 3588 TsUsbFlt - ok
22:27:21.0181 3588 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
22:27:21.0322 3588 tunnel - ok
22:27:21.0369 3588 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:27:21.0509 3588 uagp35 - ok
22:27:21.0571 3588 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
22:27:21.0727 3588 udfs - ok
22:27:21.0805 3588 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:27:21.0961 3588 uliagpkx - ok
22:27:22.0008 3588 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
22:27:22.0164 3588 umbus - ok
22:27:22.0227 3588 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:27:22.0289 3588 UmPass - ok
22:27:22.0336 3588 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
22:27:22.0523 3588 usbccgp - ok
22:27:22.0570 3588 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:27:22.0679 3588 usbcir - ok
22:27:22.0741 3588 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
22:27:22.0882 3588 usbehci - ok
22:27:22.0929 3588 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
22:27:23.0069 3588 usbhub - ok
22:27:23.0100 3588 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
22:27:23.0209 3588 usbohci - ok
22:27:23.0256 3588 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:27:23.0365 3588 usbprint - ok
22:27:23.0412 3588 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:27:23.0662 3588 USBSTOR - ok
22:27:23.0709 3588 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
22:27:23.0802 3588 usbuhci - ok
22:27:23.0880 3588 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
22:27:24.0005 3588 usbvideo - ok
22:27:24.0083 3588 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:27:24.0177 3588 vdrvroot - ok
22:27:24.0223 3588 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:27:24.0348 3588 vga - ok
22:27:24.0395 3588 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:27:24.0535 3588 VgaSave - ok
22:27:24.0598 3588 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
22:27:24.0691 3588 vhdmp - ok
22:27:24.0754 3588 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:27:24.0894 3588 viaagp - ok
22:27:24.0925 3588 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:27:25.0081 3588 ViaC7 - ok
22:27:25.0113 3588 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:27:25.0191 3588 viaide - ok
22:27:25.0269 3588 VMC326 (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
22:27:25.0518 3588 VMC326 - ok
22:27:25.0565 3588 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
22:27:25.0705 3588 volmgr - ok
22:27:25.0768 3588 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:27:25.0830 3588 volmgrx - ok
22:27:25.0893 3588 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
22:27:26.0002 3588 volsnap - ok
22:27:26.0049 3588 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:27:26.0298 3588 vsmraid - ok
22:27:26.0329 3588 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:27:26.0454 3588 vwifibus - ok
22:27:26.0501 3588 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:27:26.0673 3588 vwififlt - ok
22:27:26.0719 3588 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:27:26.0829 3588 WacomPen - ok
22:27:26.0891 3588 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:27:27.0141 3588 WANARP - ok
22:27:27.0156 3588 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:27:27.0312 3588 Wanarpv6 - ok
22:27:27.0375 3588 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:27:27.0453 3588 Wd - ok
22:27:27.0531 3588 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:27:27.0655 3588 Wdf01000 - ok
22:27:27.0765 3588 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:27:27.0874 3588 WfpLwf - ok
22:27:27.0921 3588 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:27:27.0999 3588 WIMMount - ok
22:27:28.0139 3588 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:27:28.0233 3588 WmiAcpi - ok
22:27:28.0373 3588 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:27:28.0513 3588 ws2ifsl - ok
22:27:28.0607 3588 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
22:27:28.0857 3588 WudfPf - ok
22:27:28.0903 3588 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
22:27:29.0059 3588 WUDFRd - ok
22:27:29.0153 3588 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
22:27:29.0262 3588 yukonw7 - ok
22:27:29.0356 3588 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:27:29.0933 3588 \Device\Harddisk0\DR0 - ok
22:27:29.0949 3588 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:27:34.0207 3588 \Device\Harddisk1\DR1 - ok
22:27:34.0223 3588 Boot (0x1200) (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0
22:27:34.0223 3588 \Device\Harddisk0\DR0\Partition0 - ok
22:27:34.0285 3588 Boot (0x1200) (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1
22:27:34.0285 3588 \Device\Harddisk0\DR0\Partition1 - ok
22:27:34.0317 3588 Boot (0x1200) (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2
22:27:34.0317 3588 \Device\Harddisk0\DR0\Partition2 - ok
22:27:34.0332 3588 Boot (0x1200) (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0
22:27:34.0332 3588 \Device\Harddisk1\DR1\Partition0 - ok
22:27:34.0348 3588 ============================================================
22:27:34.0348 3588 Scan finished
22:27:34.0348 3588 ============================================================
22:27:34.0379 1676 Detected object count: 0
22:27:34.0379 1676 Actual detected object count: 0
22:33:30.0247 0880 ============================================================
22:33:30.0247 0880 Scan started
22:33:30.0247 0880 Mode: Manual; SigCheck; TDLFS;
22:33:30.0247 0880 ============================================================
22:33:30.0730 0880 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
22:33:30.0824 0880 1394ohci - ok
22:33:30.0886 0880 ACPI (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
22:33:30.0964 0880 ACPI - ok
22:33:31.0042 0880 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
22:33:31.0120 0880 AcpiPmi - ok
22:33:31.0198 0880 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:33:31.0276 0880 adp94xx - ok
22:33:31.0308 0880 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:33:31.0370 0880 adpahci - ok
22:33:31.0417 0880 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:33:31.0510 0880 adpu320 - ok
22:33:31.0573 0880 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
22:33:31.0666 0880 AFD - ok
22:33:31.0713 0880 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:33:31.0791 0880 agp440 - ok
22:33:31.0822 0880 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:33:31.0900 0880 aic78xx - ok
22:33:31.0932 0880 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:33:31.0978 0880 aliide - ok
22:33:32.0025 0880 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:33:32.0103 0880 amdagp - ok
22:33:32.0134 0880 amdide (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:33:32.0197 0880 amdide - ok
22:33:32.0212 0880 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:33:32.0306 0880 AmdK8 - ok
22:33:32.0322 0880 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:33:32.0415 0880 AmdPPM - ok
22:33:32.0462 0880 amdsata (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
22:33:32.0540 0880 amdsata - ok
22:33:32.0587 0880 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:33:32.0743 0880 amdsbs - ok
22:33:32.0758 0880 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
22:33:32.0821 0880 amdxata - ok
22:33:32.0868 0880 AppID (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
22:33:33.0008 0880 AppID - ok
22:33:33.0039 0880 arc (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:33:33.0117 0880 arc - ok
22:33:33.0133 0880 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:33:33.0242 0880 arcsas - ok
22:33:33.0273 0880 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:33:33.0382 0880 AsyncMac - ok
22:33:33.0414 0880 atapi (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:33:33.0476 0880 atapi - ok
22:33:33.0538 0880 athr (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
22:33:33.0648 0880 athr - ok
22:33:33.0710 0880 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:33:33.0866 0880 b06bdrv - ok
22:33:33.0897 0880 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:33:34.0069 0880 b57nd60x - ok
22:33:34.0116 0880 Beep (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:33:34.0194 0880 Beep - ok
22:33:34.0240 0880 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:33:34.0350 0880 blbdrive - ok
22:33:34.0396 0880 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
22:33:34.0506 0880 bowser - ok
22:33:34.0521 0880 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:33:34.0599 0880 BrFiltLo - ok
22:33:34.0615 0880 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:33:34.0662 0880 BrFiltUp - ok
22:33:34.0708 0880 Brserid (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:33:34.0818 0880 Brserid - ok
22:33:34.0849 0880 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:33:34.0942 0880 BrSerWdm - ok
22:33:34.0974 0880 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:33:35.0036 0880 BrUsbMdm - ok
22:33:35.0052 0880 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:33:35.0130 0880 BrUsbSer - ok
22:33:35.0161 0880 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:33:35.0254 0880 BthEnum - ok
22:33:35.0270 0880 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:33:35.0379 0880 BTHMODEM - ok
22:33:35.0426 0880 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:33:35.0488 0880 BthPan - ok
22:33:35.0535 0880 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
22:33:35.0629 0880 BTHPORT - ok
22:33:35.0660 0880 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
22:33:35.0769 0880 BTHUSB - ok
22:33:35.0816 0880 btwaudio (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
22:33:35.0925 0880 btwaudio - ok
22:33:35.0972 0880 btwavdt (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
22:33:36.0066 0880 btwavdt - ok
22:33:36.0112 0880 btwl2cap (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:33:36.0159 0880 btwl2cap - ok
22:33:36.0268 0880 btwrchid (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
22:33:36.0346 0880 btwrchid - ok
22:33:36.0393 0880 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:33:36.0534 0880 cdfs - ok
22:33:36.0580 0880 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
22:33:36.0643 0880 cdrom - ok
22:33:36.0674 0880 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:33:36.0768 0880 circlass - ok
22:33:36.0814 0880 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:33:36.0908 0880 CLFS - ok
22:33:36.0955 0880 CmBatt (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:33:37.0002 0880 CmBatt - ok
22:33:37.0048 0880 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:33:37.0095 0880 cmdide - ok
22:33:37.0142 0880 CNG (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
22:33:37.0236 0880 CNG - ok
22:33:37.0267 0880 Compbatt (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:33:37.0329 0880 Compbatt - ok
22:33:37.0360 0880 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
22:33:37.0454 0880 CompositeBus - ok
22:33:37.0485 0880 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:33:37.0548 0880 crcdisk - ok
22:33:37.0641 0880 DfsC (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
22:33:37.0782 0880 DfsC - ok
22:33:37.0828 0880 discache (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:33:37.0938 0880 discache - ok
22:33:37.0969 0880 Disk (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:33:38.0062 0880 Disk - ok
22:33:38.0125 0880 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:33:38.0156 0880 drmkaud - ok
22:33:38.0218 0880 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
22:33:38.0343 0880 DXGKrnl - ok
22:33:38.0484 0880 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:33:38.0624 0880 ebdrv - ok
22:33:38.0671 0880 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:33:38.0780 0880 elxstor - ok
22:33:38.0811 0880 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:33:38.0858 0880 ErrDev - ok
22:33:38.0905 0880 exfat (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:33:39.0030 0880 exfat - ok
22:33:39.0061 0880 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:33:39.0170 0880 fastfat - ok
22:33:39.0201 0880 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:33:39.0279 0880 fdc - ok
22:33:39.0326 0880 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:33:39.0420 0880 FileInfo - ok
22:33:39.0451 0880 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:33:39.0560 0880 Filetrace - ok
22:33:39.0591 0880 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:33:39.0669 0880 flpydisk - ok
22:33:39.0701 0880 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:33:39.0779 0880 FltMgr - ok
22:33:39.0825 0880 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:33:39.0903 0880 FsDepends - ok
22:33:39.0935 0880 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
22:33:40.0028 0880 fssfltr - ok
22:33:40.0075 0880 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:33:40.0122 0880 Fs_Rec - ok
22:33:40.0184 0880 fvevol (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
22:33:40.0293 0880 fvevol - ok
22:33:40.0325 0880 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:33:40.0403 0880 gagp30kx - ok
22:33:40.0465 0880 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:33:40.0543 0880 hcw85cir - ok
22:33:40.0590 0880 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
22:33:40.0668 0880 HdAudAddService - ok
22:33:40.0699 0880 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
22:33:40.0761 0880 HDAudBus - ok
22:33:40.0808 0880 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:33:40.0871 0880 HidBatt - ok
22:33:40.0902 0880 HidBth (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:33:40.0980 0880 HidBth - ok
22:33:41.0011 0880 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:33:41.0089 0880 HidIr - ok
22:33:41.0151 0880 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
22:33:41.0229 0880 HidUsb - ok
22:33:41.0292 0880 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:33:41.0370 0880 HpSAMD - ok
22:33:41.0510 0880 HTTP (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
22:33:41.0666 0880 HTTP - ok
22:33:41.0713 0880 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
22:33:41.0760 0880 hwpolicy - ok
22:33:41.0791 0880 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:33:41.0916 0880 i8042prt - ok
22:33:41.0978 0880 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
22:33:42.0072 0880 iaStorV - ok
22:33:42.0259 0880 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
22:33:42.0571 0880 igfx - ok
22:33:42.0680 0880 iirsp (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:33:42.0758 0880 iirsp - ok
22:33:42.0899 0880 IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys
22:33:43.0148 0880 IntcAzAudAddService - ok
22:33:43.0179 0880 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:33:43.0226 0880 intelide - ok
22:33:43.0257 0880 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:33:43.0351 0880 intelppm - ok
22:33:43.0382 0880 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:33:43.0523 0880 IpFilterDriver - ok
22:33:43.0585 0880 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
22:33:43.0694 0880 IPMIDRV - ok
22:33:43.0725 0880 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:33:43.0835 0880 IPNAT - ok
22:33:43.0881 0880 IRENUM (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:33:43.0944 0880 IRENUM - ok
22:33:43.0975 0880 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:33:44.0053 0880 isapnp - ok
22:33:44.0115 0880 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
22:33:44.0178 0880 iScsiPrt - ok
22:33:44.0209 0880 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
22:33:44.0303 0880 kbdclass - ok
22:33:44.0334 0880 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
22:33:44.0427 0880 kbdhid - ok
22:33:44.0474 0880 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
22:33:44.0568 0880 KSecDD - ok
22:33:44.0630 0880 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
22:33:44.0755 0880 KSecPkg - ok
22:33:44.0833 0880 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:33:44.0973 0880 lltdio - ok
22:33:45.0036 0880 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:33:45.0129 0880 LSI_FC - ok
22:33:45.0161 0880 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:33:45.0254 0880 LSI_SAS - ok
22:33:45.0270 0880 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:33:45.0348 0880 LSI_SAS2 - ok
22:33:45.0379 0880 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:33:45.0473 0880 LSI_SCSI - ok
22:33:45.0504 0880 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:33:45.0660 0880 luafv - ok
22:33:45.0691 0880 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:33:45.0753 0880 megasas - ok
22:33:45.0785 0880 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:33:45.0847 0880 MegaSR - ok
22:33:45.0894 0880 Modem (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:33:46.0003 0880 Modem - ok
22:33:46.0019 0880 monitor (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:33:46.0112 0880 monitor - ok
22:33:46.0143 0880 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
22:33:46.0221 0880 mouclass - ok
22:33:46.0253 0880 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:33:46.0331 0880 mouhid - ok
22:33:46.0393 0880 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
22:33:46.0502 0880 mountmgr - ok
22:33:46.0596 0880 MpFilter (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
22:33:46.0705 0880 MpFilter - ok
22:33:46.0752 0880 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
22:33:46.0877 0880 mpio - ok
22:33:46.0923 0880 MpNWMon (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
22:33:47.0001 0880 MpNWMon - ok
22:33:47.0033 0880 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:33:47.0157 0880 mpsdrv - ok
22:33:47.0220 0880 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
22:33:47.0313 0880 MRxDAV - ok
22:33:47.0345 0880 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
22:33:47.0407 0880 mrxsmb - ok
22:33:47.0454 0880 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:33:47.0547 0880 mrxsmb10 - ok
22:33:47.0579 0880 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:33:47.0703 0880 mrxsmb20 - ok
22:33:47.0750 0880 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
22:33:47.0797 0880 msahci - ok
22:33:47.0844 0880 msdsm (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
22:33:47.0906 0880 msdsm - ok
22:33:47.0984 0880 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:33:48.0093 0880 Msfs - ok
22:33:48.0125 0880 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:33:48.0203 0880 mshidkmdf - ok
22:33:48.0234 0880 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:33:48.0281 0880 msisadrv - ok
22:33:48.0312 0880 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:33:48.0421 0880 MSKSSRV - ok
22:33:48.0452 0880 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:33:48.0530 0880 MSPCLOCK - ok
22:33:48.0546 0880 MSPQM (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:33:48.0624 0880 MSPQM - ok
22:33:48.0655 0880 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:33:48.0811 0880 MsRPC - ok
22:33:48.0858 0880 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:33:48.0936 0880 mssmbios - ok
22:33:48.0967 0880 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:33:49.0029 0880 MSTEE - ok
22:33:49.0061 0880 MTConfig (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:33:49.0123 0880 MTConfig - ok
22:33:49.0154 0880 Mup (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:33:49.0248 0880 Mup - ok
22:33:49.0295 0880 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:33:49.0373 0880 NativeWifiP - ok
22:33:49.0435 0880 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
22:33:49.0560 0880 NDIS - ok
22:33:49.0591 0880 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:33:49.0700 0880 NdisCap - ok
22:33:49.0731 0880 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:33:49.0841 0880 NdisTapi - ok
22:33:49.0887 0880 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
22:33:50.0028 0880 Ndisuio - ok
22:33:50.0075 0880 NdisWan (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
22:33:50.0184 0880 NdisWan - ok
22:33:50.0231 0880 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
22:33:50.0355 0880 NDProxy - ok
22:33:50.0402 0880 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:33:50.0527 0880 NetBIOS - ok
22:33:50.0574 0880 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
22:33:50.0730 0880 NetBT - ok
22:33:50.0808 0880 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:33:50.0886 0880 nfrd960 - ok
22:33:50.0917 0880 NisDrv (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:33:51.0011 0880 NisDrv - ok
22:33:51.0057 0880 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:33:51.0182 0880 Npfs - ok
22:33:51.0213 0880 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:33:51.0323 0880 nsiproxy - ok
22:33:51.0401 0880 Ntfs (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
22:33:51.0837 0880 Ntfs - ok
22:33:51.0869 0880 Null (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:33:51.0947 0880 Null - ok
22:33:51.0978 0880 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
22:33:52.0103 0880 nvraid - ok
22:33:52.0149 0880 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
22:33:52.0274 0880 nvstor - ok
22:33:52.0305 0880 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:33:52.0383 0880 nv_agp - ok
22:33:52.0446 0880 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:33:52.0539 0880 ohci1394 - ok
22:33:52.0602 0880 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:33:52.0711 0880 Parport - ok
22:33:52.0758 0880 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
22:33:52.0851 0880 partmgr - ok
22:33:52.0883 0880 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:33:52.0945 0880 Parvdm - ok
22:33:52.0992 0880 pci (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
22:33:53.0054 0880 pci - ok
22:33:53.0085 0880 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:33:53.0132 0880 pciide - ok
22:33:53.0163 0880 pcmcia (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:33:53.0241 0880 pcmcia - ok
22:33:53.0273 0880 pcw (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:33:53.0351 0880 pcw - ok
22:33:53.0397 0880 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:33:53.0538 0880 PEAUTH - ok
22:33:53.0663 0880 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:33:53.0819 0880 PptpMiniport - ok
22:33:53.0850 0880 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:33:53.0943 0880 Processor - ok
22:33:54.0006 0880 Psched (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:33:54.0162 0880 Psched - ok
22:33:54.0224 0880 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:33:54.0396 0880 ql2300 - ok
22:33:54.0411 0880 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:33:54.0536 0880 ql40xx - ok
22:33:54.0567 0880 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:33:54.0661 0880 QWAVEdrv - ok
22:33:54.0677 0880 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:33:54.0801 0880 RasAcd - ok
22:33:54.0848 0880 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:33:54.0973 0880 RasAgileVpn - ok
22:33:55.0004 0880 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:33:55.0160 0880 Rasl2tp - ok
22:33:55.0191 0880 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:33:55.0301 0880 RasPppoe - ok
22:33:55.0347 0880 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:33:55.0488 0880 RasSstp - ok
22:33:55.0550 0880 rdbss (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
22:33:55.0659 0880 rdbss - ok
22:33:55.0691 0880 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:33:55.0769 0880 rdpbus - ok
22:33:55.0815 0880 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
22:33:55.0878 0880 RDPCDD - ok
22:33:55.0925 0880 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:33:56.0003 0880 RDPENCDD - ok
22:33:56.0034 0880 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:33:56.0112 0880 RDPREFMP - ok
22:33:56.0143 0880 RDPWD (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
22:33:56.0330 0880 RDPWD - ok
22:33:56.0377 0880 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
22:33:56.0549 0880 rdyboost - ok
22:33:56.0611 0880 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:33:56.0689 0880 RFCOMM - ok
22:33:56.0751 0880 rspndr (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:33:56.0892 0880 rspndr - ok
22:33:56.0923 0880 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
22:33:57.0048 0880 RTL8167 - ok
22:33:57.0095 0880 SABI (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
22:33:57.0141 0880 SABI - ok
22:33:57.0204 0880 sbp2port (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
22:33:57.0313 0880 sbp2port - ok
22:33:57.0375 0880 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
22:33:57.0469 0880 scfilter - ok
22:33:57.0531 0880 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:33:57.0641 0880 secdrv - ok
22:33:57.0687 0880 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:33:57.0750 0880 Serenum - ok
22:33:57.0765 0880 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:33:57.0953 0880 Serial - ok
22:33:57.0999 0880 sermouse (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:33:58.0062 0880 sermouse - ok
22:33:58.0124 0880 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
22:33:58.0187 0880 sffdisk - ok
22:33:58.0218 0880 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
22:33:58.0265 0880 sffp_mmc - ok
22:33:58.0311 0880 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
22:33:58.0374 0880 sffp_sd - ok
22:33:58.0405 0880 sfloppy (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:33:58.0467 0880 sfloppy - ok
22:33:58.0530 0880 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:33:58.0608 0880 sisagp - ok
22:33:58.0639 0880 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:33:58.0701 0880 SiSRaid2 - ok
22:33:58.0717 0880 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:33:58.0811 0880 SiSRaid4 - ok
22:33:58.0826 0880 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:33:58.0998 0880 Smb - ok
22:33:59.0060 0880 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:33:59.0123 0880 spldr - ok
22:33:59.0201 0880 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
22:33:59.0294 0880 srv - ok
22:33:59.0325 0880 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
22:33:59.0403 0880 srv2 - ok
22:33:59.0435 0880 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
22:33:59.0513 0880 srvnet - ok
22:33:59.0559 0880 stexstor (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:33:59.0622 0880 stexstor - ok
22:33:59.0653 0880 swenum (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:33:59.0715 0880 swenum - ok
22:33:59.0778 0880 SynTP (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys
22:33:59.0856 0880 SynTP - ok
22:33:59.0981 0880 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
22:34:00.0137 0880 Tcpip - ok
22:34:00.0215 0880 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
22:34:00.0339 0880 TCPIP6 - ok
22:34:00.0386 0880 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
22:34:00.0495 0880 tcpipreg - ok
22:34:00.0573 0880 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
22:34:00.0667 0880 TDPIPE - ok
22:34:00.0683 0880 TDTCP (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
22:34:00.0792 0880 TDTCP - ok
22:34:00.0854 0880 tdx (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
22:34:00.0995 0880 tdx - ok
22:34:01.0041 0880 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
22:34:01.0135 0880 TermDD - ok
22:34:01.0229 0880 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
22:34:01.0353 0880 tssecsrv - ok
22:34:01.0400 0880 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
22:34:01.0478 0880 TsUsbFlt - ok
22:34:01.0541 0880 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
22:34:01.0634 0880 tunnel - ok
22:34:01.0681 0880 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:34:01.0775 0880 uagp35 - ok
22:34:01.0837 0880 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
22:34:01.0931 0880 udfs - ok
22:34:02.0009 0880 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:34:02.0102 0880 uliagpkx - ok
22:34:02.0149 0880 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
22:34:02.0227 0880 umbus - ok
22:34:02.0258 0880 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:34:02.0289 0880 UmPass - ok
22:34:02.0336 0880 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
22:34:02.0445 0880 usbccgp - ok
22:34:02.0492 0880 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:34:02.0555 0880 usbcir - ok
22:34:02.0586 0880 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
22:34:02.0679 0880 usbehci - ok
22:34:02.0726 0880 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
22:34:02.0804 0880 usbhub - ok
22:34:02.0835 0880 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
22:34:02.0898 0880 usbohci - ok
22:34:02.0929 0880 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:34:03.0007 0880 usbprint - ok
22:34:03.0023 0880 USBSTOR (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:34:03.0147 0880 USBSTOR - ok
22:34:03.0179 0880 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
22:34:03.0241 0880 usbuhci - ok
22:34:03.0288 0880 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
22:34:03.0350 0880 usbvideo - ok
22:34:03.0413 0880 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:34:03.0491 0880 vdrvroot - ok
22:34:03.0537 0880 vga (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:34:03.0615 0880 vga - ok
22:34:03.0647 0880 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:34:03.0756 0880 VgaSave - ok
22:34:03.0787 0880 vhdmp (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
22:34:03.0865 0880 vhdmp - ok
22:34:03.0896 0880 viaagp (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:34:03.0974 0880 viaagp - ok
22:34:04.0021 0880 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:34:04.0099 0880 ViaC7 - ok
22:34:04.0130 0880 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:34:04.0177 0880 viaide - ok
22:34:04.0224 0880 VMC326 (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
22:34:04.0333 0880 VMC326 - ok
22:34:04.0380 0880 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
22:34:04.0458 0880 volmgr - ok
22:34:04.0505 0880 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:34:04.0567 0880 volmgrx - ok
22:34:04.0629 0880 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
22:34:04.0692 0880 volsnap - ok
22:34:04.0739 0880 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:34:04.0879 0880 vsmraid - ok
22:34:04.0926 0880 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:34:04.0988 0880 vwifibus - ok
22:34:05.0019 0880 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:34:05.0129 0880 vwififlt - ok
22:34:05.0160 0880 WacomPen (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:34:05.0238 0880 WacomPen - ok
22:34:05.0285 0880 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:34:05.0441 0880 WANARP - ok
22:34:05.0456 0880 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:34:05.0612 0880 Wanarpv6 - ok
22:34:05.0675 0880 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:34:05.0737 0880 Wd - ok
22:34:05.0768 0880 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:34:05.0862 0880 Wdf01000 - ok
22:34:05.0955 0880 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:34:06.0049 0880 WfpLwf - ok
22:34:06.0080 0880 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:34:06.0143 0880 WIMMount - ok
22:34:06.0267 0880 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:34:06.0330 0880 WmiAcpi - ok
22:34:06.0408 0880 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:34:06.0501 0880 ws2ifsl - ok
22:34:06.0595 0880 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
22:34:06.0751 0880 WudfPf - ok
22:34:06.0782 0880 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
22:34:06.0876 0880 WUDFRd - ok
22:34:06.0969 0880 yukonw7 (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
22:34:07.0047 0880 yukonw7 - ok
22:34:07.0125 0880 MBR (0x1B8) (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:34:07.0765 0880 \Device\Harddisk0\DR0 - ok
22:34:07.0781 0880 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:34:09.0434 0880 \Device\Harddisk1\DR1 - ok
22:34:09.0450 0880 Boot (0x1200) (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0
22:34:09.0450 0880 \Device\Harddisk0\DR0\Partition0 - ok
22:34:09.0512 0880 Boot (0x1200) (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1
22:34:09.0512 0880 \Device\Harddisk0\DR0\Partition1 - ok
22:34:09.0543 0880 Boot (0x1200) (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2
22:34:09.0543 0880 \Device\Harddisk0\DR0\Partition2 - ok
22:34:09.0559 0880 Boot (0x1200) (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0
22:34:09.0559 0880 \Device\Harddisk1\DR1\Partition0 - ok
22:34:09.0559 0880 ============================================================
22:34:09.0559 0880 Scan finished
22:34:09.0559 0880 ============================================================
22:34:09.0590 2440 Detected object count: 0
22:34:09.0590 2440 Actual detected object count: 0
|
|
19.02.2012, 18:22
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.02.2012, 18:56
| #11 |
| | 3x Trojan.VUPX.Gen Hallo cosinus, hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-19.02 - Annette 19.02.2012 18:33:03.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.218 [GMT 1:00]
ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-19 bis 2012-02-19 ))))))))))))))))))))))))))))))
.
.
2012-02-19 17:45 . 2012-02-19 17:46 -------- d-----w- c:\users\Annette\AppData\Local\temp
2012-02-19 17:45 . 2012-02-19 17:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 17:28 . 2012-02-19 17:28 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys
2012-02-17 21:25 . 2012-02-17 21:25 98992 ----a-w- c:\windows\system32\drivers\90963350.sys
2012-02-17 20:50 . 2012-02-17 20:50 -------- d-----w- C:\_OTL
2012-02-17 18:24 . 2012-02-17 18:24 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-17 18:14 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll
2012-02-17 18:12 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll
2012-02-17 18:07 . 2012-02-17 18:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-17 18:01 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll
2012-02-15 20:00 . 2012-02-15 20:00 100864 ----a-w- C:\fgdiqfow.sys
2012-02-15 18:39 . 2012-02-15 18:39 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-15 18:18 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 18:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 18:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 18:12 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:00 . 2012-02-15 18:00 -------- d-----w- c:\users\Annette\AppData\Local\WindowsUpdate
2012-02-15 17:49 . 2012-02-15 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 17:47 . 2012-02-15 17:47 -------- d-----w- c:\program files\Java
2012-01-30 19:19 . 2012-01-30 19:19 -------- d-----w- c:\windows\system32\SPReview
2012-01-30 19:18 . 2012-01-30 19:18 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 19:09 . 2012-01-30 19:09 -------- d-----w- c:\windows\Sun
2012-01-30 19:08 . 2012-02-15 17:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-30 19:02 . 2012-01-30 19:02 -------- d-----w- c:\users\Annette\AppData\Roaming\Malwarebytes
2012-01-30 19:01 . 2012-01-30 19:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-30 19:01 . 2012-02-15 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 19:01 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 19:07 . 2011-06-11 15:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-22 12:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 19:36 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-25 09:38 . 2011-11-25 09:38 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S1 MpKslf3ea59bb;MpKslf3ea59bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys [2012-02-19 29904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLF3EA59BB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
yksvcs REG_MULTI_SZ yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-19 18:52:38
ComboFix-quarantined-files.txt 2012-02-19 17:52
.
Vor Suchlauf: 7 Verzeichnis(se), 48.020.451.328 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.660.769.280 Bytes frei
.
- - End Of File - - 87B385C7F538C8E161B2E94A87158584
Liebe Grüße |
|
19.02.2012, 19:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Filelook::
c:\windows\system32\drivers\90963350.sys
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.02.2012, 20:09
| #13 |
| | 3x Trojan.VUPX.Gen Hallo cosinus, hier das Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-19.02 - Annette 19.02.2012 19:46:41.2.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1014.316 [GMT 1:00]
ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Annette\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-19 bis 2012-02-19 ))))))))))))))))))))))))))))))
.
.
2012-02-19 19:00 . 2012-02-19 19:00 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-19 18:43 . 2012-02-19 18:43 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys
2012-02-19 17:52 . 2012-02-19 19:00 -------- d-----w- c:\users\Annette\AppData\Local\temp
2012-02-17 21:25 . 2012-02-17 21:25 98992 ----a-w- c:\windows\system32\drivers\90963350.sys
2012-02-17 20:50 . 2012-02-17 20:50 -------- d-----w- C:\_OTL
2012-02-17 18:24 . 2012-02-17 18:24 -------- d-----w- c:\windows\system32\wbem\en-US
2012-02-17 18:14 . 2012-02-09 12:17 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll
2012-02-17 18:12 . 2012-01-17 03:39 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll
2012-02-17 18:07 . 2012-02-17 18:07 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-17 18:01 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll
2012-02-15 20:00 . 2012-02-15 20:00 100864 ----a-w- C:\fgdiqfow.sys
2012-02-15 18:39 . 2012-02-15 18:39 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-15 18:18 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 18:17 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 18:17 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 18:12 . 2012-01-14 03:35 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 18:00 . 2012-02-15 18:00 -------- d-----w- c:\users\Annette\AppData\Local\WindowsUpdate
2012-02-15 17:49 . 2012-02-15 17:49 -------- d-----w- c:\program files\Common Files\Java
2012-02-15 17:47 . 2012-02-15 17:47 -------- d-----w- c:\program files\Java
2012-01-30 19:19 . 2012-01-30 19:19 -------- d-----w- c:\windows\system32\SPReview
2012-01-30 19:18 . 2012-01-30 19:18 -------- d-----w- c:\windows\system32\EventProviders
2012-01-30 19:09 . 2012-01-30 19:09 -------- d-----w- c:\windows\Sun
2012-01-30 19:08 . 2012-02-15 17:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-30 19:02 . 2012-01-30 19:02 -------- d-----w- c:\users\Annette\AppData\Roaming\Malwarebytes
2012-01-30 19:01 . 2012-01-30 19:01 -------- d-----w- c:\programdata\Malwarebytes
2012-01-30 19:01 . 2012-02-15 17:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-30 19:01 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 19:07 . 2011-06-11 15:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-22 12:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-01-30 19:36 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2011-11-25 09:38 . 2011-11-25 09:38 158056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\90963350.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.7.1.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 98992
Created time: 2012-02-17 21:25
Modified time: 2012-02-17 21:25
MD5: 58169FFB207940D4D84B4E85DB02CC1E
SHA1: DFB45534DC9AD266F0C5ECD2DBC4AFB3BA564BC5
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S1 MpKslcf3b93dd;MpKslcf3b93dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys [2012-02-19 29904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLCF3B93DD
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
yksvcs REG_MULTI_SZ yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1028)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-02-19 20:07:01
ComboFix-quarantined-files.txt 2012-02-19 19:07
ComboFix2.txt 2012-02-19 17:52
.
Vor Suchlauf: 10 Verzeichnis(se), 47.706.501.120 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.290.368.000 Bytes frei
.
- - End Of File - - A6327BFB7E9C001A6B870466E3B00B05
|
|
19.02.2012, 20:14
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 3x Trojan.VUPX.Gen Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.02.2012, 22:30
| #15 |
| | 3x Trojan.VUPX.Gen Hallo cosinus, hier deine Scans: GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-19 21:17:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: sp8si1jh.exe; Driver: C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwSaveKey + 13CD 81C549A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 81C744E2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A4B15000 282 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50AB A4B1511B 7 Bytes CALL A4B232D6 \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A4B15123 629 Bytes [05, B1, A4, FE, 05, 34, 05, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 A4B15399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F A4B153FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE ...
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\00000071 bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\BTHUSB \Device\0000006f bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1584] A4B22F2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6b84
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd60786
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91a3e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fe91bf
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6b84 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd60786 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91a3e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fe91bf (not active ControlSet)
Reg HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_089a143b
---- EOF - GMER 1.0.15 ----
OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:26:00 on 19.02.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "aswMBR" (aswMBR) - ? - C:\Users\Annette\AppData\Local\Temp\aswMBR.sys (Hidden registry entry, rootkit activity | File not found) "catchme" (catchme) - ? - C:\Users\Annette\AppData\Local\Temp\catchme.sys (File not found) "fgdiqfow" (fgdiqfow) - ? - C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys (Hidden registry entry, rootkit activity | File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys "MpKsl0cff5102" (MpKsl0cff5102) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information) "Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 22:03:09
-----------------------------
22:03:09.877 OS Version: Windows 6.1.7601 Service Pack 1
22:03:09.877 Number of processors: 2 586 0x1C02
22:03:09.877 ComputerName: ANNETTE-PC UserName: Annette
22:03:10.438 Initialize success
22:04:07.987 AVAST engine defs: 12021901
22:04:13.307 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:04:13.307 Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
22:04:13.588 Disk 0 MBR read successfully
22:04:13.603 Disk 0 MBR scan
22:04:13.712 Disk 0 unknown MBR code
22:04:13.790 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 15360 MB offset 2048
22:04:13.978 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 31459328
22:04:14.134 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 68581 MB offset 31664128
22:04:14.305 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 68584 MB offset 172118016
22:04:14.570 Disk 0 scanning sectors +312578048
22:04:15.163 Disk 0 scanning C:\windows\system32\drivers
22:05:44.817 Service scanning
22:06:09.808 Service MpKsl0cff5102 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys **LOCKED** 32
22:06:10.479 Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:06:41.024 Modules scanning
22:08:13.500 Disk 0 trace - called modules:
22:08:13.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys
22:08:13.594 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84411a00]
22:08:13.610 3 CLASSPNP.SYS[8767259e] -> nt!IofCallDriver -> [0x83f9c408]
22:08:13.641 5 ACPI.sys[86e253d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83fa5030]
22:08:14.343 AVAST engine scan C:\windows
22:08:52.001 AVAST engine scan C:\windows\system32
22:19:11.166 AVAST engine scan C:\windows\system32\drivers
22:19:46.891 AVAST engine scan C:\Users\Annette
22:24:36.115 AVAST engine scan C:\ProgramData
22:25:33.445 Scan finished successfully
22:27:37.122 Disk 0 MBR has been saved successfully to "E:\MBR.dat"
22:27:37.325 The log file has been saved successfully to "E:\aswMBR.txt"
|
|
| Themen zu 3x Trojan.VUPX.Gen |
| administrator, brand, cpu, dateien, dateisystem, defender, druck, error, excel, explorer, firefox, flash player, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, home, hängt, ics, installation, löschen, malwarebytes, microsoft, mozilla, office 2007, plug-in, server, software, svchost.exe, system32, temp, windows 7 starter |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
