| |
| |||||||
Log-Analyse und Auswertung: BKA Klon VirusWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.03.2012, 18:58
| #1 |
 |  BKA Klon Virus hallo, seit gestern habe ich auf dem laptop meiner schwester diesen fiesen virus drauf ich habe keine ahnung wie ich den entfernen kann bzw. soll , zu dem hat meine schwester auch ein paar wichtige daten auf dem laptop kann ich die daten ohne schlechten gewissen auf einen stick packen ? nicht das die verseucht sind . bringt die option "wiederherstellung" was ? oder hilft da nur neu aufsetzen ? zu dem problem wenn ich windows normal starte kommt die anzeige das mein system verseucht sei und ich 50€ bezahlen soll via ukash oder paysafe. Alles andere funktioniert nicht ich kann mit taskmanager auch nicht den prozess killen das programm blockiert alles. ich habe einen hijackthis-log gemacht aber im abgesicherten modus kA ob das wichtig unwichtig ist . benutze win7 habe anti vir laufen lass hat aber nix gefunden . mfg |
|
12.03.2012, 20:23
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | BKA Klon Virus Hijackthis interessiert uns nicht!
__________________Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung
__________________ |
|
12.03.2012, 20:29
| #3 |
| | BKA Klon Virus ja das funktioniert
__________________Ich will einen OTL scan machen will aber im abgesicherten modus nicht funktionieren das programm hängt sich auf Geändert von wizK (12.03.2012 um 20:36 Uhr) |
|
12.03.2012, 20:39
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Klon Virus na wenn der Modus geht wirst du erstmal MBAM/ESET probieren können: Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen! Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden. Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.03.2012, 21:34
| #5 |
| | BKA Klon Virus malware bytes hat nix gefunden log habe ich hochgeladen OTL log ist auch hochgeladen mache nun den eset scan |
|
13.03.2012, 02:58
| #6 |
| | BKA Klon VirusCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ec0cf7fecdd0be49908caef9261f5d14
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-12 10:26:56
# local_time=2012-03-12 11:26:56 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 9195789 9195789 0 0
# compatibility_mode=5893 16776573 100 94 94384 83216144 0 0
# compatibility_mode=8192 67108863 100 0 3891 3891 0 0
# scanned=92151
# found=0
# cleaned=0
# scan_time=6369
|
|
13.03.2012, 03:20
| #7 |
| | BKA Klon Virus habe windows nun auch normal gestartet und das problem ist nun weg , heißt das auch das es komplett weg ist ? lasse noch mal maleware rüber laufen. |
|
13.03.2012, 16:56
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Klon Virus CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.03.2012, 20:49
| #9 |
| | BKA Klon Virus so bitteschön. Code:
ATTFilter OTL logfile created on: 13.03.2012 20:10:46 - Run 2 OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\Kalkan\Desktop Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,42 Mb Total Physical Memory | 247,38 Mb Available Physical Memory | 24,41% Memory free 1,99 Gb Paging File | 0,89 Gb Available in Paging File | 44,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 149,04 Gb Total Space | 120,03 Gb Free Space | 80,53% Space Free | Partition Type: NTFS Drive D: | 148,65 Gb Total Space | 141,36 Gb Free Space | 95,10% Space Free | Partition Type: NTFS Drive E: | 7,46 Gb Total Space | 2,10 Gb Free Space | 28,20% Space Free | Partition Type: FAT32 Computer Name: KALKAN-TOSH | User Name: Kalkan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Kalkan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) PRC - C:\Programme\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) PRC - C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - c:\Programme\Nero\Update\NASvc.exe (Nero AG) PRC - C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) PRC - C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) PRC - C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe (TOSHIBA Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) PRC - C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION) PRC - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\b7bf9745b6ac67086c7364ee34174c51\System.Management.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e558d70a5dbc430b5a2904eec156749d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\35b997b2652f8f564b062e6a6e59055f\System.Xml.Linq.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b74e1ad9110a39851b12cb46b3954163\System.Xaml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\659bc287f3b51e5e604208ce93d983ec\Microsoft.VisualBasic.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\f01c5c76d0a19516a37b7bd191a02cda\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\075d9c27aa02085fef8983b5f5f85834\System.ServiceProcess.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a595aa31f93ed043fd02ec9d8ff40b32\System.Web.Services.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bdf555b4cfed144a3b0b60e0308cbf2b\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\37cfa5ae8473995db30414fa29167c28\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\6be8cdc102f384653338279eff1f78fd\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a588133985ef7510d4cc8cc7924f8ec3\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\1702c5e18cdd96c022d87c38561f19c9\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\edfa0f31cc4950e16011ecb549f553f7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\b6ac99f2787a9a672d7a696ef25588ee\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9d5b252266a6084a611b2be84fac9e1c\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9c4788acc8f93c33214865395cee2e1c\System.ni.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a774bd593b8420bae4a8cf1d46af3ba2\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll () MOD - C:\Programme\TOSHIBA\TOSHIBA Places Icon Utility\de\TosDILangPack.resources.dll () MOD - C:\Programme\TOSHIBA\TOSHIBA Places Icon Utility\TosDIInternal.XmlSerializers.dll () MOD - C:\Programme\TOSHIBA\BulletinBoard\TosNcUi.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\TOSHIBA\FlashCards\BlackPng.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\TOSHIBA\TECO\TecoPower.dll () MOD - C:\Programme\TOSHIBA\FlashCards\Hotkey\FnF11.dll () MOD - C:\Programme\TOSHIBA\FlashCards\Hotkey\FnF10.dll () MOD - C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll () ========== Win32 Services (SafeList) ========== SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) -- C:\Program Files\Toshiba TEMPRO\TemproSvc.exe (Toshiba Europe GmbH) SRV - (NAUpdate) -- c:\Program Files\Nero\Update\NASvc.exe (Nero AG) SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation) SRV - (TOSHIBA eco Utility Service) -- C:\Program Files\TOSHIBA\TECO\TecoService.exe (TOSHIBA Corporation) SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation) SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (IconMan_R) -- C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (TMachInfo) -- C:\Programme\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation) SRV - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation) SRV - (cfWiMAXService) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe (TOSHIBA CORPORATION) SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ConfigFree Service) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (PGEffect) -- C:\Windows\System32\drivers\PGEffect.sys (TOSHIBA Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\system32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (RTL8192Ce) -- C:\Windows\System32\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation) DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation) DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation) DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation) DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.) DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {1A215521-F9CA-467A-BF9C-4E711FEF81BA} IE - HKLM\..\SearchScopes\{1A215521-F9CA-467A-BF9C-4E711FEF81BA}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba.msn.com IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/places?touch=4&cat=1 [binary data] IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba.msn.com/ IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\..\SearchScopes,DefaultScope = {9C33DA99-CC0A-4391-BA86-2D0AEF12D931} IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\..\SearchScopes\{6D8C40BA-C90E-4162-AAA1-06801A98242E}: "URL" = hxxp://www.amazon.de/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibade-win7-ie-search-21&index=blended&linkCode=ur2 IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\..\SearchScopes\{9C33DA99-CC0A-4391-BA86-2D0AEF12D931}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\..\SearchScopes\{E602C96B-EC76-47C5-BFB6-E53558A8AE18}: "URL" = hxxp://rover.ebay.com/rover/1/707-44556-9400-9/4?satitle={searchTerms} IE - HKU\S-1-5-21-3574710777-1255388082-933519676-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "t-online.de" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Kalkan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.12 21:30:25 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.22 21:08:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kalkan\AppData\Roaming\mozilla\Extensions [2012.01.15 00:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kalkan\AppData\Roaming\mozilla\Firefox\Profiles\cr0spwhl.default\extensions [2012.01.15 00:55:18 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Kalkan\AppData\Roaming\mozilla\Firefox\Profiles\cr0spwhl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.01.15 11:51:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.12 21:30:24 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.01.15 00:51:21 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.15 00:51:21 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.01.15 00:51:21 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.01.15 00:51:21 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.15 00:51:21 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.15 00:51:21 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.) O4 - HKLM..\Run: [KeNotify] C:\Programme\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NBAgent] c:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA) O4 - HKLM..\Run: [TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [Toshiba TEMPRO] C:\Programme\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-19..\Run: [TOPI.EXE] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-20..\Run: [TOPI.EXE] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA) O4 - HKU\S-1-5-21-3574710777-1255388082-933519676-1000..\Run: [Facebook Update] C:\Users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-3574710777-1255388082-933519676-1000..\Run: [TOPI.EXE] C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Programme\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) O4 - Startup: C:\Users\Kalkan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kalkan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Programme\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD717B65-0AF8-4285-ADCF-F8913B8FAB1A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{76BAA8F6-9289-4CCD-A125-82E77F1AF0BB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.13 20:05:42 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Kalkan\Desktop\OTL.exe [2012.03.13 20:03:08 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{94643FAE-89B4-4619-89CC-632170A5231F} [2012.03.13 20:02:31 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{ADCF2B1A-738E-4A40-90DC-998956F54C95} [2012.03.13 03:08:48 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B4DBF71B-BAE6-4945-B59B-9B4B3E1B02CD} [2012.03.13 03:08:19 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{251BF803-C33E-4069-9B95-86C33AB30483} [2012.03.12 21:37:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.12 19:57:32 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{A611685C-AB32-4C8F-8857-76E6F6155217} [2012.03.12 19:29:32 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Roaming\Malwarebytes [2012.03.12 19:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.12 19:29:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.12 19:29:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.12 19:29:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.12 18:37:10 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\ElevatedDiagnostics [2012.03.11 22:24:03 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{6A8A68E8-3879-454D-A0C3-54EDFAA4CC42} [2012.03.11 22:23:38 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{5FDF7EA9-5BFA-4F93-B228-A2017DB3F7E8} [2012.03.11 22:19:08 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{5E8E1BCA-079F-4772-9EEF-502E00C163D2} [2012.03.11 22:18:43 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{A06BAA28-AF6D-4FA6-A578-6643E127A1D6} [2012.03.11 20:32:53 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B1DC0CF4-EEEF-48A7-A669-A3DC5A63F7EA} [2012.03.11 20:32:28 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{F08B0863-5C89-46AA-8D10-0BEF41B738DB} [2012.03.11 18:20:52 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{0ED9F138-0140-489C-917F-876F367EDAAB} [2012.03.11 18:20:29 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{E6ED6CFB-1FBC-4F28-804A-2F9BD8703C88} [2012.03.11 13:45:23 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{A59724AD-433D-4FD3-AD13-20AFE7D5B53C} [2012.03.11 13:44:59 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{938B920B-5C1C-4F74-8C34-5D4815A0B59E} [2012.03.11 01:15:23 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\Desktop\Originals [2012.03.10 22:36:54 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{1AC141E1-3A4E-43AF-A6A9-4C6A923482B4} [2012.03.10 22:36:28 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{2F4788F3-9CC7-45DA-90E7-527D4AA9FA84} [2012.03.09 19:01:37 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{33654BE6-55C6-4085-ACC7-670BF715E9B8} [2012.03.08 19:24:16 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{63CD08D8-5692-4854-B533-C441A52EF67A} [2012.03.08 19:23:50 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{0EB44633-340B-47C2-893D-CA155D845AC4} [2012.03.07 19:04:29 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{33624069-F9F7-47EF-95B3-CF62871BF79C} [2012.03.07 19:04:04 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B18BD0B7-0F79-4EAB-AB37-F13C1A79FF22} [2012.03.05 21:35:09 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{71028305-AB19-4E1F-9FE8-ED64C7CB6960} [2012.03.05 19:20:45 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{0D7F8810-DC11-46CD-A7D2-7450B16D41A3} [2012.03.05 19:20:33 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{22A0C4A9-D52F-4F47-A677-4C725937E444} [2012.03.04 11:09:44 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{F368D4E1-D8D7-403C-8A37-6E94224E183E} [2012.03.04 11:09:18 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B3756192-2C6A-4956-8EA1-B9A6C5DC1E78} [2012.03.03 11:11:48 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{D05CA429-D0C0-41F3-8297-23B121D73575} [2012.03.02 23:17:37 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B156CB88-AD47-4F07-A008-4C5A88D32A4D} [2012.03.02 23:17:11 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{9763A15F-A721-4391-8081-BA3BAC884A05} [2012.03.01 19:08:21 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{DF0DECF4-3ED1-4AB2-9FD7-963A576230B5} [2012.03.01 19:07:57 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{02EE8E69-BB3A-4477-8EF4-70801103EC77} [2012.02.28 14:51:52 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{7B611795-CD53-42CB-875D-3846563613DA} [2012.02.28 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{A28D23F6-DFFC-4F5C-B183-1D98265F02A6} [2012.02.27 18:21:47 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{23BB17B4-A801-4538-B71E-B2FB98D6F8FF} [2012.02.26 17:47:42 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{5DD5CB1C-8092-43FB-8450-30FF38E28699} [2012.02.26 17:47:17 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{8F9636D5-104D-47D4-9442-73F650A0B56D} [2012.02.26 12:48:24 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{607D2640-B06C-44D4-B155-44B4EB39B4BF} [2012.02.26 12:48:00 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{F0C4B401-9FD7-4405-A90A-AECD14D89A41} [2012.02.25 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{E32906CE-6573-49EA-8E69-88C61DA4D088} [2012.02.25 23:32:21 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{A7562A67-7F9E-4191-8F0D-583CAEEEBD96} [2012.02.24 12:19:59 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{17027EC0-DA72-43A1-A768-4F6BF7EEE397} [2012.02.24 12:19:32 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{70363E9D-60C6-47E4-9E17-D6E11897F7A1} [2012.02.24 10:17:01 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{04E5C1D6-FB17-47B9-B588-3094BDD36064} [2012.02.23 20:10:24 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{D714AC2A-D5B8-4EFC-87AF-A11BBCB27134} [2012.02.23 20:09:56 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{51C9E381-AA85-4FF6-95E4-47A84C3B4F7F} [2012.02.20 19:13:07 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{578D9D55-3C04-44C4-BC98-A401041D8A6E} [2012.02.20 19:12:40 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{2EE916A9-48D9-40A2-AF3A-ABA160A7701E} [2012.02.19 10:44:08 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{6AEF6B84-E456-4837-8957-268F3D46A06F} [2012.02.19 10:43:42 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{7E4F9DD1-4230-48A4-97AD-B3F0B30E7828} [2012.02.18 11:55:52 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{0327037B-AA64-493A-983F-4A75F61A8FD2} [2012.02.16 14:06:30 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{B0E10AED-CD61-46D1-B882-F6BEB744EEA6} [2012.02.16 14:06:01 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{D3354FE0-C4A6-4CA8-A075-97ECC61B2F5A} [2012.02.13 21:00:13 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{60A90913-412F-49E6-969D-23250CD06556} [2012.02.13 20:59:44 | 000,000,000 | ---D | C] -- C:\Users\Kalkan\AppData\Local\{D51C9F62-8103-4D8D-AC78-33B58725601B} [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.13 20:09:30 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.13 20:09:29 | 000,016,656 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.13 19:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.13 19:58:37 | 796,987,392 | -HS- | M] () -- C:\hiberfil.sys [2012.03.13 06:14:08 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.13 06:14:08 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.13 06:14:08 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.13 06:14:08 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.12 20:25:46 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Kalkan\Desktop\OTL.exe [2012.03.12 19:29:22 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.11 22:25:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000UA.job [2012.03.11 01:11:58 | 000,038,912 | -H-- | M] () -- C:\Users\Kalkan\Desktop\photothumb.db [2012.03.04 16:25:02 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000Core.job [2012.02.18 11:51:41 | 000,284,200 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.16 14:04:51 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.12 19:29:22 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2011.09.25 06:56:40 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2011.09.25 06:45:33 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.09.25 06:38:38 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2011.09.25 06:35:10 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC1.dat [2011.09.25 06:35:09 | 000,000,852 | ---- | C] () -- C:\Windows\System32\drivers\RTKHDRC0.dat [2011.09.25 06:35:09 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2011.09.25 06:35:09 | 000,000,712 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2011.09.25 06:25:55 | 000,045,056 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll [2010.11.21 01:46:14 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.11.21 01:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.11.21 01:46:14 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.11.21 01:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat ========== LOP Check ========== [2012.01.15 00:56:07 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\DVDVideoSoft [2012.01.15 00:55:17 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.25 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\OpenOffice.org [2011.12.10 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\PhotoScape [2012.03.12 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\SoftGrid Client [2011.11.23 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Toshiba [2011.11.23 19:36:46 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\TOSHIBA Online Product Information [2011.11.23 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\TP [2012.03.04 16:25:02 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000Core.job [2012.03.11 22:25:03 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000UA.job [2012.01.19 20:17:33 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.11.23 21:24:40 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Adobe [2011.11.27 12:26:53 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Avira [2012.01.15 00:56:07 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\DVDVideoSoft [2012.01.15 00:55:17 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\DVDVideoSoftIEHelpers [2011.11.22 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Identities [2011.05.09 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Macromedia [2012.03.12 19:29:32 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Malwarebytes [2012.03.11 20:41:47 | 000,000,000 | --SD | M] -- C:\Users\Kalkan\AppData\Roaming\Microsoft [2011.11.22 21:08:15 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Mozilla [2011.11.25 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\OpenOffice.org [2011.12.10 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\PhotoScape [2012.01.12 17:09:36 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Skype [2012.03.12 20:27:33 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\SoftGrid Client [2011.11.23 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\Toshiba [2011.11.23 19:36:46 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\TOSHIBA Online Product Information [2011.11.23 19:14:29 | 000,000,000 | ---D | M] -- C:\Users\Kalkan\AppData\Roaming\TP < %APPDATA%\*.exe /s > [2010.09.20 15:39:48 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Kalkan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.06.08 09:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\drivers\iaStor.sys [2010.06.08 09:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_20f8d1b2e876a71d\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011.05.09 10:04:05 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2011.05.09 10:04:05 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll [1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < > < End of report > |
|
14.03.2012, 14:57
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Klon Virus Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2012, 18:36
| #11 |
| | BKA Klon VirusCode:
ATTFilter 18:07:27.0540 4828 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
18:07:28.0340 4828 ============================================================
18:07:28.0341 4828 Current date / time: 2012/03/14 18:07:28.0340
18:07:28.0341 4828 SystemInfo:
18:07:28.0341 4828
18:07:28.0341 4828 OS Version: 6.1.7601 ServicePack: 1.0
18:07:28.0341 4828 Product type: Workstation
18:07:28.0342 4828 ComputerName: KALKAN-TOSH
18:07:28.0342 4828 UserName: Kalkan
18:07:28.0342 4828 Windows directory: C:\Windows
18:07:28.0342 4828 System windows directory: C:\Windows
18:07:28.0342 4828 Processor architecture: Intel x86
18:07:28.0342 4828 Number of processors: 2
18:07:28.0342 4828 Page size: 0x1000
18:07:28.0342 4828 Boot type: Normal boot
18:07:28.0342 4828 ============================================================
18:07:30.0900 4828 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:07:30.0906 4828 \Device\Harddisk0\DR0:
18:07:30.0907 4828 MBR used
18:07:30.0907 4828 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x12A17000
18:07:30.0907 4828 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x12ADF800, BlocksNum 0x1294F000
18:07:31.0197 4828 Initialize success
18:07:31.0197 4828 ============================================================
18:12:30.0859 3000 ============================================================
18:12:30.0859 3000 Scan started
18:12:30.0859 3000 Mode: Manual; SigCheck; TDLFS;
18:12:30.0859 3000 ============================================================
18:12:31.0708 3000 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:12:31.0981 3000 1394ohci - ok
18:12:32.0581 3000 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:12:32.0648 3000 ACPI - ok
18:12:33.0134 3000 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:12:33.0221 3000 AcpiPmi - ok
18:12:33.0848 3000 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
18:12:33.0927 3000 adp94xx - ok
18:12:34.0508 3000 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
18:12:34.0562 3000 adpahci - ok
18:12:35.0332 3000 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
18:12:35.0378 3000 adpu320 - ok
18:12:36.0077 3000 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:12:36.0169 3000 AFD - ok
18:12:36.0607 3000 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:12:36.0654 3000 agp440 - ok
18:12:37.0153 3000 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
18:12:37.0184 3000 aic78xx - ok
18:12:37.0793 3000 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:12:37.0824 3000 aliide - ok
18:12:38.0198 3000 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:12:38.0230 3000 amdagp - ok
18:12:38.0557 3000 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:12:38.0588 3000 amdide - ok
18:12:38.0932 3000 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
18:12:38.0994 3000 AmdK8 - ok
18:12:39.0337 3000 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
18:12:39.0400 3000 AmdPPM - ok
18:12:39.0805 3000 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:12:39.0852 3000 amdsata - ok
18:12:40.0242 3000 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
18:12:40.0289 3000 amdsbs - ok
18:12:40.0757 3000 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:12:40.0804 3000 amdxata - ok
18:12:41.0209 3000 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:12:41.0334 3000 AppID - ok
18:12:41.0740 3000 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
18:12:41.0771 3000 arc - ok
18:12:42.0114 3000 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
18:12:42.0161 3000 arcsas - ok
18:12:42.0488 3000 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:12:42.0660 3000 AsyncMac - ok
18:12:43.0050 3000 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:12:43.0081 3000 atapi - ok
18:12:43.0518 3000 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:12:43.0612 3000 avgntflt - ok
18:12:44.0002 3000 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:12:44.0033 3000 avipbb - ok
18:12:44.0407 3000 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:12:44.0454 3000 avkmgr - ok
18:12:44.0844 3000 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
18:12:45.0016 3000 b06bdrv - ok
18:12:45.0390 3000 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:12:45.0515 3000 b57nd60x - ok
18:12:45.0874 3000 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:12:46.0045 3000 Beep - ok
18:12:46.0420 3000 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
18:12:46.0482 3000 blbdrive - ok
18:12:46.0856 3000 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:12:46.0919 3000 bowser - ok
18:12:47.0324 3000 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
18:12:47.0418 3000 BrFiltLo - ok
18:12:47.0777 3000 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
18:12:47.0839 3000 BrFiltUp - ok
18:12:48.0292 3000 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:12:48.0416 3000 Brserid - ok
18:12:48.0822 3000 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:12:48.0900 3000 BrSerWdm - ok
18:12:49.0321 3000 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:12:49.0384 3000 BrUsbMdm - ok
18:12:49.0820 3000 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:12:49.0930 3000 BrUsbSer - ok
18:12:50.0429 3000 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
18:12:50.0522 3000 BTHMODEM - ok
18:12:51.0973 3000 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:12:52.0098 3000 cdfs - ok
18:12:53.0034 3000 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:12:53.0174 3000 cdrom - ok
18:12:54.0266 3000 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
18:12:54.0422 3000 circlass - ok
18:12:54.0890 3000 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:12:54.0937 3000 CLFS - ok
18:12:55.0702 3000 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
18:12:55.0780 3000 CmBatt - ok
18:12:56.0279 3000 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:12:56.0310 3000 cmdide - ok
18:12:56.0887 3000 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:12:56.0981 3000 CNG - ok
18:12:57.0340 3000 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
18:12:57.0371 3000 Compbatt - ok
18:12:57.0714 3000 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:12:57.0948 3000 CompositeBus - ok
18:12:58.0369 3000 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
18:12:58.0400 3000 crcdisk - ok
18:12:58.0884 3000 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:12:59.0009 3000 DfsC - ok
18:12:59.0399 3000 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:12:59.0524 3000 discache - ok
18:12:59.0882 3000 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
18:12:59.0914 3000 Disk - ok
18:13:00.0288 3000 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:13:00.0428 3000 drmkaud - ok
18:13:00.0850 3000 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:13:00.0943 3000 DXGKrnl - ok
18:13:01.0411 3000 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
18:13:01.0754 3000 ebdrv - ok
18:13:02.0129 3000 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
18:13:02.0191 3000 elxstor - ok
18:13:02.0612 3000 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:13:02.0659 3000 ErrDev - ok
18:13:03.0065 3000 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:13:03.0174 3000 exfat - ok
18:13:03.0548 3000 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:13:03.0658 3000 fastfat - ok
18:13:04.0001 3000 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
18:13:04.0048 3000 fdc - ok
18:13:04.0360 3000 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:13:04.0406 3000 FileInfo - ok
18:13:04.0687 3000 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:13:04.0859 3000 Filetrace - ok
18:13:05.0140 3000 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
18:13:05.0218 3000 flpydisk - ok
18:13:05.0561 3000 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:13:05.0608 3000 FltMgr - ok
18:13:05.0998 3000 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:13:06.0029 3000 FsDepends - ok
18:13:06.0356 3000 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:13:06.0403 3000 Fs_Rec - ok
18:13:06.0793 3000 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:13:06.0856 3000 fvevol - ok
18:13:07.0230 3000 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
18:13:07.0261 3000 gagp30kx - ok
18:13:07.0745 3000 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:13:07.0901 3000 hcw85cir - ok
18:13:08.0322 3000 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:13:08.0416 3000 HdAudAddService - ok
18:13:08.0946 3000 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:13:09.0008 3000 HDAudBus - ok
18:13:09.0398 3000 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
18:13:09.0508 3000 HidBatt - ok
18:13:09.0929 3000 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
18:13:10.0085 3000 HidBth - ok
18:13:10.0444 3000 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
18:13:10.0522 3000 HidIr - ok
18:13:10.0958 3000 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:13:11.0052 3000 HidUsb - ok
18:13:11.0426 3000 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:13:11.0458 3000 HpSAMD - ok
18:13:11.0848 3000 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:13:11.0972 3000 HTTP - ok
18:13:12.0300 3000 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:13:12.0331 3000 hwpolicy - ok
18:13:12.0706 3000 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:13:12.0768 3000 i8042prt - ok
18:13:13.0174 3000 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
18:13:13.0236 3000 iaStor - ok
18:13:13.0595 3000 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:13:13.0657 3000 iaStorV - ok
18:13:14.0219 3000 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:13:14.0671 3000 igfx - ok
18:13:15.0046 3000 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
18:13:15.0092 3000 iirsp - ok
18:13:15.0670 3000 IntcAzAudAddService (5a0c4278ef87b25154c1dcc78148d191) C:\Windows\system32\drivers\RTKVHDA.sys
18:13:15.0919 3000 IntcAzAudAddService - ok
18:13:16.0247 3000 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:13:16.0309 3000 intelide - ok
18:13:16.0652 3000 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:13:16.0699 3000 intelppm - ok
18:13:17.0042 3000 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:13:17.0167 3000 IpFilterDriver - ok
18:13:17.0510 3000 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:13:17.0635 3000 IPMIDRV - ok
18:13:17.0916 3000 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:13:18.0306 3000 IPNAT - ok
18:13:18.0618 3000 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:13:18.0774 3000 IRENUM - ok
18:13:19.0070 3000 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:13:19.0102 3000 isapnp - ok
18:13:19.0429 3000 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:13:19.0476 3000 iScsiPrt - ok
18:13:19.0788 3000 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:13:19.0835 3000 kbdclass - ok
18:13:20.0131 3000 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:13:20.0272 3000 kbdhid - ok
18:13:20.0568 3000 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:13:20.0615 3000 KSecDD - ok
18:13:20.0896 3000 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:13:20.0942 3000 KSecPkg - ok
18:13:21.0286 3000 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:13:21.0457 3000 lltdio - ok
18:13:21.0800 3000 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\Windows\system32\DRIVERS\LPCFilter.sys
18:13:21.0863 3000 LPCFilter - ok
18:13:22.0175 3000 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
18:13:22.0206 3000 LSI_FC - ok
18:13:22.0502 3000 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
18:13:22.0565 3000 LSI_SAS - ok
18:13:22.0861 3000 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
18:13:22.0892 3000 LSI_SAS2 - ok
18:13:23.0189 3000 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
18:13:23.0251 3000 LSI_SCSI - ok
18:13:23.0532 3000 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:13:23.0735 3000 luafv - ok
18:13:24.0078 3000 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:13:24.0140 3000 MBAMProtector - ok
18:13:24.0452 3000 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
18:13:24.0515 3000 megasas - ok
18:13:24.0842 3000 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
18:13:24.0889 3000 MegaSR - ok
18:13:25.0248 3000 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:13:25.0404 3000 Modem - ok
18:13:25.0716 3000 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:13:25.0856 3000 monitor - ok
18:13:26.0168 3000 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:13:26.0231 3000 mouclass - ok
18:13:26.0574 3000 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
18:13:26.0730 3000 mouhid - ok
18:13:27.0026 3000 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:13:27.0089 3000 mountmgr - ok
18:13:27.0401 3000 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:13:27.0448 3000 mpio - ok
18:13:27.0760 3000 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:13:28.0040 3000 mpsdrv - ok
18:13:28.0368 3000 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:13:28.0524 3000 MRxDAV - ok
18:13:28.0836 3000 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:13:28.0961 3000 mrxsmb - ok
18:13:29.0288 3000 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:13:29.0444 3000 mrxsmb10 - ok
18:13:29.0741 3000 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:13:29.0959 3000 mrxsmb20 - ok
18:13:30.0271 3000 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\DRIVERS\msahci.sys
18:13:30.0302 3000 msahci - ok
18:13:30.0614 3000 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:13:30.0708 3000 msdsm - ok
18:13:31.0036 3000 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:13:31.0285 3000 Msfs - ok
18:13:31.0597 3000 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:13:31.0862 3000 mshidkmdf - ok
18:13:32.0237 3000 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:13:32.0284 3000 msisadrv - ok
18:13:32.0627 3000 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:13:32.0798 3000 MSKSSRV - ok
18:13:33.0126 3000 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:13:33.0376 3000 MSPCLOCK - ok
18:13:33.0688 3000 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:13:33.0953 3000 MSPQM - ok
18:13:34.0265 3000 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:13:34.0312 3000 MsRPC - ok
18:13:34.0624 3000 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:13:34.0702 3000 mssmbios - ok
18:13:35.0029 3000 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:13:35.0279 3000 MSTEE - ok
18:13:35.0575 3000 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
18:13:35.0762 3000 MTConfig - ok
18:13:36.0059 3000 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:13:36.0121 3000 Mup - ok
18:13:36.0449 3000 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:13:36.0683 3000 NativeWifiP - ok
18:13:37.0026 3000 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:13:37.0151 3000 NDIS - ok
18:13:37.0463 3000 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:13:37.0634 3000 NdisCap - ok
18:13:37.0946 3000 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:13:38.0071 3000 NdisTapi - ok
18:13:38.0383 3000 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:13:38.0680 3000 Ndisuio - ok
18:13:38.0976 3000 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:13:39.0226 3000 NdisWan - ok
18:13:39.0522 3000 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:13:39.0709 3000 NDProxy - ok
18:13:40.0037 3000 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:13:40.0240 3000 NetBIOS - ok
18:13:40.0567 3000 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:13:40.0770 3000 NetBT - ok
18:13:41.0113 3000 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
18:13:41.0191 3000 nfrd960 - ok
18:13:41.0503 3000 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:13:41.0768 3000 Npfs - ok
18:13:42.0080 3000 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:13:42.0377 3000 nsiproxy - ok
18:13:42.0704 3000 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:13:42.0829 3000 Ntfs - ok
18:13:43.0141 3000 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:13:43.0313 3000 Null - ok
18:13:43.0640 3000 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:13:43.0703 3000 nvraid - ok
18:13:44.0030 3000 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:13:44.0077 3000 nvstor - ok
18:13:44.0389 3000 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:13:44.0483 3000 nv_agp - ok
18:13:44.0795 3000 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:13:44.0951 3000 ohci1394 - ok
18:13:45.0325 3000 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
18:13:45.0450 3000 Parport - ok
18:13:45.0746 3000 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:13:45.0840 3000 partmgr - ok
18:13:46.0152 3000 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
18:13:46.0308 3000 Parvdm - ok
18:13:46.0636 3000 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:13:46.0698 3000 pci - ok
18:13:47.0026 3000 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:13:47.0057 3000 pciide - ok
18:13:47.0369 3000 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
18:13:47.0447 3000 pcmcia - ok
18:13:47.0743 3000 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:13:47.0790 3000 pcw - ok
18:13:48.0180 3000 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:13:48.0523 3000 PEAUTH - ok
18:13:49.0038 3000 PGEffect (b4948e692aab9091b45105706ec3f3ee) C:\Windows\system32\DRIVERS\pgeffect.sys
18:13:49.0069 3000 PGEffect - ok
18:13:49.0522 3000 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:13:49.0662 3000 PptpMiniport - ok
18:13:50.0021 3000 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
18:13:50.0083 3000 Processor - ok
18:13:50.0442 3000 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:13:50.0551 3000 Psched - ok
18:13:50.0910 3000 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
18:13:51.0035 3000 ql2300 - ok
18:13:51.0347 3000 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
18:13:51.0394 3000 ql40xx - ok
18:13:51.0706 3000 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:13:51.0768 3000 QWAVEdrv - ok
18:13:52.0080 3000 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:13:52.0189 3000 RasAcd - ok
18:13:52.0501 3000 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:13:52.0610 3000 RasAgileVpn - ok
18:13:52.0922 3000 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:13:53.0047 3000 Rasl2tp - ok
18:13:53.0375 3000 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:13:53.0500 3000 RasPppoe - ok
18:13:53.0812 3000 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:13:53.0905 3000 RasSstp - ok
18:13:54.0202 3000 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:13:54.0311 3000 rdbss - ok
18:13:54.0623 3000 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
18:13:54.0670 3000 rdpbus - ok
18:13:54.0966 3000 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:13:55.0060 3000 RDPCDD - ok
18:13:55.0372 3000 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:13:55.0481 3000 RDPENCDD - ok
18:13:56.0042 3000 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:13:56.0136 3000 RDPREFMP - ok
18:13:56.0432 3000 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:13:56.0526 3000 RDPWD - ok
18:13:56.0838 3000 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:13:56.0885 3000 rdyboost - ok
18:13:57.0228 3000 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:13:57.0353 3000 rspndr - ok
18:13:57.0680 3000 RSUSBSTOR (b38e89386993e69a959b941561f3e5f3) C:\Windows\system32\Drivers\RtsUStor.sys
18:13:57.0712 3000 RSUSBSTOR - ok
18:13:58.0024 3000 RTL8167 (cfa5758f2a929ce24e16e1b2a5ca8c23) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:13:58.0055 3000 RTL8167 - ok
18:13:58.0414 3000 RTL8192Ce (9f9858402e5dce7b6123734d4c26cecb) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
18:13:58.0492 3000 RTL8192Ce - ok
18:13:58.0804 3000 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:13:58.0850 3000 sbp2port - ok
18:13:59.0131 3000 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:13:59.0256 3000 scfilter - ok
18:13:59.0599 3000 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:13:59.0708 3000 secdrv - ok
18:14:00.0036 3000 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
18:14:00.0098 3000 Serenum - ok
18:14:00.0395 3000 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
18:14:00.0442 3000 Serial - ok
18:14:00.0738 3000 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
18:14:00.0800 3000 sermouse - ok
18:14:01.0128 3000 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:14:01.0190 3000 sffdisk - ok
18:14:01.0487 3000 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:14:01.0534 3000 sffp_mmc - ok
18:14:01.0814 3000 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:14:01.0877 3000 sffp_sd - ok
18:14:02.0158 3000 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
18:14:02.0204 3000 sfloppy - ok
18:14:02.0516 3000 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:14:02.0579 3000 Sftfs - ok
18:14:02.0875 3000 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:14:02.0922 3000 Sftplay - ok
18:14:03.0218 3000 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:14:03.0250 3000 Sftredir - ok
18:14:03.0530 3000 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:14:03.0562 3000 Sftvol - ok
18:14:03.0889 3000 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:14:03.0920 3000 sisagp - ok
18:14:04.0217 3000 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
18:14:04.0264 3000 SiSRaid2 - ok
18:14:04.0544 3000 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
18:14:04.0591 3000 SiSRaid4 - ok
18:14:04.0903 3000 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:14:05.0012 3000 Smb - ok
18:14:05.0356 3000 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:14:05.0387 3000 spldr - ok
18:14:05.0761 3000 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:14:05.0824 3000 srv - ok
18:14:06.0120 3000 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:14:06.0198 3000 srv2 - ok
18:14:06.0494 3000 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:14:06.0557 3000 srvnet - ok
18:14:06.0853 3000 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:14:06.0900 3000 ssmdrv - ok
18:14:07.0181 3000 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
18:14:07.0228 3000 stexstor - ok
18:14:07.0524 3000 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:14:07.0555 3000 swenum - ok
18:14:07.0883 3000 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\Windows\system32\DRIVERS\SynTP.sys
18:14:07.0914 3000 SynTP - ok
18:14:08.0304 3000 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:14:08.0413 3000 Tcpip - ok
18:14:08.0756 3000 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:14:08.0881 3000 TCPIP6 - ok
18:14:09.0193 3000 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:14:09.0287 3000 tcpipreg - ok
18:14:09.0599 3000 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:14:09.0630 3000 tdcmdpst - ok
18:14:09.0926 3000 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:14:09.0989 3000 TDPIPE - ok
18:14:10.0285 3000 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:14:10.0379 3000 TDTCP - ok
18:14:10.0675 3000 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:14:10.0769 3000 tdx - ok
18:14:11.0065 3000 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:14:11.0096 3000 TermDD - ok
18:14:11.0611 3000 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:14:11.0705 3000 tssecsrv - ok
18:14:12.0017 3000 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:14:12.0064 3000 TsUsbFlt - ok
18:14:12.0360 3000 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
18:14:12.0407 3000 TsUsbGD - ok
18:14:12.0719 3000 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:14:12.0812 3000 tunnel - ok
18:14:13.0109 3000 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:14:13.0140 3000 TVALZ - ok
18:14:13.0436 3000 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
18:14:13.0483 3000 uagp35 - ok
18:14:13.0780 3000 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:14:13.0889 3000 udfs - ok
18:14:14.0232 3000 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:14:14.0279 3000 uliagpkx - ok
18:14:14.0560 3000 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
18:14:14.0622 3000 umbus - ok
18:14:14.0918 3000 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
18:14:14.0981 3000 UmPass - ok
18:14:15.0293 3000 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:14:15.0355 3000 usbccgp - ok
18:14:15.0636 3000 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:14:15.0714 3000 usbcir - ok
18:14:16.0010 3000 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:14:16.0073 3000 usbehci - ok
18:14:16.0369 3000 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:14:16.0447 3000 usbhub - ok
18:14:16.0728 3000 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:14:16.0775 3000 usbohci - ok
18:14:17.0071 3000 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
18:14:17.0134 3000 usbprint - ok
18:14:17.0414 3000 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:14:17.0492 3000 USBSTOR - ok
18:14:17.0804 3000 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:14:17.0867 3000 usbuhci - ok
18:14:18.0163 3000 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:14:18.0226 3000 usbvideo - ok
18:14:18.0538 3000 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:14:18.0584 3000 vdrvroot - ok
18:14:18.0912 3000 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:14:18.0974 3000 vga - ok
18:14:19.0255 3000 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:14:19.0364 3000 VgaSave - ok
18:14:19.0676 3000 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:14:19.0723 3000 vhdmp - ok
18:14:20.0051 3000 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:14:20.0082 3000 viaagp - ok
18:14:20.0363 3000 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
18:14:20.0425 3000 ViaC7 - ok
18:14:20.0737 3000 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:14:20.0768 3000 viaide - ok
18:14:21.0065 3000 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:14:21.0096 3000 volmgr - ok
18:14:21.0392 3000 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:14:21.0439 3000 volmgrx - ok
18:14:21.0736 3000 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:14:21.0798 3000 volsnap - ok
18:14:22.0110 3000 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
18:14:22.0157 3000 vsmraid - ok
18:14:22.0453 3000 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:14:22.0516 3000 vwifibus - ok
18:14:22.0828 3000 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:14:22.0921 3000 vwififlt - ok
18:14:23.0218 3000 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
18:14:23.0280 3000 WacomPen - ok
18:14:23.0592 3000 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:23.0701 3000 WANARP - ok
18:14:23.0732 3000 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:14:23.0810 3000 Wanarpv6 - ok
18:14:24.0138 3000 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
18:14:24.0169 3000 Wd - ok
18:14:24.0497 3000 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:14:24.0559 3000 Wdf01000 - ok
18:14:24.0902 3000 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:14:25.0012 3000 WfpLwf - ok
18:14:25.0308 3000 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:14:25.0355 3000 WIMMount - ok
18:14:25.0776 3000 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:14:25.0854 3000 WinUsb - ok
18:14:26.0197 3000 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:14:26.0260 3000 WmiAcpi - ok
18:14:26.0603 3000 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:14:26.0712 3000 ws2ifsl - ok
18:14:27.0040 3000 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:14:27.0149 3000 WudfPf - ok
18:14:27.0430 3000 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:14:27.0555 3000 WUDFRd - ok
18:14:27.0711 3000 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:14:28.0584 3000 \Device\Harddisk0\DR0 - ok
18:14:28.0615 3000 Boot (0x1200) (c4e14f54781981b7a7fc53681d555b15) \Device\Harddisk0\DR0\Partition0
18:14:28.0615 3000 \Device\Harddisk0\DR0\Partition0 - ok
18:14:28.0662 3000 Boot (0x1200) (752ba1b2d481b9fb1885f7e053106f5a) \Device\Harddisk0\DR0\Partition1
18:14:28.0662 3000 \Device\Harddisk0\DR0\Partition1 - ok
18:14:28.0678 3000 ============================================================
18:14:28.0678 3000 Scan finished
18:14:28.0678 3000 ============================================================
18:14:28.0725 3788 Detected object count: 0
18:14:28.0725 3788 Actual detected object count: 0
18:32:26.0591 1780 ============================================================
18:32:26.0623 1780 Scan started
18:32:26.0623 1780 Mode: Manual; SigCheck; TDLFS;
18:32:26.0623 1780 ============================================================
18:32:27.0496 1780 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
18:32:27.0652 1780 1394ohci - ok
18:32:28.0136 1780 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
18:32:28.0167 1780 ACPI - ok
18:32:28.0573 1780 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
18:32:28.0697 1780 AcpiPmi - ok
18:32:29.0072 1780 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
18:32:29.0119 1780 adp94xx - ok
18:32:29.0415 1780 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
18:32:29.0446 1780 adpahci - ok
18:32:29.0758 1780 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
18:32:29.0805 1780 adpu320 - ok
18:32:30.0148 1780 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
18:32:30.0242 1780 AFD - ok
18:32:30.0507 1780 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
18:32:30.0538 1780 agp440 - ok
18:32:30.0835 1780 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
18:32:30.0866 1780 aic78xx - ok
18:32:31.0209 1780 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
18:32:31.0225 1780 aliide - ok
18:32:31.0521 1780 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
18:32:31.0552 1780 amdagp - ok
18:32:31.0911 1780 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
18:32:31.0927 1780 amdide - ok
18:32:32.0301 1780 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
18:32:32.0332 1780 AmdK8 - ok
18:32:32.0644 1780 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
18:32:32.0691 1780 AmdPPM - ok
18:32:32.0987 1780 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
18:32:33.0019 1780 amdsata - ok
18:32:33.0331 1780 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
18:32:33.0393 1780 amdsbs - ok
18:32:33.0736 1780 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
18:32:33.0767 1780 amdxata - ok
18:32:34.0095 1780 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
18:32:34.0220 1780 AppID - ok
18:32:34.0532 1780 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
18:32:34.0579 1780 arc - ok
18:32:34.0859 1780 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
18:32:34.0891 1780 arcsas - ok
18:32:35.0171 1780 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
18:32:35.0265 1780 AsyncMac - ok
18:32:35.0593 1780 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
18:32:35.0639 1780 atapi - ok
18:32:35.0983 1780 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
18:32:36.0014 1780 avgntflt - ok
18:32:36.0341 1780 avipbb (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
18:32:36.0357 1780 avipbb - ok
18:32:36.0653 1780 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
18:32:36.0685 1780 avkmgr - ok
18:32:36.0981 1780 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
18:32:37.0043 1780 b06bdrv - ok
18:32:37.0340 1780 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
18:32:37.0402 1780 b57nd60x - ok
18:32:37.0714 1780 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
18:32:37.0792 1780 Beep - ok
18:32:38.0089 1780 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\drivers\blbdrive.sys
18:32:38.0135 1780 blbdrive - ok
18:32:38.0463 1780 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
18:32:38.0525 1780 bowser - ok
18:32:38.0806 1780 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
18:32:38.0853 1780 BrFiltLo - ok
18:32:39.0134 1780 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
18:32:39.0181 1780 BrFiltUp - ok
18:32:39.0477 1780 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
18:32:39.0555 1780 Brserid - ok
18:32:39.0836 1780 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
18:32:39.0883 1780 BrSerWdm - ok
18:32:40.0179 1780 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:32:40.0226 1780 BrUsbMdm - ok
18:32:40.0507 1780 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
18:32:40.0553 1780 BrUsbSer - ok
18:32:40.0834 1780 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
18:32:40.0881 1780 BTHMODEM - ok
18:32:41.0177 1780 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
18:32:41.0271 1780 cdfs - ok
18:32:41.0567 1780 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
18:32:41.0614 1780 cdrom - ok
18:32:41.0926 1780 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
18:32:41.0973 1780 circlass - ok
18:32:42.0176 1780 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
18:32:42.0207 1780 CLFS - ok
18:32:42.0519 1780 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\drivers\CmBatt.sys
18:32:42.0566 1780 CmBatt - ok
18:32:42.0847 1780 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
18:32:42.0878 1780 cmdide - ok
18:32:43.0174 1780 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
18:32:43.0221 1780 CNG - ok
18:32:43.0518 1780 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\drivers\compbatt.sys
18:32:43.0549 1780 Compbatt - ok
18:32:43.0845 1780 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
18:32:43.0892 1780 CompositeBus - ok
18:32:44.0188 1780 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
18:32:44.0220 1780 crcdisk - ok
18:32:44.0563 1780 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
18:32:44.0641 1780 DfsC - ok
18:32:44.0922 1780 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
18:32:45.0000 1780 discache - ok
18:32:45.0296 1780 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
18:32:45.0327 1780 Disk - ok
18:32:45.0655 1780 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
18:32:45.0702 1780 drmkaud - ok
18:32:46.0014 1780 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
18:32:46.0076 1780 DXGKrnl - ok
18:32:46.0482 1780 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
18:32:46.0638 1780 ebdrv - ok
18:32:46.0950 1780 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
18:32:46.0996 1780 elxstor - ok
18:32:47.0277 1780 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
18:32:47.0324 1780 ErrDev - ok
18:32:47.0652 1780 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
18:32:47.0714 1780 exfat - ok
18:32:48.0010 1780 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
18:32:48.0104 1780 fastfat - ok
18:32:48.0385 1780 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
18:32:48.0432 1780 fdc - ok
18:32:48.0728 1780 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
18:32:48.0759 1780 FileInfo - ok
18:32:49.0040 1780 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
18:32:49.0118 1780 Filetrace - ok
18:32:49.0399 1780 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
18:32:49.0430 1780 flpydisk - ok
18:32:49.0726 1780 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
18:32:49.0758 1780 FltMgr - ok
18:32:50.0070 1780 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
18:32:50.0101 1780 FsDepends - ok
18:32:50.0366 1780 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
18:32:50.0397 1780 Fs_Rec - ok
18:32:50.0694 1780 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
18:32:50.0740 1780 fvevol - ok
18:32:51.0021 1780 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
18:32:51.0052 1780 gagp30kx - ok
18:32:51.0364 1780 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
18:32:51.0427 1780 hcw85cir - ok
18:32:51.0723 1780 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
18:32:51.0786 1780 HdAudAddService - ok
18:32:52.0066 1780 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
18:32:52.0113 1780 HDAudBus - ok
18:32:52.0394 1780 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
18:32:52.0441 1780 HidBatt - ok
18:32:52.0737 1780 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
18:32:52.0784 1780 HidBth - ok
18:32:53.0065 1780 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
18:32:53.0112 1780 HidIr - ok
18:32:53.0408 1780 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
18:32:53.0455 1780 HidUsb - ok
18:32:53.0767 1780 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
18:32:53.0798 1780 HpSAMD - ok
18:32:54.0110 1780 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
18:32:54.0204 1780 HTTP - ok
18:32:54.0547 1780 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
18:32:54.0578 1780 hwpolicy - ok
18:32:54.0859 1780 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
18:32:54.0906 1780 i8042prt - ok
18:32:55.0202 1780 iaStor (d80aa0907748d7cc8efab3773f32629b) C:\Windows\system32\DRIVERS\iaStor.sys
18:32:55.0249 1780 iaStor - ok
18:32:55.0561 1780 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
18:32:55.0592 1780 iaStorV - ok
18:32:56.0044 1780 igfx (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:32:56.0325 1780 igfx - ok
18:32:56.0637 1780 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
18:32:56.0653 1780 iirsp - ok
18:32:57.0043 1780 IntcAzAudAddService (5a0c4278ef87b25154c1dcc78148d191) C:\Windows\system32\drivers\RTKVHDA.sys
18:32:57.0214 1780 IntcAzAudAddService - ok
18:32:57.0511 1780 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
18:32:57.0558 1780 intelide - ok
18:32:57.0838 1780 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
18:32:57.0885 1780 intelppm - ok
18:32:58.0197 1780 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:32:58.0275 1780 IpFilterDriver - ok
18:32:58.0572 1780 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
18:32:58.0618 1780 IPMIDRV - ok
18:32:58.0930 1780 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
18:32:59.0055 1780 IPNAT - ok
18:32:59.0320 1780 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
18:32:59.0414 1780 IRENUM - ok
18:32:59.0710 1780 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
18:32:59.0757 1780 isapnp - ok
18:33:00.0054 1780 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
18:33:00.0100 1780 iScsiPrt - ok
18:33:00.0381 1780 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
18:33:00.0428 1780 kbdclass - ok
18:33:00.0724 1780 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
18:33:00.0771 1780 kbdhid - ok
18:33:01.0068 1780 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
18:33:01.0114 1780 KSecDD - ok
18:33:01.0395 1780 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
18:33:01.0458 1780 KSecPkg - ok
18:33:01.0801 1780 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
18:33:01.0910 1780 lltdio - ok
18:33:02.0222 1780 LPCFilter (6adab14d7ad12b35bdc665b35278099b) C:\Windows\system32\DRIVERS\LPCFilter.sys
18:33:02.0253 1780 LPCFilter - ok
18:33:02.0628 1780 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
18:33:02.0674 1780 LSI_FC - ok
18:33:02.0971 1780 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
18:33:03.0002 1780 LSI_SAS - ok
18:33:03.0330 1780 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
18:33:03.0361 1780 LSI_SAS2 - ok
18:33:03.0657 1780 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
18:33:03.0688 1780 LSI_SCSI - ok
18:33:03.0985 1780 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
18:33:04.0078 1780 luafv - ok
18:33:04.0422 1780 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:33:04.0453 1780 MBAMProtector - ok
18:33:04.0734 1780 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
18:33:04.0780 1780 megasas - ok
18:33:05.0077 1780 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
18:33:05.0108 1780 MegaSR - ok
18:33:05.0404 1780 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
18:33:05.0514 1780 Modem - ok
18:33:05.0794 1780 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
18:33:05.0841 1780 monitor - ok
18:33:06.0138 1780 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
18:33:06.0184 1780 mouclass - ok
18:33:06.0465 1780 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
18:33:06.0512 1780 mouhid - ok
18:33:06.0793 1780 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
18:33:06.0840 1780 mountmgr - ok
18:33:07.0120 1780 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
18:33:07.0167 1780 mpio - ok
18:33:07.0464 1780 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
18:33:07.0557 1780 mpsdrv - ok
18:33:07.0869 1780 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
18:33:07.0932 1780 MRxDAV - ok
18:33:08.0212 1780 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:33:08.0290 1780 mrxsmb - ok
18:33:08.0602 1780 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:33:08.0649 1780 mrxsmb10 - ok
18:33:08.0946 1780 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:33:09.0024 1780 mrxsmb20 - ok
18:33:09.0304 1780 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\DRIVERS\msahci.sys
18:33:09.0351 1780 msahci - ok
18:33:09.0710 1780 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
18:33:09.0757 1780 msdsm - ok
18:33:10.0225 1780 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
18:33:10.0303 1780 Msfs - ok
18:33:10.0849 1780 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
18:33:10.0942 1780 mshidkmdf - ok
18:33:11.0348 1780 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
18:33:11.0379 1780 msisadrv - ok
18:33:11.0785 1780 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
18:33:11.0894 1780 MSKSSRV - ok
18:33:12.0222 1780 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
18:33:12.0315 1780 MSPCLOCK - ok
18:33:12.0612 1780 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
18:33:12.0705 1780 MSPQM - ok
18:33:13.0017 1780 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
18:33:13.0048 1780 MsRPC - ok
18:33:13.0360 1780 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
18:33:13.0392 1780 mssmbios - ok
18:33:13.0688 1780 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
18:33:13.0782 1780 MSTEE - ok
18:33:14.0062 1780 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
18:33:14.0109 1780 MTConfig - ok
18:33:14.0390 1780 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
18:33:14.0421 1780 Mup - ok
18:33:14.0764 1780 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
18:33:14.0811 1780 NativeWifiP - ok
18:33:15.0154 1780 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
18:33:15.0217 1780 NDIS - ok
18:33:15.0544 1780 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
18:33:15.0638 1780 NdisCap - ok
18:33:15.0919 1780 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
18:33:16.0012 1780 NdisTapi - ok
18:33:16.0293 1780 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
18:33:16.0387 1780 Ndisuio - ok
18:33:16.0668 1780 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
18:33:16.0746 1780 NdisWan - ok
18:33:17.0026 1780 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
18:33:17.0104 1780 NDProxy - ok
18:33:17.0401 1780 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
18:33:17.0510 1780 NetBIOS - ok
18:33:17.0806 1780 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
18:33:17.0884 1780 NetBT - ok
18:33:18.0212 1780 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
18:33:18.0243 1780 nfrd960 - ok
18:33:18.0540 1780 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
18:33:18.0649 1780 Npfs - ok
18:33:18.0945 1780 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
18:33:19.0023 1780 nsiproxy - ok
18:33:19.0351 1780 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
18:33:19.0429 1780 Ntfs - ok
18:33:19.0725 1780 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
18:33:19.0834 1780 Null - ok
18:33:20.0131 1780 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
18:33:20.0178 1780 nvraid - ok
18:33:20.0458 1780 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
18:33:20.0521 1780 nvstor - ok
18:33:20.0817 1780 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
18:33:20.0848 1780 nv_agp - ok
18:33:21.0129 1780 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
18:33:21.0176 1780 ohci1394 - ok
18:33:21.0504 1780 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
18:33:21.0550 1780 Parport - ok
18:33:21.0831 1780 partmgr (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys
18:33:21.0878 1780 partmgr - ok
18:33:22.0159 1780 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
18:33:22.0221 1780 Parvdm - ok
18:33:22.0518 1780 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
18:33:22.0564 1780 pci - ok
18:33:22.0861 1780 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
18:33:22.0908 1780 pciide - ok
18:33:23.0204 1780 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
18:33:23.0235 1780 pcmcia - ok
18:33:23.0532 1780 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
18:33:23.0563 1780 pcw - ok
18:33:23.0859 1780 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
18:33:23.0953 1780 PEAUTH - ok
18:33:24.0280 1780 PGEffect (b4948e692aab9091b45105706ec3f3ee) C:\Windows\system32\DRIVERS\pgeffect.sys
18:33:24.0312 1780 PGEffect - ok
18:33:24.0670 1780 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
18:33:24.0780 1780 PptpMiniport - ok
18:33:25.0060 1780 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
18:33:25.0107 1780 Processor - ok
18:33:25.0435 1780 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
18:33:25.0528 1780 Psched - ok
18:33:25.0856 1780 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
18:33:25.0934 1780 ql2300 - ok
18:33:26.0246 1780 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
18:33:26.0293 1780 ql40xx - ok
18:33:26.0636 1780 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
18:33:26.0698 1780 QWAVEdrv - ok
18:33:26.0979 1780 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
18:33:27.0057 1780 RasAcd - ok
18:33:27.0354 1780 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:33:27.0478 1780 RasAgileVpn - ok
18:33:27.0790 1780 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:33:27.0884 1780 Rasl2tp - ok
18:33:28.0180 1780 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
18:33:28.0274 1780 RasPppoe - ok
18:33:28.0586 1780 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
18:33:28.0680 1780 RasSstp - ok
18:33:28.0960 1780 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
18:33:29.0070 1780 rdbss - ok
18:33:29.0335 1780 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
18:33:29.0382 1780 rdpbus - ok
18:33:29.0678 1780 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:33:29.0772 1780 RDPCDD - ok
18:33:30.0068 1780 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
18:33:30.0162 1780 RDPENCDD - ok
18:33:30.0458 1780 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
18:33:30.0552 1780 RDPREFMP - ok
18:33:30.0848 1780 RDPWD (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys
18:33:30.0926 1780 RDPWD - ok
18:33:31.0222 1780 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
18:33:31.0269 1780 rdyboost - ok
18:33:31.0612 1780 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
18:33:31.0706 1780 rspndr - ok
18:33:32.0002 1780 RSUSBSTOR (b38e89386993e69a959b941561f3e5f3) C:\Windows\system32\Drivers\RtsUStor.sys
18:33:32.0034 1780 RSUSBSTOR - ok
18:33:32.0346 1780 RTL8167 (cfa5758f2a929ce24e16e1b2a5ca8c23) C:\Windows\system32\DRIVERS\Rt86win7.sys
18:33:32.0392 1780 RTL8167 - ok
18:33:32.0736 1780 RTL8192Ce (9f9858402e5dce7b6123734d4c26cecb) C:\Windows\system32\DRIVERS\rtl8192Ce.sys
18:33:32.0798 1780 RTL8192Ce - ok
18:33:33.0094 1780 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
18:33:33.0141 1780 sbp2port - ok
18:33:33.0422 1780 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
18:33:33.0516 1780 scfilter - ok
18:33:33.0843 1780 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:33:33.0937 1780 secdrv - ok
18:33:34.0233 1780 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
18:33:34.0280 1780 Serenum - ok
18:33:34.0576 1780 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
18:33:34.0639 1780 Serial - ok
18:33:34.0982 1780 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
18:33:35.0044 1780 sermouse - ok
18:33:35.0372 1780 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
18:33:35.0450 1780 sffdisk - ok
18:33:35.0746 1780 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
18:33:35.0793 1780 sffp_mmc - ok
18:33:36.0090 1780 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
18:33:36.0152 1780 sffp_sd - ok
18:33:36.0433 1780 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
18:33:36.0480 1780 sfloppy - ok
18:33:36.0792 1780 Sftfs (74744f4d9eb18ddd0eb45e03cfdd648e) C:\Windows\system32\DRIVERS\Sftfslh.sys
18:33:36.0838 1780 Sftfs - ok
18:33:37.0135 1780 Sftplay (cbc5be6f81e86cc73656e61767002da9) C:\Windows\system32\DRIVERS\Sftplaylh.sys
18:33:37.0182 1780 Sftplay - ok
18:33:37.0478 1780 Sftredir (961e50666e6d6949328b1ffbc33adf43) C:\Windows\system32\DRIVERS\Sftredirlh.sys
18:33:37.0525 1780 Sftredir - ok
18:33:37.0821 1780 Sftvol (c8c02c8fe267751ec62b7e7d8d214c63) C:\Windows\system32\DRIVERS\Sftvollh.sys
18:33:37.0837 1780 Sftvol - ok
18:33:38.0149 1780 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
18:33:38.0196 1780 sisagp - ok
18:33:38.0476 1780 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
18:33:38.0508 1780 SiSRaid2 - ok
18:33:38.0804 1780 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
18:33:38.0835 1780 SiSRaid4 - ok
18:33:39.0147 1780 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
18:33:39.0225 1780 Smb - ok
18:33:39.0553 1780 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
18:33:39.0568 1780 spldr - ok
18:33:39.0896 1780 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
18:33:39.0974 1780 srv - ok
18:33:40.0270 1780 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
18:33:40.0317 1780 srv2 - ok
18:33:40.0598 1780 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
18:33:40.0676 1780 srvnet - ok
18:33:40.0957 1780 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
18:33:41.0004 1780 ssmdrv - ok
18:33:41.0300 1780 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
18:33:41.0331 1780 stexstor - ok
18:33:41.0628 1780 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
18:33:41.0674 1780 swenum - ok
18:33:42.0002 1780 SynTP (9a28f1c47ce0c8bbc02aaf5941ab44cd) C:\Windows\system32\DRIVERS\SynTP.sys
18:33:42.0033 1780 SynTP - ok
18:33:42.0408 1780 Tcpip (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys
18:33:42.0486 1780 Tcpip - ok
18:33:42.0829 1780 TCPIP6 (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys
18:33:42.0922 1780 TCPIP6 - ok
18:33:43.0203 1780 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
18:33:43.0312 1780 tcpipreg - ok
18:33:43.0624 1780 tdcmdpst (4084ea00d50c858d6f9038f86ae2e2d0) C:\Windows\system32\DRIVERS\tdcmdpst.sys
18:33:43.0656 1780 tdcmdpst - ok
18:33:43.0952 1780 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
18:33:44.0014 1780 TDPIPE - ok
18:33:44.0311 1780 TDTCP (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys
18:33:44.0404 1780 TDTCP - ok
18:33:44.0701 1780 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
18:33:44.0779 1780 tdx - ok
18:33:45.0060 1780 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
18:33:45.0106 1780 TermDD - ok
18:33:45.0528 1780 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:33:45.0606 1780 tssecsrv - ok
18:33:45.0886 1780 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
18:33:45.0964 1780 TsUsbFlt - ok
18:33:46.0261 1780 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
18:33:46.0323 1780 TsUsbGD - ok
18:33:46.0620 1780 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
18:33:46.0729 1780 tunnel - ok
18:33:47.0010 1780 TVALZ (fc24015b4052600c324c43e3a79c0664) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
18:33:47.0041 1780 TVALZ - ok
18:33:47.0337 1780 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
18:33:47.0368 1780 uagp35 - ok
18:33:47.0665 1780 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
18:33:47.0758 1780 udfs - ok
18:33:48.0070 1780 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
18:33:48.0117 1780 uliagpkx - ok
18:33:48.0414 1780 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
18:33:48.0476 1780 umbus - ok
18:33:48.0757 1780 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
18:33:48.0804 1780 UmPass - ok
18:33:49.0100 1780 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
18:33:49.0162 1780 usbccgp - ok
18:33:49.0443 1780 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
18:33:49.0490 1780 usbcir - ok
18:33:49.0771 1780 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
18:33:49.0818 1780 usbehci - ok
18:33:50.0130 1780 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
18:33:50.0192 1780 usbhub - ok
18:33:50.0473 1780 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
18:33:50.0535 1780 usbohci - ok
18:33:50.0832 1780 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
18:33:50.0878 1780 usbprint - ok
18:33:51.0175 1780 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:33:51.0253 1780 USBSTOR - ok
18:33:51.0549 1780 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
18:33:51.0596 1780 usbuhci - ok
18:33:51.0892 1780 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
18:33:51.0955 1780 usbvideo - ok
18:33:52.0267 1780 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
18:33:52.0298 1780 vdrvroot - ok
18:33:52.0594 1780 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
18:33:52.0672 1780 vga - ok
18:33:52.0969 1780 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
18:33:53.0047 1780 VgaSave - ok
18:33:53.0343 1780 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
18:33:53.0374 1780 vhdmp - ok
18:33:53.0671 1780 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
18:33:53.0718 1780 viaagp - ok
18:33:53.0998 1780 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
18:33:54.0061 1780 ViaC7 - ok
18:33:54.0342 1780 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
18:33:54.0373 1780 viaide - ok
18:33:54.0669 1780 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
18:33:54.0700 1780 volmgr - ok
18:33:54.0997 1780 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
18:33:55.0044 1780 volmgrx - ok
18:33:55.0356 1780 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
18:33:55.0402 1780 volsnap - ok
18:33:55.0699 1780 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
18:33:55.0730 1780 vsmraid - ok
18:33:56.0042 1780 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
18:33:56.0104 1780 vwifibus - ok
18:33:56.0385 1780 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
18:33:56.0448 1780 vwififlt - ok
18:33:56.0760 1780 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
18:33:56.0806 1780 WacomPen - ok
18:33:57.0103 1780 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:33:57.0196 1780 WANARP - ok
18:33:57.0212 1780 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
18:33:57.0290 1780 Wanarpv6 - ok
18:33:57.0618 1780 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
18:33:57.0649 1780 Wd - ok
18:33:57.0961 1780 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
18:33:58.0023 1780 Wdf01000 - ok
18:33:58.0366 1780 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
18:33:58.0460 1780 WfpLwf - ok
18:33:58.0772 1780 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
18:33:58.0819 1780 WIMMount - ok
18:33:59.0193 1780 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
18:33:59.0256 1780 WinUsb - ok
18:33:59.0599 1780 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
18:33:59.0661 1780 WmiAcpi - ok
18:33:59.0989 1780 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
18:34:00.0082 1780 ws2ifsl - ok
18:34:00.0410 1780 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
18:34:00.0504 1780 WudfPf - ok
18:34:00.0800 1780 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:34:00.0894 1780 WUDFRd - ok
18:34:00.0972 1780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:34:01.0518 1780 \Device\Harddisk0\DR0 - ok
18:34:01.0549 1780 Boot (0x1200) (c4e14f54781981b7a7fc53681d555b15) \Device\Harddisk0\DR0\Partition0
18:34:01.0580 1780 \Device\Harddisk0\DR0\Partition0 - ok
18:34:01.0611 1780 Boot (0x1200) (752ba1b2d481b9fb1885f7e053106f5a) \Device\Harddisk0\DR0\Partition1
18:34:01.0611 1780 \Device\Harddisk0\DR0\Partition1 - ok
18:34:01.0611 1780 ============================================================
18:34:01.0611 1780 Scan finished
18:34:01.0611 1780 ============================================================
18:34:01.0627 1800 Detected object count: 0
18:34:01.0627 1800 Actual detected object count: 0
|
|
14.03.2012, 18:42
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Klon Virus Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.03.2012, 22:13
| #13 |
| | BKA Klon Virus beim scan ist eine meldung gekommen das die PEV.exe fehlerhaft sei und geschlossen werden muss keine ahnung inwiefern das wichtig ist . Und wegen update oder wiederherstellungskonsole gab es keine meldung . hier der log: Code:
ATTFilter ComboFix 12-03-14.01 - Kalkan 14.03.2012 21:48:55.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.49.1031.18.1013.228 [GMT 1:00]
ausgeführt von:: c:\users\Kalkan\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xp
c:\programdata\xp\EBLib.dll
c:\programdata\xp\TPwSav.sys
c:\users\Kalkan\4.0
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-14 bis 2012-03-14 ))))))))))))))))))))))))))))))
.
.
2012-03-14 21:03 . 2012-03-14 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 20:54 . 2012-03-14 20:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACBE41CB-9F7A-4FCA-B252-09BF0E4C9FE2}\offreg.dll
2012-03-14 17:38 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-14 17:38 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 17:08 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 17:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 17:06 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ACBE41CB-9F7A-4FCA-B252-09BF0E4C9FE2}\mpengine.dll
2012-03-14 17:05 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 17:05 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 17:05 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 17:05 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 17:05 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 17:05 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 20:37 . 2012-03-12 20:37 -------- d-----w- c:\program files\ESET
2012-03-12 18:29 . 2012-03-12 18:29 -------- d-----w- c:\users\Kalkan\AppData\Roaming\Malwarebytes
2012-03-12 18:29 . 2012-03-12 18:29 -------- d-----w- c:\programdata\Malwarebytes
2012-03-12 18:29 . 2012-03-12 18:29 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-12 18:29 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-12 17:37 . 2012-03-12 17:37 -------- d-----w- c:\users\Kalkan\AppData\Local\ElevatedDiagnostics
2012-02-17 08:48 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-17 08:48 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-02-17 08:48 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll
2012-02-17 08:48 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-02-17 08:48 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll
2012-02-17 08:47 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-02-17 08:47 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-16 13:13 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl
2012-02-16 13:13 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-16 13:13 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2011-05-09 08:59 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-16 13:04 . 2011-11-27 11:19 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-03-12 20:30 . 2011-11-22 20:07 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe" [2011-05-16 846936]
"Facebook Update"="c:\users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-25 137536]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosNC"="c:\program files\Toshiba\BulletinBoard\TosNcCore.exe" [2011-03-03 468904]
"TosReelTimeMonitor"="c:\program files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [2010-07-09 31648]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"Toshiba TEMPRO"="c:\program files\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-01 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-01 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-01 150552]
"SVPWUTIL"="c:\program files\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-03-03 352256]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 425984]
"KeNotify"="c:\program files\TOSHIBA\Utilities\KeNotify.exe" [2010-09-14 35440]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2010-12-09 521640]
"TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-12-15 844152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9808488]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RtHDVBg.exe" [2010-11-01 1522280]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-03-10 1697064]
"Teco"="c:\program files\TOSHIBA\TECO\Teco.exe" [2010-11-11 1349032]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 611672]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 22840]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-05-17 150992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-05-16 846936]
.
c:\users\Kalkan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-5-9 1470848]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 GamesAppService;GamesAppService;c:\program files\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-07-20 194664]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-19 36000]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [2010-01-28 185712]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 IconMan_R;IconMan_R;c:\program files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2010-08-04 1809920]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-11-11 189880]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-10-06 322664]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2010-10-18 999016]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 111960]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000Core.job
- c:\users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-25 15:18]
.
2012-03-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000UA.job
- c:\users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-25 15:18]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to MP3 Converter - c:\users\Kalkan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Zu TOSHIBA Bulletin Board hinzufügen - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Kalkan\AppData\Roaming\Mozilla\Firefox\Profiles\cr0spwhl.default\
FF - prefs.js: browser.startup.homepage - t-online.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-14 22:09:40
ComboFix-quarantined-files.txt 2012-03-14 21:09
.
Vor Suchlauf: 7 Verzeichnis(se), 130.247.634.944 Bytes frei
Nach Suchlauf: 9 Verzeichnis(se), 129.992.028.160 Bytes frei
.
- - End Of File - - A24F0A1E2903E4411A02D0C290F381AC
|
|
14.03.2012, 22:19
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | BKA Klon Virus Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.03.2012, 21:38
| #15 |
| | BKA Klon VirusCode:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:36:13 on 15.03.2012 OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 10.0.2 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000Core.job" - "Facebook Inc." - C:\Users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-3574710777-1255388082-933519676-1000UA.job" - "Facebook Inc." - C:\Users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights 10" - "Nero AG" - c:\Program Files\Nero\Nero 10\Nero BurnRights\NeroBurnRights_10.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Kalkan\AppData\Local\Temp\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {F764812A-132C-4013-9960-5CBBEB408A0E} "NeroShellExt Class" - "Nero AG" - c:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} "@C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229" - "TODO: <会社名>" - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Kalkan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Toshiba Places Icon Utility.lnk" - "Toshiba" - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\Kalkan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background "TOPI.EXE" - "TOSHIBA" - C:\Program Files\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "HWSetup" - "TOSHIBA Electronics, Inc." - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP "KeNotify" - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "NBAgent" - "Nero AG" - "c:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" "SVPWUTIL" - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL "TCrdMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "Teco" - "TOSHIBA Corporation" - "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r "Toshiba Registration" - "Toshiba Europe GmbH" - C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe "Toshiba TEMPRO" - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproTray.exe "ToshibaServiceStation" - "TOSHIBA Corporation" - "C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 "TosNC" - "TOSHIBA Corporation" - %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "TosReelTimeMonitor" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "TosSENotify" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe "TosVolRegulator" - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe "TPwrMain" - "TOSHIBA Corporation" - %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@c:\Program Files\Nero\Update\NASvc.exe,-200" (NAUpdate) - "Nero AG" - c:\Program Files\Nero\Update\NASvc.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe "ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe "GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files\WildTangent Games\App\GamesAppService.exe "IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files\Toshiba TEMPRO\TemproSvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe "TOSHIBA eco Utility Service" (TOSHIBA eco Utility Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TECO\TecoService.exe "TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe "TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe "TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
| Themen zu BKA Klon Virus |
| abgesicherten, anti, anti vir, anzeige, aufsetzen, blockiert, daten, entfernen, fiese, funktioniert, funktioniert nicht, hijack, hijackthis-log, laptop, modus, neu, neu aufsetzen, problem, programm, prozess, stick, system, taskmanager, verseucht, virus, wichtige daten, win7, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
