Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: 3x Trojan.VUPX.Gen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.02.2012, 22:30   #1
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



MalwareBytes QuickScan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.30.03

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Annette :: ANNETTE-PC [Administrator]

30.01.2012 20:03:11
mbam-log-2012-01-30 (20-03-11).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 168849
Laufzeit: 16 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> 380 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.VUPX.Gen) -> Daten: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Annette\AppData\Local\Temp\0.2222913525765341.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Malwarebytes Full-Scan:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.15.03

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
Annette :: ANNETTE-PC [Administrator]

15.02.2012 18:47:21
mbam-log-2012-02-15 (18-47-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 260054
Laufzeit: 1 Stunde(n), 20 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Annette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\37abc3c2-516bfa30 (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Defogger:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:50 on 15/02/2012 (Annette)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
Attach:

Code:
ATTFilter
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Starter 
Boot Device: \Device\HarddiskVolume2
Install Date: 31.01.2010 09:31:28
System Uptime: 15.02.2012 20:16:06 (0 hours ago)
.
Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NC10                       
Processor: Intel(R) Atom(TM) CPU N270   @ 1.60GHz | U2E1 | 1600/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 47,454 GiB free.
D: is FIXED (NTFS) - 67 GiB total, 66,887 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1 - Deutsch
Alice Greenfingers
AnyPC Client
Atheros Client Installation Program
Compatibility Pack für 2007 Office System
CyberLink YouCam
Dairy Dash
Easy Display Manager
Easy Network Manager
Easy Resolution Manager
Easy SpeedUp Manager
EasyBatteryManager
Farm Frenzy 2
Firebird SQL Server - MAGIX Edition
Game Pack
Go-Go Gourmet
Google Toolbar for Internet Explorer
Google Update Helper
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
MAGIX Foto Manager 10
MAGIX Online Druck Service
MAGIX Screenshare
Malwarebytes Anti-Malware Version 1.60.1.1000
Marvell Miniport Driver
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office PowerPoint Viewer 2007 (German)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Works
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namuga 1.3M Webcam
OpenOffice.org 3.2
PDFCreator
Picasa 3
Realtek High Definition Audio Driver
Samsung Recovery Solution 4
Samsung Support Center
Samsung Update Plus
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Synaptics Pointing Device Driver
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office OneNote 2007 (KB980729)
User Guide
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Writer
.
==== End Of File ===========================
         
DDS:

Code:
ATTFilter
.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.7601.17514
Run by Annette at 20:46:46 on 2012-02-15
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.329 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k yksvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
C:\windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\windows\system32\igfxext.exe
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\4416679646028416373756C686F66666 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\44166796468416373756C686F66666 : DhcpNameServer = 85.216.127.130 82.212.63.122 192.168.0.1
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\452716E63777162707B616E616C6 : DhcpNameServer = 217.0.43.97 217.0.43.113
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\7457563747 : DhcpNameServer = 134.2.200.2 134.2.3.191
TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\75C414E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E} : DhcpNameServer = 82.212.62.62 78.42.43.62
Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-11-3 10752]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]
R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-1-31 44312]
R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-31 54632]
S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]
S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-11-3 237696]
.
=============== Created Last 30 ================
.
2012-02-15 18:54:09	6557240	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{d942106d-b9c9-4e49-a3c6-ac0a7666cbae}\mpengine.dll
2012-02-15 18:18:49	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 18:12:32	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 18:00:41	--------	d-----w-	c:\users\annette\appdata\local\WindowsUpdate
2012-01-30 19:19:47	--------	d-----w-	c:\windows\system32\SPReview
2012-01-30 19:18:37	--------	d-----w-	c:\windows\system32\EventProviders
2012-01-30 19:08:43	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-30 19:02:08	--------	d-----w-	c:\users\annette\appdata\roaming\Malwarebytes
2012-01-30 19:01:58	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-30 19:01:57	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-30 19:01:57	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-17 21:08:17	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2012-01-17 21:08:16	369352	----a-w-	c:\windows\system32\drivers\cng.sys
2012-01-17 21:08:16	314880	----a-w-	c:\windows\system32\webio.dll
2012-01-17 21:08:16	224768	----a-w-	c:\windows\system32\schannel.dll
2012-01-17 21:08:16	134000	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-01-17 21:08:15	67440	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-01-17 21:08:15	22528	----a-w-	c:\windows\system32\lsass.exe
2012-01-17 21:08:15	22016	----a-w-	c:\windows\system32\secur32.dll
2012-01-17 21:08:15	15872	----a-w-	c:\windows\system32\sspisrv.dll
2012-01-17 21:08:15	100352	----a-w-	c:\windows\system32\sspicli.dll
.
==================== Find3M  ====================
.
2012-01-30 19:36:50	152576	----a-w-	c:\windows\system32\msclmd.dll
2012-01-29 04:10:42	237072	------w-	c:\windows\system32\MpSigStub.exe
2011-12-30 05:27:56	478720	----a-w-	c:\windows\system32\timedate.cpl
2011-12-16 07:54:22	981504	----a-w-	c:\windows\system32\wininet.dll
2011-12-16 07:52:58	690688	----a-w-	c:\windows\system32\msvcrt.dll
2011-12-16 06:09:17	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2011-11-19 14:01:00	67072	----a-w-	c:\windows\system32\packager.dll
.
============= FINISH: 20:47:58,13 ===============


{code]
         

GMER stürzt immer ab bzw. hängt sich auf.

Alt 17.02.2012, 12:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hast du auch ne Problembeschreibung? Einfach nur Logs hinknallen ist nicht gerade schön
__________________

__________________

Alt 17.02.2012, 12:50   #3
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

tut mir leid. Es ist der 50 Euro-Absperr-Trojaner, der hier massenweise vertreten ist.

Es sind auch keine weiteren Logs vorhanden von Malwarebytes.
__________________

Geändert von lilalaune (17.02.2012 um 13:27 Uhr)

Alt 17.02.2012, 14:16   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.02.2012, 18:48   #5
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

vielen Dank erstmal. Hier das OTL-Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 2/17/2012 6:21:56 PM - Run 1
OTL by OldTimer - Version 3.2.32.0     Folder = C:\Users\Annette\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1014.43 Mb Total Physical Memory | 360.55 Mb Available Physical Memory | 35.54% Memory free
1.99 Gb Paging File | 1.37 Gb Available in Paging File | 68.58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 66.97 Gb Total Space | 47.00 Gb Free Space | 70.17% Space Free | Partition Type: NTFS
Drive D: | 66.98 Gb Total Space | 66.89 Gb Free Space | 99.87% Space Free | Partition Type: NTFS
Drive E: | 7.45 Gb Total Space | 7.22 Gb Free Space | 96.90% Space Free | Partition Type: FAT32
 
Computer Name: ANNETTE-PC | User Name: Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Annette\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)
DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
 
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E}: DhcpNameServer = 82.212.62.62 78.42.43.62
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: vsmon - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/02/17 18:00:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe
[2012/02/15 21:00:20 | 000,100,864 | ---- | C] (GMER) -- C:\fgdiqfow.sys
[2012/02/15 19:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/02/15 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Local\WindowsUpdate
[2012/02/15 18:54:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Annette\Desktop\dds.com
[2012/02/15 18:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/02/15 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/01/30 20:19:47 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview
[2012/01/30 20:18:37 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders
[2012/01/30 20:09:51 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/01/30 20:02:08 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Malwarebytes
[2012/01/30 20:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/30 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/30 20:01:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/01/30 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/21 00:15:04 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Mozilla
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/02/17 17:59:11 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/17 17:58:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe
[2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/17 17:45:44 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/17 17:45:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/17 17:45:13 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/15 22:07:51 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012/02/15 22:07:51 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/15 22:07:51 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012/02/15 22:07:51 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/15 21:00:20 | 000,100,864 | ---- | M] (GMER) -- C:\fgdiqfow.sys
[2012/02/15 20:17:28 | 000,349,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012/02/15 18:56:19 | 000,302,592 | ---- | M] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe
[2012/02/15 18:54:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Annette\Desktop\dds.com
[2012/02/15 18:50:42 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable
[2012/02/15 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\Annette\Desktop\Defogger.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/02/15 18:56:07 | 000,302,592 | ---- | C] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe
[2012/02/15 18:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable
[2012/02/15 18:50:07 | 000,050,477 | ---- | C] () -- C:\Users\Annette\Desktop\Defogger.exe
[2011/12/24 04:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Annette\AppData\Local\{A6056EA3-3AEF-496F-A7F0-70B645FE866A}
[2011/03/07 17:41:56 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2010/10/30 13:01:43 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010/01/31 15:24:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini
[2010/01/31 09:50:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2009/11/03 22:35:06 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat
[2009/11/03 22:35:06 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat
[2009/11/03 22:35:06 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat
[2009/11/03 22:35:06 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat
[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/14 05:33:53 | 000,349,304 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin
[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint
[2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys
[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze
[2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX
[2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org
[2011/11/05 19:29:10 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010/01/31 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Adobe
[2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint
[2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys
[2010/01/31 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Google
[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze
[2010/01/31 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Identities
[2010/01/31 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Macromedia
[2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX
[2012/01/30 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Malwarebytes
[2010/12/13 21:29:52 | 000,000,000 | --SD | M] -- C:\Users\Annette\AppData\Roaming\Microsoft
[2012/01/21 00:15:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Mozilla
[2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org
 
< %APPDATA%\*.exe /s >
[2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze\uninstall.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---


Alt 17.02.2012, 19:39   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
--> 3x Trojan.VUPX.Gen

Alt 17.02.2012, 22:01   #7
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

hier das Log:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\Annette\AppData\Roaming\Gutscheinmieze folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Annette
->Temp folder emptied: 220150552 bytes
->Temporary Internet Files folder emptied: 254367849 bytes
->Java cache emptied: 41158 bytes
->Flash cache emptied: 35846 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 30720 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 189849737 bytes
RecycleBin emptied: 140834111 bytes
 
Total Files Cleaned = 768.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.32.0 log created on 02172012_215005

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         

Alt 17.02.2012, 22:18   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 17.02.2012, 22:35   #9
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Code:
ATTFilter
22:25:49.0516 2512	TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:25:49.0594 2512	============================================================
22:25:49.0594 2512	Current date / time: 2012/02/17 22:25:49.0594
22:25:49.0594 2512	SystemInfo:
22:25:49.0594 2512	
22:25:49.0594 2512	OS Version: 6.1.7601 ServicePack: 1.0
22:25:49.0594 2512	Product type: Workstation
22:25:49.0594 2512	ComputerName: ANNETTE-PC
22:25:49.0594 2512	UserName: Annette
22:25:49.0594 2512	Windows directory: C:\windows
22:25:49.0594 2512	System windows directory: C:\windows
22:25:49.0594 2512	Processor architecture: Intel x86
22:25:49.0594 2512	Number of processors: 2
22:25:49.0594 2512	Page size: 0x1000
22:25:49.0594 2512	Boot type: Normal boot
22:25:49.0594 2512	============================================================
22:25:54.0835 2512	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:25:54.0851 2512	Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:25:54.0851 2512	\Device\Harddisk0\DR0:
22:25:54.0851 2512	MBR used
22:25:54.0851 2512	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000
22:25:54.0851 2512	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x85F2800
22:25:54.0851 2512	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA425000, BlocksNum 0x85F4000
22:25:54.0851 2512	\Device\Harddisk1\DR1:
22:25:54.0851 2512	MBR used
22:25:54.0851 2512	\Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080
22:25:54.0929 2512	Initialize success
22:25:54.0929 2512	============================================================
22:26:32.0821 3588	============================================================
22:26:32.0821 3588	Scan started
22:26:32.0821 3588	Mode: Manual; SigCheck; TDLFS; 
22:26:32.0821 3588	============================================================
22:26:34.0023 3588	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
22:26:34.0303 3588	1394ohci - ok
22:26:34.0381 3588	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
22:26:34.0475 3588	ACPI - ok
22:26:34.0537 3588	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
22:26:34.0709 3588	AcpiPmi - ok
22:26:34.0771 3588	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:26:34.0896 3588	adp94xx - ok
22:26:34.0927 3588	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:26:35.0021 3588	adpahci - ok
22:26:35.0037 3588	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:26:35.0224 3588	adpu320 - ok
22:26:35.0302 3588	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
22:26:35.0442 3588	AFD - ok
22:26:35.0489 3588	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:26:35.0629 3588	agp440 - ok
22:26:35.0661 3588	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:26:35.0785 3588	aic78xx - ok
22:26:35.0848 3588	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:26:35.0910 3588	aliide - ok
22:26:35.0957 3588	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:26:36.0097 3588	amdagp - ok
22:26:36.0144 3588	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:26:36.0207 3588	amdide - ok
22:26:36.0253 3588	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:26:36.0409 3588	AmdK8 - ok
22:26:36.0425 3588	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:26:36.0581 3588	AmdPPM - ok
22:26:36.0628 3588	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
22:26:36.0768 3588	amdsata - ok
22:26:36.0815 3588	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:26:37.0111 3588	amdsbs - ok
22:26:37.0143 3588	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
22:26:37.0236 3588	amdxata - ok
22:26:37.0283 3588	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
22:26:37.0611 3588	AppID - ok
22:26:37.0735 3588	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:26:37.0891 3588	arc - ok
22:26:37.0923 3588	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:26:38.0063 3588	arcsas - ok
22:26:38.0110 3588	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:26:38.0344 3588	AsyncMac - ok
22:26:38.0422 3588	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:26:38.0469 3588	atapi - ok
22:26:38.0593 3588	athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
22:26:38.0796 3588	athr - ok
22:26:38.0937 3588	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:26:39.0280 3588	b06bdrv - ok
22:26:39.0327 3588	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:26:39.0654 3588	b57nd60x - ok
22:26:39.0732 3588	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:26:39.0841 3588	Beep - ok
22:26:39.0888 3588	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:26:40.0075 3588	blbdrive - ok
22:26:40.0107 3588	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
22:26:40.0341 3588	bowser - ok
22:26:40.0372 3588	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:26:40.0528 3588	BrFiltLo - ok
22:26:40.0543 3588	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:26:40.0621 3588	BrFiltUp - ok
22:26:40.0668 3588	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:26:40.0887 3588	Brserid - ok
22:26:40.0902 3588	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:26:41.0089 3588	BrSerWdm - ok
22:26:41.0105 3588	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:26:41.0245 3588	BrUsbMdm - ok
22:26:41.0261 3588	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:26:41.0370 3588	BrUsbSer - ok
22:26:41.0433 3588	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:26:41.0620 3588	BthEnum - ok
22:26:41.0667 3588	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:26:41.0854 3588	BTHMODEM - ok
22:26:41.0901 3588	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:26:42.0025 3588	BthPan - ok
22:26:42.0119 3588	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
22:26:42.0275 3588	BTHPORT - ok
22:26:42.0337 3588	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
22:26:42.0525 3588	BTHUSB - ok
22:26:42.0587 3588	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
22:26:42.0868 3588	btwaudio - ok
22:26:42.0930 3588	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
22:26:43.0102 3588	btwavdt - ok
22:26:43.0164 3588	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:26:43.0258 3588	btwl2cap - ok
22:26:43.0289 3588	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
22:26:43.0367 3588	btwrchid - ok
22:26:43.0414 3588	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:26:43.0648 3588	cdfs - ok
22:26:43.0710 3588	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
22:26:43.0819 3588	cdrom - ok
22:26:43.0851 3588	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:26:43.0991 3588	circlass - ok
22:26:44.0053 3588	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:26:44.0131 3588	CLFS - ok
22:26:44.0241 3588	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:26:44.0334 3588	CmBatt - ok
22:26:44.0365 3588	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:26:44.0443 3588	cmdide - ok
22:26:44.0490 3588	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
22:26:44.0677 3588	CNG - ok
22:26:44.0724 3588	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:26:44.0802 3588	Compbatt - ok
22:26:44.0849 3588	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
22:26:44.0974 3588	CompositeBus - ok
22:26:45.0021 3588	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:26:45.0099 3588	crcdisk - ok
22:26:45.0208 3588	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
22:26:45.0457 3588	DfsC - ok
22:26:45.0489 3588	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:26:45.0629 3588	discache - ok
22:26:45.0691 3588	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:26:45.0832 3588	Disk - ok
22:26:45.0910 3588	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:26:45.0988 3588	drmkaud - ok
22:26:46.0050 3588	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
22:26:46.0206 3588	DXGKrnl - ok
22:26:46.0347 3588	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:26:46.0643 3588	ebdrv - ok
22:26:46.0705 3588	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:26:46.0846 3588	elxstor - ok
22:26:46.0893 3588	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:26:46.0971 3588	ErrDev - ok
22:26:47.0033 3588	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:26:47.0220 3588	exfat - ok
22:26:47.0298 3588	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:26:47.0470 3588	fastfat - ok
22:26:47.0517 3588	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:26:47.0641 3588	fdc - ok
22:26:47.0688 3588	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:26:47.0844 3588	FileInfo - ok
22:26:47.0875 3588	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:26:48.0031 3588	Filetrace - ok
22:26:48.0094 3588	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:26:48.0234 3588	flpydisk - ok
22:26:48.0281 3588	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:26:48.0437 3588	FltMgr - ok
22:26:48.0484 3588	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:26:48.0624 3588	FsDepends - ok
22:26:48.0671 3588	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
22:26:48.0827 3588	fssfltr - ok
22:26:48.0874 3588	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:26:48.0952 3588	Fs_Rec - ok
22:26:49.0014 3588	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
22:26:49.0108 3588	fvevol - ok
22:26:49.0155 3588	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:26:49.0311 3588	gagp30kx - ok
22:26:49.0389 3588	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:26:49.0498 3588	hcw85cir - ok
22:26:49.0576 3588	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
22:26:49.0701 3588	HdAudAddService - ok
22:26:49.0747 3588	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
22:26:49.0857 3588	HDAudBus - ok
22:26:49.0903 3588	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:26:50.0013 3588	HidBatt - ok
22:26:50.0028 3588	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:26:50.0153 3588	HidBth - ok
22:26:50.0184 3588	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:26:50.0325 3588	HidIr - ok
22:26:50.0403 3588	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
22:26:50.0527 3588	HidUsb - ok
22:26:50.0605 3588	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:26:50.0746 3588	HpSAMD - ok
22:26:50.0808 3588	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
22:26:50.0980 3588	HTTP - ok
22:26:51.0027 3588	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
22:26:51.0073 3588	hwpolicy - ok
22:26:51.0136 3588	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:26:51.0354 3588	i8042prt - ok
22:26:51.0448 3588	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
22:26:51.0604 3588	iaStorV - ok
22:26:51.0838 3588	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
22:26:52.0290 3588	igfx - ok
22:26:52.0415 3588	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:26:52.0540 3588	iirsp - ok
22:26:52.0711 3588	IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys
22:26:53.0023 3588	IntcAzAudAddService - ok
22:26:53.0086 3588	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:26:53.0148 3588	intelide - ok
22:26:53.0226 3588	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:26:53.0367 3588	intelppm - ok
22:26:53.0413 3588	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:26:53.0632 3588	IpFilterDriver - ok
22:26:53.0694 3588	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
22:26:53.0913 3588	IPMIDRV - ok
22:26:53.0944 3588	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:26:54.0100 3588	IPNAT - ok
22:26:54.0147 3588	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:26:54.0318 3588	IRENUM - ok
22:26:54.0365 3588	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:26:54.0490 3588	isapnp - ok
22:26:54.0568 3588	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
22:26:54.0693 3588	iScsiPrt - ok
22:26:54.0755 3588	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
22:26:54.0942 3588	kbdclass - ok
22:26:55.0051 3588	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
22:26:55.0223 3588	kbdhid - ok
22:26:55.0395 3588	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
22:26:55.0582 3588	KSecDD - ok
22:26:55.0816 3588	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
22:26:56.0128 3588	KSecPkg - ok
22:26:56.0299 3588	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:26:56.0502 3588	lltdio - ok
22:26:56.0596 3588	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:26:56.0767 3588	LSI_FC - ok
22:26:56.0783 3588	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:26:56.0939 3588	LSI_SAS - ok
22:26:56.0970 3588	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:26:57.0095 3588	LSI_SAS2 - ok
22:26:57.0111 3588	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:26:57.0282 3588	LSI_SCSI - ok
22:26:57.0329 3588	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:26:57.0579 3588	luafv - ok
22:26:57.0610 3588	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:26:57.0703 3588	megasas - ok
22:26:57.0735 3588	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:26:57.0844 3588	MegaSR - ok
22:26:57.0875 3588	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:26:58.0047 3588	Modem - ok
22:26:58.0093 3588	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:26:58.0171 3588	monitor - ok
22:26:58.0218 3588	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
22:26:58.0359 3588	mouclass - ok
22:26:58.0405 3588	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:26:58.0530 3588	mouhid - ok
22:26:58.0577 3588	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
22:26:58.0686 3588	mountmgr - ok
22:26:58.0749 3588	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
22:26:58.0920 3588	MpFilter - ok
22:26:58.0967 3588	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
22:26:59.0201 3588	mpio - ok
22:26:59.0232 3588	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
22:26:59.0310 3588	MpNWMon - ok
22:26:59.0357 3588	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:26:59.0591 3588	mpsdrv - ok
22:26:59.0653 3588	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
22:26:59.0809 3588	MRxDAV - ok
22:26:59.0872 3588	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
22:26:59.0997 3588	mrxsmb - ok
22:27:00.0059 3588	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:27:00.0199 3588	mrxsmb10 - ok
22:27:00.0246 3588	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:27:00.0465 3588	mrxsmb20 - ok
22:27:00.0511 3588	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
22:27:00.0589 3588	msahci - ok
22:27:00.0636 3588	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
22:27:00.0745 3588	msdsm - ok
22:27:00.0808 3588	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:27:00.0964 3588	Msfs - ok
22:27:00.0995 3588	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:27:01.0104 3588	mshidkmdf - ok
22:27:01.0135 3588	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:27:01.0213 3588	msisadrv - ok
22:27:01.0245 3588	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:27:01.0385 3588	MSKSSRV - ok
22:27:01.0432 3588	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:27:01.0541 3588	MSPCLOCK - ok
22:27:01.0557 3588	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:27:01.0650 3588	MSPQM - ok
22:27:01.0697 3588	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:27:01.0962 3588	MsRPC - ok
22:27:02.0025 3588	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:27:02.0087 3588	mssmbios - ok
22:27:02.0118 3588	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:27:02.0227 3588	MSTEE - ok
22:27:02.0243 3588	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:27:02.0337 3588	MTConfig - ok
22:27:02.0368 3588	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:27:02.0508 3588	Mup - ok
22:27:02.0571 3588	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:27:02.0773 3588	NativeWifiP - ok
22:27:02.0836 3588	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
22:27:02.0976 3588	NDIS - ok
22:27:03.0007 3588	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:27:03.0148 3588	NdisCap - ok
22:27:03.0179 3588	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:27:03.0351 3588	NdisTapi - ok
22:27:03.0429 3588	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
22:27:03.0616 3588	Ndisuio - ok
22:27:03.0663 3588	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
22:27:03.0787 3588	NdisWan - ok
22:27:03.0834 3588	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
22:27:04.0037 3588	NDProxy - ok
22:27:04.0084 3588	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:27:04.0271 3588	NetBIOS - ok
22:27:04.0333 3588	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
22:27:04.0489 3588	NetBT - ok
22:27:04.0567 3588	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:27:04.0692 3588	nfrd960 - ok
22:27:04.0739 3588	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:27:04.0817 3588	NisDrv - ok
22:27:04.0879 3588	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:27:05.0051 3588	Npfs - ok
22:27:05.0098 3588	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:27:05.0207 3588	nsiproxy - ok
22:27:05.0285 3588	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
22:27:06.0159 3588	Ntfs - ok
22:27:06.0315 3588	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:27:06.0455 3588	Null - ok
22:27:06.0517 3588	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
22:27:06.0783 3588	nvraid - ok
22:27:06.0829 3588	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
22:27:07.0063 3588	nvstor - ok
22:27:07.0126 3588	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:27:07.0251 3588	nv_agp - ok
22:27:07.0375 3588	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:27:07.0531 3588	ohci1394 - ok
22:27:07.0641 3588	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:27:07.0859 3588	Parport - ok
22:27:07.0906 3588	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
22:27:08.0077 3588	partmgr - ok
22:27:08.0124 3588	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:27:08.0202 3588	Parvdm - ok
22:27:08.0265 3588	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
22:27:08.0389 3588	pci - ok
22:27:08.0436 3588	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:27:08.0530 3588	pciide - ok
22:27:08.0577 3588	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:27:08.0701 3588	pcmcia - ok
22:27:08.0764 3588	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:27:08.0904 3588	pcw - ok
22:27:09.0045 3588	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:27:09.0247 3588	PEAUTH - ok
22:27:09.0403 3588	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:27:09.0653 3588	PptpMiniport - ok
22:27:09.0700 3588	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:27:09.0856 3588	Processor - ok
22:27:09.0934 3588	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:27:10.0121 3588	Psched - ok
22:27:10.0199 3588	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:27:10.0417 3588	ql2300 - ok
22:27:10.0433 3588	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:27:10.0667 3588	ql40xx - ok
22:27:10.0714 3588	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:27:10.0854 3588	QWAVEdrv - ok
22:27:10.0885 3588	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:27:11.0057 3588	RasAcd - ok
22:27:11.0119 3588	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:27:11.0338 3588	RasAgileVpn - ok
22:27:11.0416 3588	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:27:11.0665 3588	Rasl2tp - ok
22:27:11.0712 3588	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:27:11.0868 3588	RasPppoe - ok
22:27:11.0899 3588	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:27:12.0149 3588	RasSstp - ok
22:27:12.0211 3588	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
22:27:12.0399 3588	rdbss - ok
22:27:12.0430 3588	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:27:12.0555 3588	rdpbus - ok
22:27:12.0601 3588	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
22:27:12.0711 3588	RDPCDD - ok
22:27:12.0757 3588	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:27:12.0851 3588	RDPENCDD - ok
22:27:12.0913 3588	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:27:12.0991 3588	RDPREFMP - ok
22:27:13.0054 3588	RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
22:27:13.0366 3588	RDPWD - ok
22:27:13.0444 3588	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
22:27:13.0771 3588	rdyboost - ok
22:27:13.0849 3588	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:27:13.0990 3588	RFCOMM - ok
22:27:14.0083 3588	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:27:14.0333 3588	rspndr - ok
22:27:14.0380 3588	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
22:27:14.0614 3588	RTL8167 - ok
22:27:14.0676 3588	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
22:27:14.0785 3588	SABI - ok
22:27:14.0863 3588	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
22:27:15.0082 3588	sbp2port - ok
22:27:15.0144 3588	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
22:27:15.0285 3588	scfilter - ok
22:27:15.0363 3588	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:27:15.0519 3588	secdrv - ok
22:27:15.0597 3588	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:27:15.0706 3588	Serenum - ok
22:27:15.0737 3588	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:27:16.0049 3588	Serial - ok
22:27:16.0158 3588	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:27:16.0267 3588	sermouse - ok
22:27:16.0345 3588	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
22:27:16.0439 3588	sffdisk - ok
22:27:16.0470 3588	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
22:27:16.0548 3588	sffp_mmc - ok
22:27:16.0579 3588	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
22:27:16.0673 3588	sffp_sd - ok
22:27:16.0689 3588	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:27:16.0798 3588	sfloppy - ok
22:27:16.0860 3588	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:27:17.0001 3588	sisagp - ok
22:27:17.0047 3588	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:27:17.0141 3588	SiSRaid2 - ok
22:27:17.0157 3588	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:27:17.0297 3588	SiSRaid4 - ok
22:27:17.0328 3588	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:27:17.0578 3588	Smb - ok
22:27:17.0625 3588	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:27:17.0718 3588	spldr - ok
22:27:17.0812 3588	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
22:27:17.0983 3588	srv - ok
22:27:18.0030 3588	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
22:27:18.0202 3588	srv2 - ok
22:27:18.0249 3588	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
22:27:18.0373 3588	srvnet - ok
22:27:18.0436 3588	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:27:18.0514 3588	stexstor - ok
22:27:18.0561 3588	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:27:18.0639 3588	swenum - ok
22:27:18.0717 3588	SynTP           (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys
22:27:18.0826 3588	SynTP - ok
22:27:18.0982 3588	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
22:27:19.0216 3588	Tcpip - ok
22:27:19.0356 3588	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
22:27:19.0481 3588	TCPIP6 - ok
22:27:19.0543 3588	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
22:27:19.0715 3588	tcpipreg - ok
22:27:19.0762 3588	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
22:27:19.0902 3588	TDPIPE - ok
22:27:19.0933 3588	TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
22:27:20.0074 3588	TDTCP - ok
22:27:20.0121 3588	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
22:27:20.0370 3588	tdx - ok
22:27:20.0417 3588	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
22:27:20.0573 3588	TermDD - ok
22:27:20.0698 3588	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
22:27:20.0869 3588	tssecsrv - ok
22:27:20.0932 3588	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
22:27:21.0119 3588	TsUsbFlt - ok
22:27:21.0181 3588	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
22:27:21.0322 3588	tunnel - ok
22:27:21.0369 3588	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:27:21.0509 3588	uagp35 - ok
22:27:21.0571 3588	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
22:27:21.0727 3588	udfs - ok
22:27:21.0805 3588	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:27:21.0961 3588	uliagpkx - ok
22:27:22.0008 3588	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
22:27:22.0164 3588	umbus - ok
22:27:22.0227 3588	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:27:22.0289 3588	UmPass - ok
22:27:22.0336 3588	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
22:27:22.0523 3588	usbccgp - ok
22:27:22.0570 3588	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:27:22.0679 3588	usbcir - ok
22:27:22.0741 3588	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
22:27:22.0882 3588	usbehci - ok
22:27:22.0929 3588	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
22:27:23.0069 3588	usbhub - ok
22:27:23.0100 3588	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
22:27:23.0209 3588	usbohci - ok
22:27:23.0256 3588	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:27:23.0365 3588	usbprint - ok
22:27:23.0412 3588	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:27:23.0662 3588	USBSTOR - ok
22:27:23.0709 3588	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
22:27:23.0802 3588	usbuhci - ok
22:27:23.0880 3588	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
22:27:24.0005 3588	usbvideo - ok
22:27:24.0083 3588	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:27:24.0177 3588	vdrvroot - ok
22:27:24.0223 3588	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:27:24.0348 3588	vga - ok
22:27:24.0395 3588	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:27:24.0535 3588	VgaSave - ok
22:27:24.0598 3588	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
22:27:24.0691 3588	vhdmp - ok
22:27:24.0754 3588	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:27:24.0894 3588	viaagp - ok
22:27:24.0925 3588	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:27:25.0081 3588	ViaC7 - ok
22:27:25.0113 3588	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:27:25.0191 3588	viaide - ok
22:27:25.0269 3588	VMC326          (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
22:27:25.0518 3588	VMC326 - ok
22:27:25.0565 3588	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
22:27:25.0705 3588	volmgr - ok
22:27:25.0768 3588	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:27:25.0830 3588	volmgrx - ok
22:27:25.0893 3588	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
22:27:26.0002 3588	volsnap - ok
22:27:26.0049 3588	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:27:26.0298 3588	vsmraid - ok
22:27:26.0329 3588	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:27:26.0454 3588	vwifibus - ok
22:27:26.0501 3588	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:27:26.0673 3588	vwififlt - ok
22:27:26.0719 3588	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:27:26.0829 3588	WacomPen - ok
22:27:26.0891 3588	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:27:27.0141 3588	WANARP - ok
22:27:27.0156 3588	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:27:27.0312 3588	Wanarpv6 - ok
22:27:27.0375 3588	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:27:27.0453 3588	Wd - ok
22:27:27.0531 3588	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:27:27.0655 3588	Wdf01000 - ok
22:27:27.0765 3588	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:27:27.0874 3588	WfpLwf - ok
22:27:27.0921 3588	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:27:27.0999 3588	WIMMount - ok
22:27:28.0139 3588	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:27:28.0233 3588	WmiAcpi - ok
22:27:28.0373 3588	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:27:28.0513 3588	ws2ifsl - ok
22:27:28.0607 3588	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
22:27:28.0857 3588	WudfPf - ok
22:27:28.0903 3588	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
22:27:29.0059 3588	WUDFRd - ok
22:27:29.0153 3588	yukonw7         (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
22:27:29.0262 3588	yukonw7 - ok
22:27:29.0356 3588	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:27:29.0933 3588	\Device\Harddisk0\DR0 - ok
22:27:29.0949 3588	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:27:34.0207 3588	\Device\Harddisk1\DR1 - ok
22:27:34.0223 3588	Boot (0x1200)   (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0
22:27:34.0223 3588	\Device\Harddisk0\DR0\Partition0 - ok
22:27:34.0285 3588	Boot (0x1200)   (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1
22:27:34.0285 3588	\Device\Harddisk0\DR0\Partition1 - ok
22:27:34.0317 3588	Boot (0x1200)   (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2
22:27:34.0317 3588	\Device\Harddisk0\DR0\Partition2 - ok
22:27:34.0332 3588	Boot (0x1200)   (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0
22:27:34.0332 3588	\Device\Harddisk1\DR1\Partition0 - ok
22:27:34.0348 3588	============================================================
22:27:34.0348 3588	Scan finished
22:27:34.0348 3588	============================================================
22:27:34.0379 1676	Detected object count: 0
22:27:34.0379 1676	Actual detected object count: 0
22:33:30.0247 0880	============================================================
22:33:30.0247 0880	Scan started
22:33:30.0247 0880	Mode: Manual; SigCheck; TDLFS; 
22:33:30.0247 0880	============================================================
22:33:30.0730 0880	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys
22:33:30.0824 0880	1394ohci - ok
22:33:30.0886 0880	ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys
22:33:30.0964 0880	ACPI - ok
22:33:31.0042 0880	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys
22:33:31.0120 0880	AcpiPmi - ok
22:33:31.0198 0880	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys
22:33:31.0276 0880	adp94xx - ok
22:33:31.0308 0880	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys
22:33:31.0370 0880	adpahci - ok
22:33:31.0417 0880	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys
22:33:31.0510 0880	adpu320 - ok
22:33:31.0573 0880	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys
22:33:31.0666 0880	AFD - ok
22:33:31.0713 0880	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys
22:33:31.0791 0880	agp440 - ok
22:33:31.0822 0880	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys
22:33:31.0900 0880	aic78xx - ok
22:33:31.0932 0880	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys
22:33:31.0978 0880	aliide - ok
22:33:32.0025 0880	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys
22:33:32.0103 0880	amdagp - ok
22:33:32.0134 0880	amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys
22:33:32.0197 0880	amdide - ok
22:33:32.0212 0880	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys
22:33:32.0306 0880	AmdK8 - ok
22:33:32.0322 0880	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys
22:33:32.0415 0880	AmdPPM - ok
22:33:32.0462 0880	amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys
22:33:32.0540 0880	amdsata - ok
22:33:32.0587 0880	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys
22:33:32.0743 0880	amdsbs - ok
22:33:32.0758 0880	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys
22:33:32.0821 0880	amdxata - ok
22:33:32.0868 0880	AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys
22:33:33.0008 0880	AppID - ok
22:33:33.0039 0880	arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys
22:33:33.0117 0880	arc - ok
22:33:33.0133 0880	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys
22:33:33.0242 0880	arcsas - ok
22:33:33.0273 0880	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys
22:33:33.0382 0880	AsyncMac - ok
22:33:33.0414 0880	atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys
22:33:33.0476 0880	atapi - ok
22:33:33.0538 0880	athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys
22:33:33.0648 0880	athr - ok
22:33:33.0710 0880	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys
22:33:33.0866 0880	b06bdrv - ok
22:33:33.0897 0880	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys
22:33:34.0069 0880	b57nd60x - ok
22:33:34.0116 0880	Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys
22:33:34.0194 0880	Beep - ok
22:33:34.0240 0880	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys
22:33:34.0350 0880	blbdrive - ok
22:33:34.0396 0880	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys
22:33:34.0506 0880	bowser - ok
22:33:34.0521 0880	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys
22:33:34.0599 0880	BrFiltLo - ok
22:33:34.0615 0880	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys
22:33:34.0662 0880	BrFiltUp - ok
22:33:34.0708 0880	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys
22:33:34.0818 0880	Brserid - ok
22:33:34.0849 0880	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys
22:33:34.0942 0880	BrSerWdm - ok
22:33:34.0974 0880	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys
22:33:35.0036 0880	BrUsbMdm - ok
22:33:35.0052 0880	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys
22:33:35.0130 0880	BrUsbSer - ok
22:33:35.0161 0880	BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys
22:33:35.0254 0880	BthEnum - ok
22:33:35.0270 0880	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys
22:33:35.0379 0880	BTHMODEM - ok
22:33:35.0426 0880	BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys
22:33:35.0488 0880	BthPan - ok
22:33:35.0535 0880	BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys
22:33:35.0629 0880	BTHPORT - ok
22:33:35.0660 0880	BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys
22:33:35.0769 0880	BTHUSB - ok
22:33:35.0816 0880	btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys
22:33:35.0925 0880	btwaudio - ok
22:33:35.0972 0880	btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys
22:33:36.0066 0880	btwavdt - ok
22:33:36.0112 0880	btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys
22:33:36.0159 0880	btwl2cap - ok
22:33:36.0268 0880	btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys
22:33:36.0346 0880	btwrchid - ok
22:33:36.0393 0880	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys
22:33:36.0534 0880	cdfs - ok
22:33:36.0580 0880	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys
22:33:36.0643 0880	cdrom - ok
22:33:36.0674 0880	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys
22:33:36.0768 0880	circlass - ok
22:33:36.0814 0880	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys
22:33:36.0908 0880	CLFS - ok
22:33:36.0955 0880	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys
22:33:37.0002 0880	CmBatt - ok
22:33:37.0048 0880	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys
22:33:37.0095 0880	cmdide - ok
22:33:37.0142 0880	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys
22:33:37.0236 0880	CNG - ok
22:33:37.0267 0880	Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys
22:33:37.0329 0880	Compbatt - ok
22:33:37.0360 0880	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys
22:33:37.0454 0880	CompositeBus - ok
22:33:37.0485 0880	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys
22:33:37.0548 0880	crcdisk - ok
22:33:37.0641 0880	DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys
22:33:37.0782 0880	DfsC - ok
22:33:37.0828 0880	discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys
22:33:37.0938 0880	discache - ok
22:33:37.0969 0880	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys
22:33:38.0062 0880	Disk - ok
22:33:38.0125 0880	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys
22:33:38.0156 0880	drmkaud - ok
22:33:38.0218 0880	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys
22:33:38.0343 0880	DXGKrnl - ok
22:33:38.0484 0880	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys
22:33:38.0624 0880	ebdrv - ok
22:33:38.0671 0880	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys
22:33:38.0780 0880	elxstor - ok
22:33:38.0811 0880	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys
22:33:38.0858 0880	ErrDev - ok
22:33:38.0905 0880	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys
22:33:39.0030 0880	exfat - ok
22:33:39.0061 0880	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys
22:33:39.0170 0880	fastfat - ok
22:33:39.0201 0880	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys
22:33:39.0279 0880	fdc - ok
22:33:39.0326 0880	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys
22:33:39.0420 0880	FileInfo - ok
22:33:39.0451 0880	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys
22:33:39.0560 0880	Filetrace - ok
22:33:39.0591 0880	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys
22:33:39.0669 0880	flpydisk - ok
22:33:39.0701 0880	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys
22:33:39.0779 0880	FltMgr - ok
22:33:39.0825 0880	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys
22:33:39.0903 0880	FsDepends - ok
22:33:39.0935 0880	fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys
22:33:40.0028 0880	fssfltr - ok
22:33:40.0075 0880	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys
22:33:40.0122 0880	Fs_Rec - ok
22:33:40.0184 0880	fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys
22:33:40.0293 0880	fvevol - ok
22:33:40.0325 0880	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys
22:33:40.0403 0880	gagp30kx - ok
22:33:40.0465 0880	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys
22:33:40.0543 0880	hcw85cir - ok
22:33:40.0590 0880	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys
22:33:40.0668 0880	HdAudAddService - ok
22:33:40.0699 0880	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys
22:33:40.0761 0880	HDAudBus - ok
22:33:40.0808 0880	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys
22:33:40.0871 0880	HidBatt - ok
22:33:40.0902 0880	HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys
22:33:40.0980 0880	HidBth - ok
22:33:41.0011 0880	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys
22:33:41.0089 0880	HidIr - ok
22:33:41.0151 0880	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys
22:33:41.0229 0880	HidUsb - ok
22:33:41.0292 0880	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys
22:33:41.0370 0880	HpSAMD - ok
22:33:41.0510 0880	HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys
22:33:41.0666 0880	HTTP - ok
22:33:41.0713 0880	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys
22:33:41.0760 0880	hwpolicy - ok
22:33:41.0791 0880	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys
22:33:41.0916 0880	i8042prt - ok
22:33:41.0978 0880	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys
22:33:42.0072 0880	iaStorV - ok
22:33:42.0259 0880	igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys
22:33:42.0571 0880	igfx - ok
22:33:42.0680 0880	iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys
22:33:42.0758 0880	iirsp - ok
22:33:42.0899 0880	IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys
22:33:43.0148 0880	IntcAzAudAddService - ok
22:33:43.0179 0880	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys
22:33:43.0226 0880	intelide - ok
22:33:43.0257 0880	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys
22:33:43.0351 0880	intelppm - ok
22:33:43.0382 0880	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys
22:33:43.0523 0880	IpFilterDriver - ok
22:33:43.0585 0880	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys
22:33:43.0694 0880	IPMIDRV - ok
22:33:43.0725 0880	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys
22:33:43.0835 0880	IPNAT - ok
22:33:43.0881 0880	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys
22:33:43.0944 0880	IRENUM - ok
22:33:43.0975 0880	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys
22:33:44.0053 0880	isapnp - ok
22:33:44.0115 0880	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys
22:33:44.0178 0880	iScsiPrt - ok
22:33:44.0209 0880	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys
22:33:44.0303 0880	kbdclass - ok
22:33:44.0334 0880	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys
22:33:44.0427 0880	kbdhid - ok
22:33:44.0474 0880	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys
22:33:44.0568 0880	KSecDD - ok
22:33:44.0630 0880	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys
22:33:44.0755 0880	KSecPkg - ok
22:33:44.0833 0880	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys
22:33:44.0973 0880	lltdio - ok
22:33:45.0036 0880	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys
22:33:45.0129 0880	LSI_FC - ok
22:33:45.0161 0880	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys
22:33:45.0254 0880	LSI_SAS - ok
22:33:45.0270 0880	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys
22:33:45.0348 0880	LSI_SAS2 - ok
22:33:45.0379 0880	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys
22:33:45.0473 0880	LSI_SCSI - ok
22:33:45.0504 0880	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys
22:33:45.0660 0880	luafv - ok
22:33:45.0691 0880	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys
22:33:45.0753 0880	megasas - ok
22:33:45.0785 0880	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys
22:33:45.0847 0880	MegaSR - ok
22:33:45.0894 0880	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys
22:33:46.0003 0880	Modem - ok
22:33:46.0019 0880	monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys
22:33:46.0112 0880	monitor - ok
22:33:46.0143 0880	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys
22:33:46.0221 0880	mouclass - ok
22:33:46.0253 0880	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys
22:33:46.0331 0880	mouhid - ok
22:33:46.0393 0880	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys
22:33:46.0502 0880	mountmgr - ok
22:33:46.0596 0880	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys
22:33:46.0705 0880	MpFilter - ok
22:33:46.0752 0880	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys
22:33:46.0877 0880	mpio - ok
22:33:46.0923 0880	MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys
22:33:47.0001 0880	MpNWMon - ok
22:33:47.0033 0880	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys
22:33:47.0157 0880	mpsdrv - ok
22:33:47.0220 0880	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys
22:33:47.0313 0880	MRxDAV - ok
22:33:47.0345 0880	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys
22:33:47.0407 0880	mrxsmb - ok
22:33:47.0454 0880	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys
22:33:47.0547 0880	mrxsmb10 - ok
22:33:47.0579 0880	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys
22:33:47.0703 0880	mrxsmb20 - ok
22:33:47.0750 0880	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys
22:33:47.0797 0880	msahci - ok
22:33:47.0844 0880	msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys
22:33:47.0906 0880	msdsm - ok
22:33:47.0984 0880	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys
22:33:48.0093 0880	Msfs - ok
22:33:48.0125 0880	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys
22:33:48.0203 0880	mshidkmdf - ok
22:33:48.0234 0880	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys
22:33:48.0281 0880	msisadrv - ok
22:33:48.0312 0880	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys
22:33:48.0421 0880	MSKSSRV - ok
22:33:48.0452 0880	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys
22:33:48.0530 0880	MSPCLOCK - ok
22:33:48.0546 0880	MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys
22:33:48.0624 0880	MSPQM - ok
22:33:48.0655 0880	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys
22:33:48.0811 0880	MsRPC - ok
22:33:48.0858 0880	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys
22:33:48.0936 0880	mssmbios - ok
22:33:48.0967 0880	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys
22:33:49.0029 0880	MSTEE - ok
22:33:49.0061 0880	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys
22:33:49.0123 0880	MTConfig - ok
22:33:49.0154 0880	Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys
22:33:49.0248 0880	Mup - ok
22:33:49.0295 0880	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys
22:33:49.0373 0880	NativeWifiP - ok
22:33:49.0435 0880	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys
22:33:49.0560 0880	NDIS - ok
22:33:49.0591 0880	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys
22:33:49.0700 0880	NdisCap - ok
22:33:49.0731 0880	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys
22:33:49.0841 0880	NdisTapi - ok
22:33:49.0887 0880	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys
22:33:50.0028 0880	Ndisuio - ok
22:33:50.0075 0880	NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys
22:33:50.0184 0880	NdisWan - ok
22:33:50.0231 0880	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys
22:33:50.0355 0880	NDProxy - ok
22:33:50.0402 0880	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys
22:33:50.0527 0880	NetBIOS - ok
22:33:50.0574 0880	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys
22:33:50.0730 0880	NetBT - ok
22:33:50.0808 0880	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys
22:33:50.0886 0880	nfrd960 - ok
22:33:50.0917 0880	NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys
22:33:51.0011 0880	NisDrv - ok
22:33:51.0057 0880	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys
22:33:51.0182 0880	Npfs - ok
22:33:51.0213 0880	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys
22:33:51.0323 0880	nsiproxy - ok
22:33:51.0401 0880	Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys
22:33:51.0837 0880	Ntfs - ok
22:33:51.0869 0880	Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys
22:33:51.0947 0880	Null - ok
22:33:51.0978 0880	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys
22:33:52.0103 0880	nvraid - ok
22:33:52.0149 0880	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys
22:33:52.0274 0880	nvstor - ok
22:33:52.0305 0880	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys
22:33:52.0383 0880	nv_agp - ok
22:33:52.0446 0880	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys
22:33:52.0539 0880	ohci1394 - ok
22:33:52.0602 0880	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys
22:33:52.0711 0880	Parport - ok
22:33:52.0758 0880	partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys
22:33:52.0851 0880	partmgr - ok
22:33:52.0883 0880	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys
22:33:52.0945 0880	Parvdm - ok
22:33:52.0992 0880	pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys
22:33:53.0054 0880	pci - ok
22:33:53.0085 0880	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys
22:33:53.0132 0880	pciide - ok
22:33:53.0163 0880	pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys
22:33:53.0241 0880	pcmcia - ok
22:33:53.0273 0880	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys
22:33:53.0351 0880	pcw - ok
22:33:53.0397 0880	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys
22:33:53.0538 0880	PEAUTH - ok
22:33:53.0663 0880	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys
22:33:53.0819 0880	PptpMiniport - ok
22:33:53.0850 0880	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys
22:33:53.0943 0880	Processor - ok
22:33:54.0006 0880	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys
22:33:54.0162 0880	Psched - ok
22:33:54.0224 0880	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys
22:33:54.0396 0880	ql2300 - ok
22:33:54.0411 0880	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys
22:33:54.0536 0880	ql40xx - ok
22:33:54.0567 0880	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys
22:33:54.0661 0880	QWAVEdrv - ok
22:33:54.0677 0880	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys
22:33:54.0801 0880	RasAcd - ok
22:33:54.0848 0880	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys
22:33:54.0973 0880	RasAgileVpn - ok
22:33:55.0004 0880	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys
22:33:55.0160 0880	Rasl2tp - ok
22:33:55.0191 0880	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys
22:33:55.0301 0880	RasPppoe - ok
22:33:55.0347 0880	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys
22:33:55.0488 0880	RasSstp - ok
22:33:55.0550 0880	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys
22:33:55.0659 0880	rdbss - ok
22:33:55.0691 0880	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys
22:33:55.0769 0880	rdpbus - ok
22:33:55.0815 0880	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys
22:33:55.0878 0880	RDPCDD - ok
22:33:55.0925 0880	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys
22:33:56.0003 0880	RDPENCDD - ok
22:33:56.0034 0880	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys
22:33:56.0112 0880	RDPREFMP - ok
22:33:56.0143 0880	RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys
22:33:56.0330 0880	RDPWD - ok
22:33:56.0377 0880	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys
22:33:56.0549 0880	rdyboost - ok
22:33:56.0611 0880	RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys
22:33:56.0689 0880	RFCOMM - ok
22:33:56.0751 0880	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys
22:33:56.0892 0880	rspndr - ok
22:33:56.0923 0880	RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys
22:33:57.0048 0880	RTL8167 - ok
22:33:57.0095 0880	SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys
22:33:57.0141 0880	SABI - ok
22:33:57.0204 0880	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys
22:33:57.0313 0880	sbp2port - ok
22:33:57.0375 0880	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys
22:33:57.0469 0880	scfilter - ok
22:33:57.0531 0880	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys
22:33:57.0641 0880	secdrv - ok
22:33:57.0687 0880	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys
22:33:57.0750 0880	Serenum - ok
22:33:57.0765 0880	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys
22:33:57.0953 0880	Serial - ok
22:33:57.0999 0880	sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys
22:33:58.0062 0880	sermouse - ok
22:33:58.0124 0880	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys
22:33:58.0187 0880	sffdisk - ok
22:33:58.0218 0880	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys
22:33:58.0265 0880	sffp_mmc - ok
22:33:58.0311 0880	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys
22:33:58.0374 0880	sffp_sd - ok
22:33:58.0405 0880	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys
22:33:58.0467 0880	sfloppy - ok
22:33:58.0530 0880	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys
22:33:58.0608 0880	sisagp - ok
22:33:58.0639 0880	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys
22:33:58.0701 0880	SiSRaid2 - ok
22:33:58.0717 0880	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys
22:33:58.0811 0880	SiSRaid4 - ok
22:33:58.0826 0880	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys
22:33:58.0998 0880	Smb - ok
22:33:59.0060 0880	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys
22:33:59.0123 0880	spldr - ok
22:33:59.0201 0880	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys
22:33:59.0294 0880	srv - ok
22:33:59.0325 0880	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys
22:33:59.0403 0880	srv2 - ok
22:33:59.0435 0880	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys
22:33:59.0513 0880	srvnet - ok
22:33:59.0559 0880	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys
22:33:59.0622 0880	stexstor - ok
22:33:59.0653 0880	swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys
22:33:59.0715 0880	swenum - ok
22:33:59.0778 0880	SynTP           (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys
22:33:59.0856 0880	SynTP - ok
22:33:59.0981 0880	Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys
22:34:00.0137 0880	Tcpip - ok
22:34:00.0215 0880	TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys
22:34:00.0339 0880	TCPIP6 - ok
22:34:00.0386 0880	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys
22:34:00.0495 0880	tcpipreg - ok
22:34:00.0573 0880	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys
22:34:00.0667 0880	TDPIPE - ok
22:34:00.0683 0880	TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys
22:34:00.0792 0880	TDTCP - ok
22:34:00.0854 0880	tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys
22:34:00.0995 0880	tdx - ok
22:34:01.0041 0880	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys
22:34:01.0135 0880	TermDD - ok
22:34:01.0229 0880	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys
22:34:01.0353 0880	tssecsrv - ok
22:34:01.0400 0880	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys
22:34:01.0478 0880	TsUsbFlt - ok
22:34:01.0541 0880	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys
22:34:01.0634 0880	tunnel - ok
22:34:01.0681 0880	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys
22:34:01.0775 0880	uagp35 - ok
22:34:01.0837 0880	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys
22:34:01.0931 0880	udfs - ok
22:34:02.0009 0880	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys
22:34:02.0102 0880	uliagpkx - ok
22:34:02.0149 0880	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys
22:34:02.0227 0880	umbus - ok
22:34:02.0258 0880	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys
22:34:02.0289 0880	UmPass - ok
22:34:02.0336 0880	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys
22:34:02.0445 0880	usbccgp - ok
22:34:02.0492 0880	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys
22:34:02.0555 0880	usbcir - ok
22:34:02.0586 0880	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys
22:34:02.0679 0880	usbehci - ok
22:34:02.0726 0880	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys
22:34:02.0804 0880	usbhub - ok
22:34:02.0835 0880	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys
22:34:02.0898 0880	usbohci - ok
22:34:02.0929 0880	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys
22:34:03.0007 0880	usbprint - ok
22:34:03.0023 0880	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS
22:34:03.0147 0880	USBSTOR - ok
22:34:03.0179 0880	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys
22:34:03.0241 0880	usbuhci - ok
22:34:03.0288 0880	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys
22:34:03.0350 0880	usbvideo - ok
22:34:03.0413 0880	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys
22:34:03.0491 0880	vdrvroot - ok
22:34:03.0537 0880	vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys
22:34:03.0615 0880	vga - ok
22:34:03.0647 0880	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys
22:34:03.0756 0880	VgaSave - ok
22:34:03.0787 0880	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys
22:34:03.0865 0880	vhdmp - ok
22:34:03.0896 0880	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys
22:34:03.0974 0880	viaagp - ok
22:34:04.0021 0880	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys
22:34:04.0099 0880	ViaC7 - ok
22:34:04.0130 0880	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys
22:34:04.0177 0880	viaide - ok
22:34:04.0224 0880	VMC326          (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys
22:34:04.0333 0880	VMC326 - ok
22:34:04.0380 0880	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys
22:34:04.0458 0880	volmgr - ok
22:34:04.0505 0880	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys
22:34:04.0567 0880	volmgrx - ok
22:34:04.0629 0880	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys
22:34:04.0692 0880	volsnap - ok
22:34:04.0739 0880	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys
22:34:04.0879 0880	vsmraid - ok
22:34:04.0926 0880	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys
22:34:04.0988 0880	vwifibus - ok
22:34:05.0019 0880	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys
22:34:05.0129 0880	vwififlt - ok
22:34:05.0160 0880	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys
22:34:05.0238 0880	WacomPen - ok
22:34:05.0285 0880	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:34:05.0441 0880	WANARP - ok
22:34:05.0456 0880	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys
22:34:05.0612 0880	Wanarpv6 - ok
22:34:05.0675 0880	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys
22:34:05.0737 0880	Wd - ok
22:34:05.0768 0880	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys
22:34:05.0862 0880	Wdf01000 - ok
22:34:05.0955 0880	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys
22:34:06.0049 0880	WfpLwf - ok
22:34:06.0080 0880	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys
22:34:06.0143 0880	WIMMount - ok
22:34:06.0267 0880	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys
22:34:06.0330 0880	WmiAcpi - ok
22:34:06.0408 0880	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys
22:34:06.0501 0880	ws2ifsl - ok
22:34:06.0595 0880	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys
22:34:06.0751 0880	WudfPf - ok
22:34:06.0782 0880	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys
22:34:06.0876 0880	WUDFRd - ok
22:34:06.0969 0880	yukonw7         (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys
22:34:07.0047 0880	yukonw7 - ok
22:34:07.0125 0880	MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0
22:34:07.0765 0880	\Device\Harddisk0\DR0 - ok
22:34:07.0781 0880	MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1
22:34:09.0434 0880	\Device\Harddisk1\DR1 - ok
22:34:09.0450 0880	Boot (0x1200)   (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0
22:34:09.0450 0880	\Device\Harddisk0\DR0\Partition0 - ok
22:34:09.0512 0880	Boot (0x1200)   (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1
22:34:09.0512 0880	\Device\Harddisk0\DR0\Partition1 - ok
22:34:09.0543 0880	Boot (0x1200)   (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2
22:34:09.0543 0880	\Device\Harddisk0\DR0\Partition2 - ok
22:34:09.0559 0880	Boot (0x1200)   (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0
22:34:09.0559 0880	\Device\Harddisk1\DR1\Partition0 - ok
22:34:09.0559 0880	============================================================
22:34:09.0559 0880	Scan finished
22:34:09.0559 0880	============================================================
22:34:09.0590 2440	Detected object count: 0
22:34:09.0590 2440	Actual detected object count: 0
         

Alt 19.02.2012, 18:22   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.02.2012, 18:56   #11
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

hier das Log:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-19.02 - Annette 19.02.2012  18:33:03.1.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.218 [GMT 1:00]
ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-19 bis 2012-02-19  ))))))))))))))))))))))))))))))
.
.
2012-02-19 17:45 . 2012-02-19 17:46	--------	d-----w-	c:\users\Annette\AppData\Local\temp
2012-02-19 17:45 . 2012-02-19 17:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-19 17:28 . 2012-02-19 17:28	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys
2012-02-17 21:25 . 2012-02-17 21:25	98992	----a-w-	c:\windows\system32\drivers\90963350.sys
2012-02-17 20:50 . 2012-02-17 20:50	--------	d-----w-	C:\_OTL
2012-02-17 18:24 . 2012-02-17 18:24	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-02-17 18:14 . 2012-02-09 12:17	713784	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll
2012-02-17 18:12 . 2012-01-17 03:39	6557240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll
2012-02-17 18:07 . 2012-02-17 18:07	--------	d-----w-	c:\program files\Microsoft Security Client
2012-02-17 18:01 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll
2012-02-15 20:00 . 2012-02-15 20:00	100864	----a-w-	C:\fgdiqfow.sys
2012-02-15 18:39 . 2012-02-15 18:39	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-02-15 18:18 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 18:17 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 18:17 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 18:12 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 18:00 . 2012-02-15 18:00	--------	d-----w-	c:\users\Annette\AppData\Local\WindowsUpdate
2012-02-15 17:49 . 2012-02-15 17:49	--------	d-----w-	c:\program files\Common Files\Java
2012-02-15 17:47 . 2012-02-15 17:47	--------	d-----w-	c:\program files\Java
2012-01-30 19:19 . 2012-01-30 19:19	--------	d-----w-	c:\windows\system32\SPReview
2012-01-30 19:18 . 2012-01-30 19:18	--------	d-----w-	c:\windows\system32\EventProviders
2012-01-30 19:09 . 2012-01-30 19:09	--------	d-----w-	c:\windows\Sun
2012-01-30 19:08 . 2012-02-15 17:47	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-30 19:02 . 2012-01-30 19:02	--------	d-----w-	c:\users\Annette\AppData\Roaming\Malwarebytes
2012-01-30 19:01 . 2012-01-30 19:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-30 19:01 . 2012-02-15 17:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-30 19:01 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 19:07 . 2011-06-11 15:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-22 12:57	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-30 19:36 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-11-25 09:38 . 2011-11-25 09:38	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S1 MpKslf3ea59bb;MpKslf3ea59bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys [2012-02-19 29904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLF3EA59BB
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
yksvcs	REG_MULTI_SZ   	yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-02-19  18:52:38
ComboFix-quarantined-files.txt  2012-02-19 17:52
.
Vor Suchlauf: 7 Verzeichnis(se), 48.020.451.328 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.660.769.280 Bytes frei
.
- - End Of File - - 87B385C7F538C8E161B2E94A87158584
         
--- --- ---



Liebe Grüße

Alt 19.02.2012, 19:37   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
Filelook::
c:\windows\system32\drivers\90963350.sys
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.02.2012, 20:09   #13
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

hier das Log:


Combofix Logfile:
Code:
ATTFilter
ComboFix 12-02-19.02 - Annette 19.02.2012  19:46:41.2.2 - x86
Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.316 [GMT 1:00]
ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Annette\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-19 bis 2012-02-19  ))))))))))))))))))))))))))))))
.
.
2012-02-19 19:00 . 2012-02-19 19:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-19 18:43 . 2012-02-19 18:43	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys
2012-02-19 17:52 . 2012-02-19 19:00	--------	d-----w-	c:\users\Annette\AppData\Local\temp
2012-02-17 21:25 . 2012-02-17 21:25	98992	----a-w-	c:\windows\system32\drivers\90963350.sys
2012-02-17 20:50 . 2012-02-17 20:50	--------	d-----w-	C:\_OTL
2012-02-17 18:24 . 2012-02-17 18:24	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-02-17 18:14 . 2012-02-09 12:17	713784	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll
2012-02-17 18:12 . 2012-01-17 03:39	6557240	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll
2012-02-17 18:07 . 2012-02-17 18:07	--------	d-----w-	c:\program files\Microsoft Security Client
2012-02-17 18:01 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll
2012-02-15 20:00 . 2012-02-15 20:00	100864	----a-w-	C:\fgdiqfow.sys
2012-02-15 18:39 . 2012-02-15 18:39	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2012-02-15 18:18 . 2012-01-04 08:58	442880	----a-w-	c:\windows\system32\ntshrui.dll
2012-02-15 18:17 . 2011-12-16 07:52	690688	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 18:17 . 2011-12-30 05:27	478720	----a-w-	c:\windows\system32\timedate.cpl
2012-02-15 18:12 . 2012-01-14 03:35	2343424	----a-w-	c:\windows\system32\win32k.sys
2012-02-15 18:00 . 2012-02-15 18:00	--------	d-----w-	c:\users\Annette\AppData\Local\WindowsUpdate
2012-02-15 17:49 . 2012-02-15 17:49	--------	d-----w-	c:\program files\Common Files\Java
2012-02-15 17:47 . 2012-02-15 17:47	--------	d-----w-	c:\program files\Java
2012-01-30 19:19 . 2012-01-30 19:19	--------	d-----w-	c:\windows\system32\SPReview
2012-01-30 19:18 . 2012-01-30 19:18	--------	d-----w-	c:\windows\system32\EventProviders
2012-01-30 19:09 . 2012-01-30 19:09	--------	d-----w-	c:\windows\Sun
2012-01-30 19:08 . 2012-02-15 17:47	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-30 19:02 . 2012-01-30 19:02	--------	d-----w-	c:\users\Annette\AppData\Roaming\Malwarebytes
2012-01-30 19:01 . 2012-01-30 19:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-30 19:01 . 2012-02-15 17:45	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-01-30 19:01 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 19:07 . 2011-06-11 15:54	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-31 12:44 . 2010-11-22 12:57	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-30 19:36 . 2009-07-14 02:05	152576	----a-w-	c:\windows\system32\msclmd.dll
2011-11-25 09:38 . 2011-11-25 09:38	158056	----a-w-	c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin
.
.
((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\90963350.sys ---
Company: Kaspersky Lab, GERT
File Description: Kaspersky Lab Mini Driver
File Version: 2.7.1.0 built by: WinDDK
Product Name: Kaspersky Lab Mini Driver
Copyright: Copyright (c) Kaspersky Lab, GERT
Original Filename: klmd.sys
File size: 98992
Created time: 2012-02-17 21:25
Modified time: 2012-02-17 21:25
MD5: 58169FFB207940D4D84B4E85DB02CC1E
SHA1: DFB45534DC9AD266F0C5ECD2DBC4AFB3BA564BC5
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]
S1 MpKslcf3b93dd;MpKslcf3b93dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys [2012-02-19 29904]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSLCF3B93DD
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
yksvcs	REG_MULTI_SZ   	yksvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 82.212.62.62 78.42.43.62
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1028)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Zeit der Fertigstellung: 2012-02-19  20:07:01
ComboFix-quarantined-files.txt  2012-02-19 19:07
ComboFix2.txt  2012-02-19 17:52
.
Vor Suchlauf: 10 Verzeichnis(se), 47.706.501.120 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 47.290.368.000 Bytes frei
.
- - End Of File - - A6327BFB7E9C001A6B870466E3B00B05
         
--- --- ---

Alt 19.02.2012, 20:14   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.02.2012, 22:30   #15
lilalaune
 
3x Trojan.VUPX.Gen - Standard

3x Trojan.VUPX.Gen



Hallo cosinus,

hier deine Scans:

GMER:


GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-02-19 21:17:03
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11
Running: sp8si1jh.exe; Driver: C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                    81C549A9 1 Byte  [06]
.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           81C744E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              A4B15000 282 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 50AB                                                              A4B1511B 7 Bytes  CALL A4B232D6 \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)
PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              A4B15123 629 Bytes  [05, B1, A4, FE, 05, 34, 05, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              A4B15399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                              A4B153FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE            ...                                                                                              

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000071                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004b                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\0000006f                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Threads - GMER 1.0.15 ----

Thread          System [4:1584]                                                                                  A4B22F2E

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6b84                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd60786                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91a3e                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fe91bf                      
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6b84 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd60786 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91a3e (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fe91bf (not active ControlSet)  
Reg             HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_089a143b

---- EOF - GMER 1.0.15 ----
         
--- --- ---



OSAM:


OSAM Logfile:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:26:00 on 19.02.2012

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"aswMBR" (aswMBR) - ? - C:\Users\Annette\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)
"catchme" (catchme) - ? - C:\Users\Annette\AppData\Local\Temp\catchme.sys  (File not found)
"fgdiqfow" (fgdiqfow) - ? - C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys  (Hidden registry entry, rootkit activity | File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys
"MpKsl0cff5102" (MpKsl0cff5102) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

===[ Logfile end ]=========================================[ Logfile end ]===
         
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru


aswMBR:

Code:
ATTFilter
aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-19 22:03:09
-----------------------------
22:03:09.877    OS Version: Windows 6.1.7601 Service Pack 1
22:03:09.877    Number of processors: 2 586 0x1C02
22:03:09.877    ComputerName: ANNETTE-PC  UserName: Annette
22:03:10.438    Initialize success
22:04:07.987    AVAST engine defs: 12021901
22:04:13.307    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:04:13.307    Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3
22:04:13.588    Disk 0 MBR read successfully
22:04:13.603    Disk 0 MBR scan
22:04:13.712    Disk 0 unknown MBR code
22:04:13.790    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
22:04:13.978    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
22:04:14.134    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        68581 MB offset 31664128
22:04:14.305    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        68584 MB offset 172118016
22:04:14.570    Disk 0 scanning sectors +312578048
22:04:15.163    Disk 0 scanning C:\windows\system32\drivers
22:05:44.817    Service scanning
22:06:09.808    Service MpKsl0cff5102 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys **LOCKED** 32
22:06:10.479    Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
22:06:41.024    Modules scanning
22:08:13.500    Disk 0 trace - called modules:
22:08:13.578    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys 
22:08:13.594    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84411a00]
22:08:13.610    3 CLASSPNP.SYS[8767259e] -> nt!IofCallDriver -> [0x83f9c408]
22:08:13.641    5 ACPI.sys[86e253d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83fa5030]
22:08:14.343    AVAST engine scan C:\windows
22:08:52.001    AVAST engine scan C:\windows\system32
22:19:11.166    AVAST engine scan C:\windows\system32\drivers
22:19:46.891    AVAST engine scan C:\Users\Annette
22:24:36.115    AVAST engine scan C:\ProgramData
22:25:33.445    Scan finished successfully
22:27:37.122    Disk 0 MBR has been saved successfully to "E:\MBR.dat"
22:27:37.325    The log file has been saved successfully to "E:\aswMBR.txt"
         
Liebe Grüße

Antwort

Themen zu 3x Trojan.VUPX.Gen
administrator, brand, cpu, dateien, dateisystem, defender, druck, error, excel, explorer, firefox, flash player, gelöscht, helper, heuristiks/extra, heuristiks/shuriken, home, hängt, ics, installation, löschen, malwarebytes, microsoft, mozilla, office 2007, plug-in, server, software, svchost.exe, system32, temp, windows 7 starter




Ähnliche Themen: 3x Trojan.VUPX.Gen


  1. [Win XP] botnet: ntp-muliplier; desinfect: Trojan.Script.Iframer, Trojan.Heur.TP, Win.Trojan.Iniduoh, Win.Trojan.Ramnit
    Log-Analyse und Auswertung - 08.02.2014 (16)
  2. Mehrere Trojaner im Temp Ordner (Trojan.Citadel.IE, Trojan.Ransom.CT, Trojan.Zlob)
    Log-Analyse und Auswertung - 14.04.2013 (7)
  3. Trojan.Ransom.ED, Trojan.Agent.ED, Trojan.FakeMS.PRGen und Bublik b. durch Email erhalten?
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (29)
  4. Vista: Trojan.Ransom.Gen; Trojan.0Access; Trojan.Agent; Firewall inaktiv
    Plagegeister aller Art und deren Bekämpfung - 28.03.2013 (3)
  5. BKA-Trojaner u.a. (Trojan.Bublik, Trojan-Ransom.Foreign, Worm.Cridex, Trojan.Yakes)
    Log-Analyse und Auswertung - 17.03.2013 (4)
  6. TR/ATRAPS.Gen und TR/Kazy durch Antivir gemeldet; ferner Trojan.Agent.MRGGen, Trojan.0Access, Trojan.Dropper.BCMiner
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (10)
  7. Wohl mehrere Viren: Rootkit.0Access Trojan.Zaccess Trojan.RansomP.Gen Trojan.Agent bzw. TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 25.09.2012 (13)
  8. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  9. EXP/2008-5353.AO TR/Kazy.80527.3 Trojan.BT.Soft.Gen Trojan.Banker Trojan.Agent
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (5)
  10. Spam mails vom computer? Trojan.sirefef, Trojan.dropper, trojan.small, etc.etc.
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (13)
  11. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  12. Windows gesperrt, BKA Virus, Trojan.Agent, Heuristics Shuriken, trojan.vupx.pl1 etc.
    Log-Analyse und Auswertung - 04.03.2012 (3)
  13. 79bjm5me7g.exe (Trojan.VUPX.Gen) --> lässt sich auch nicht mit MB Antimaleware löschen
    Log-Analyse und Auswertung - 01.03.2012 (36)
  14. Vupx.pti1
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (1)
  15. Trojan.Agent, Trojan.FakeAltert, Trojan.Hiloti.Gen gefunden und gelöscht,aber wirklich weg?
    Log-Analyse und Auswertung - 27.04.2011 (11)
  16. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  17. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)

Zum Thema 3x Trojan.VUPX.Gen - MalwareBytes QuickScan: Code: Alles auswählen Aufklappen ATTFilter Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Datenbank Version: v2012.01.30.03 Windows 7 x86 NTFS Internet Explorer 8.0.7600.16385 Annette :: ANNETTE-PC [Administrator] 30.01.2012 20:03:11 mbam-log-2012-01-30 (20-03-11).txt Art - 3x Trojan.VUPX.Gen...
Archiv
Du betrachtest: 3x Trojan.VUPX.Gen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.