| |
| |||||||
Log-Analyse und Auswertung: Ist mein PC Sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
17.03.2012, 16:30
| #16 |
 |  Ist mein PC Sauber? hi ich habe grade OTL.exe geöffnet und er hat mir ein neues log gegeben, ich poste es hier. Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Folder C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Robin
->Temp folder emptied: 279888 bytes
->Temporary Internet Files folder emptied: 3804050 bytes
->Java cache emptied: 3695964 bytes
->Google Chrome cache emptied: 89830686 bytes
->Flash cache emptied: 1636 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028605 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 128,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.37.1 log created on 03172012_102736
Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
File move failed. C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000338ADDEF9BC8219C7E2 not found!
Registry entries deleted on Reboot...
Mfg Roxii |
|
17.03.2012, 20:12
| #17 |
| | Ist mein PC Sauber? Sorry für doppel post
__________________aber ich hab es nochmal gemacht, ich hoffe das es jetzt richtig ist der logg Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Folder C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Robin
->Temp folder emptied: 1638806 bytes
->Temporary Internet Files folder emptied: 1314333 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10002309 bytes
->Flash cache emptied: 470 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 12,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.37.1 log created on 03172012_200809
Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File\Folder G:\autorun.inf not found!
File\Folder G:\Setup.exe not found!
File\Folder C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
|
|
19.03.2012, 15:29
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Ist mein PC Sauber? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C  nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
19.03.2012, 16:47
| #19 |
| | Ist mein PC Sauber?Code:
ATTFilter 16:03:01.0247 1424 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
16:03:01.0547 1424 ============================================================
16:03:01.0547 1424 Current date / time: 2012/03/19 16:03:01.0547
16:03:01.0547 1424 SystemInfo:
16:03:01.0547 1424
16:03:01.0547 1424 OS Version: 6.1.7601 ServicePack: 1.0
16:03:01.0547 1424 Product type: Workstation
16:03:01.0547 1424 ComputerName: ROBIN-PC
16:03:01.0548 1424 UserName: Robin
16:03:01.0548 1424 Windows directory: C:\Windows
16:03:01.0548 1424 System windows directory: C:\Windows
16:03:01.0548 1424 Running under WOW64
16:03:01.0548 1424 Processor architecture: Intel x64
16:03:01.0548 1424 Number of processors: 4
16:03:01.0548 1424 Page size: 0x1000
16:03:01.0548 1424 Boot type: Normal boot
16:03:01.0548 1424 ============================================================
16:03:02.0786 1424 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:03:02.0825 1424 \Device\Harddisk0\DR0:
16:03:02.0853 1424 MBR used
16:03:02.0853 1424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
16:03:02.0853 1424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x1B19A800
16:03:02.0853 1424 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C9CD000, BlocksNum 0xD4E6000
16:03:02.0938 1424 Initialize success
16:03:02.0938 1424 ============================================================
16:04:09.0584 2804 ============================================================
16:04:09.0584 2804 Scan started
16:04:09.0584 2804 Mode: Manual; SigCheck; TDLFS;
16:04:09.0584 2804 ============================================================
16:04:09.0818 2804 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:04:09.0928 2804 1394ohci - ok
16:04:10.0021 2804 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:04:10.0037 2804 ACPI - ok
16:04:10.0115 2804 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:04:10.0208 2804 AcpiPmi - ok
16:04:10.0333 2804 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:04:10.0380 2804 adp94xx - ok
16:04:10.0411 2804 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:04:10.0427 2804 adpahci - ok
16:04:10.0442 2804 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:04:10.0458 2804 adpu320 - ok
16:04:10.0583 2804 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:04:10.0630 2804 AFD - ok
16:04:10.0692 2804 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:04:10.0708 2804 agp440 - ok
16:04:10.0754 2804 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:04:10.0786 2804 aliide - ok
16:04:10.0801 2804 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:04:10.0801 2804 amdide - ok
16:04:10.0895 2804 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:04:10.0973 2804 AmdK8 - ok
16:04:11.0051 2804 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:04:11.0098 2804 AmdPPM - ok
16:04:11.0160 2804 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:04:11.0176 2804 amdsata - ok
16:04:11.0222 2804 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:04:11.0254 2804 amdsbs - ok
16:04:11.0316 2804 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:04:11.0347 2804 amdxata - ok
16:04:11.0394 2804 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:04:11.0581 2804 AppID - ok
16:04:11.0675 2804 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:04:11.0690 2804 arc - ok
16:04:11.0753 2804 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:04:11.0784 2804 arcsas - ok
16:04:11.0815 2804 aswFsBlk (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
16:04:11.0862 2804 aswFsBlk - ok
16:04:11.0940 2804 aswMonFlt (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
16:04:11.0956 2804 aswMonFlt - ok
16:04:11.0987 2804 aswRdr (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
16:04:11.0987 2804 aswRdr - ok
16:04:12.0034 2804 aswSnx (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
16:04:12.0049 2804 aswSnx - ok
16:04:12.0065 2804 aswSP (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
16:04:12.0080 2804 aswSP - ok
16:04:12.0112 2804 aswTdi (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
16:04:12.0112 2804 aswTdi - ok
16:04:12.0143 2804 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:04:12.0299 2804 AsyncMac - ok
16:04:12.0330 2804 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:04:12.0330 2804 atapi - ok
16:04:12.0392 2804 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:04:12.0470 2804 b06bdrv - ok
16:04:12.0548 2804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:04:12.0611 2804 b57nd60a - ok
16:04:12.0704 2804 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:04:12.0782 2804 Beep - ok
16:04:12.0860 2804 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:12.0907 2804 blbdrive - ok
16:04:13.0001 2804 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:04:13.0079 2804 bowser - ok
16:04:13.0141 2804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:13.0235 2804 BrFiltLo - ok
16:04:13.0266 2804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:13.0266 2804 BrFiltUp - ok
16:04:13.0297 2804 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:04:13.0328 2804 Brserid - ok
16:04:13.0344 2804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:13.0360 2804 BrSerWdm - ok
16:04:13.0406 2804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:13.0453 2804 BrUsbMdm - ok
16:04:13.0516 2804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:13.0547 2804 BrUsbSer - ok
16:04:13.0594 2804 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:13.0640 2804 BTHMODEM - ok
16:04:13.0734 2804 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:13.0828 2804 cdfs - ok
16:04:13.0937 2804 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:04:13.0999 2804 cdrom - ok
16:04:14.0108 2804 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:04:14.0155 2804 circlass - ok
16:04:14.0202 2804 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:04:14.0249 2804 CLFS - ok
16:04:14.0342 2804 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:14.0389 2804 CmBatt - ok
16:04:14.0436 2804 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:04:14.0452 2804 cmdide - ok
16:04:14.0545 2804 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:04:14.0576 2804 CNG - ok
16:04:14.0608 2804 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:14.0623 2804 Compbatt - ok
16:04:14.0732 2804 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:04:14.0795 2804 CompositeBus - ok
16:04:14.0888 2804 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:14.0920 2804 crcdisk - ok
16:04:15.0044 2804 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:04:15.0091 2804 DfsC - ok
16:04:15.0185 2804 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:04:15.0247 2804 discache - ok
16:04:15.0341 2804 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:04:15.0372 2804 Disk - ok
16:04:15.0466 2804 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:04:15.0497 2804 drmkaud - ok
16:04:15.0544 2804 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:04:15.0544 2804 dtsoftbus01 - ok
16:04:15.0606 2804 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:15.0637 2804 DXGKrnl - ok
16:04:15.0762 2804 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:04:15.0871 2804 ebdrv - ok
16:04:15.0980 2804 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:16.0012 2804 elxstor - ok
16:04:16.0027 2804 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:04:16.0058 2804 ErrDev - ok
16:04:16.0090 2804 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:04:16.0121 2804 exfat - ok
16:04:16.0152 2804 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:04:16.0214 2804 fastfat - ok
16:04:16.0308 2804 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:04:16.0339 2804 fdc - ok
16:04:16.0386 2804 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:04:16.0402 2804 FileInfo - ok
16:04:16.0433 2804 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:04:16.0511 2804 Filetrace - ok
16:04:16.0620 2804 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:16.0651 2804 flpydisk - ok
16:04:16.0729 2804 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:04:16.0760 2804 FltMgr - ok
16:04:16.0854 2804 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:04:16.0885 2804 FsDepends - ok
16:04:16.0901 2804 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:16.0901 2804 Fs_Rec - ok
16:04:16.0948 2804 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:16.0979 2804 fvevol - ok
16:04:17.0010 2804 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:17.0010 2804 gagp30kx - ok
16:04:17.0026 2804 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:04:17.0057 2804 hcw85cir - ok
16:04:17.0135 2804 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:04:17.0197 2804 HdAudAddService - ok
16:04:17.0291 2804 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:04:17.0338 2804 HDAudBus - ok
16:04:17.0400 2804 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:17.0447 2804 HidBatt - ok
16:04:17.0462 2804 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:17.0494 2804 HidBth - ok
16:04:17.0525 2804 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:04:17.0572 2804 HidIr - ok
16:04:17.0618 2804 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:04:17.0650 2804 HidUsb - ok
16:04:17.0696 2804 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:04:17.0712 2804 HpSAMD - ok
16:04:17.0759 2804 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:04:17.0852 2804 HTTP - ok
16:04:17.0930 2804 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:04:17.0946 2804 hwpolicy - ok
16:04:18.0008 2804 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:04:18.0040 2804 i8042prt - ok
16:04:18.0102 2804 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:04:18.0149 2804 iaStorV - ok
16:04:18.0211 2804 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:18.0242 2804 iirsp - ok
16:04:18.0274 2804 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:04:18.0274 2804 intelide - ok
16:04:18.0352 2804 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:18.0383 2804 intelppm - ok
16:04:18.0430 2804 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:18.0492 2804 IpFilterDriver - ok
16:04:18.0586 2804 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:04:18.0632 2804 IPMIDRV - ok
16:04:18.0726 2804 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:04:18.0788 2804 IPNAT - ok
16:04:18.0820 2804 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:04:18.0866 2804 IRENUM - ok
16:04:18.0882 2804 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:04:18.0898 2804 isapnp - ok
16:04:18.0991 2804 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:04:19.0038 2804 iScsiPrt - ok
16:04:19.0085 2804 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:04:19.0116 2804 kbdclass - ok
16:04:19.0147 2804 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:04:19.0163 2804 kbdhid - ok
16:04:19.0194 2804 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:04:19.0210 2804 KSecDD - ok
16:04:19.0241 2804 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:19.0241 2804 KSecPkg - ok
16:04:19.0272 2804 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:04:19.0303 2804 ksthunk - ok
16:04:19.0397 2804 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:19.0444 2804 lltdio - ok
16:04:19.0522 2804 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:19.0553 2804 LSI_FC - ok
16:04:19.0584 2804 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:19.0615 2804 LSI_SAS - ok
16:04:19.0631 2804 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:19.0646 2804 LSI_SAS2 - ok
16:04:19.0693 2804 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:19.0724 2804 LSI_SCSI - ok
16:04:19.0756 2804 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:04:19.0802 2804 luafv - ok
16:04:19.0912 2804 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
16:04:19.0958 2804 LVRS64 - ok
16:04:20.0099 2804 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:04:20.0255 2804 LVUVC64 - ok
16:04:20.0364 2804 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
16:04:20.0395 2804 ManyCam - ok
16:04:20.0442 2804 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:04:20.0473 2804 MBAMProtector - ok
16:04:20.0504 2804 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:04:20.0504 2804 megasas - ok
16:04:20.0536 2804 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:20.0536 2804 MegaSR - ok
16:04:20.0567 2804 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:04:20.0614 2804 Modem - ok
16:04:20.0707 2804 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:04:20.0754 2804 monitor - ok
16:04:20.0801 2804 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:04:20.0832 2804 mouclass - ok
16:04:20.0863 2804 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:04:20.0894 2804 mouhid - ok
16:04:20.0926 2804 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:04:20.0957 2804 mountmgr - ok
16:04:21.0019 2804 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:04:21.0066 2804 mpio - ok
16:04:21.0144 2804 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:04:21.0222 2804 mpsdrv - ok
16:04:21.0284 2804 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:04:21.0331 2804 MRxDAV - ok
16:04:21.0425 2804 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:04:21.0487 2804 mrxsmb - ok
16:04:21.0534 2804 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:04:21.0596 2804 mrxsmb10 - ok
16:04:21.0674 2804 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:04:21.0706 2804 mrxsmb20 - ok
16:04:21.0737 2804 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:04:21.0752 2804 msahci - ok
16:04:21.0815 2804 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:04:21.0846 2804 msdsm - ok
16:04:21.0877 2804 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:04:21.0908 2804 Msfs - ok
16:04:21.0924 2804 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:04:21.0955 2804 mshidkmdf - ok
16:04:22.0018 2804 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:04:22.0049 2804 msisadrv - ok
16:04:22.0111 2804 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:04:22.0189 2804 MSKSSRV - ok
16:04:22.0252 2804 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:04:22.0298 2804 MSPCLOCK - ok
16:04:22.0298 2804 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:04:22.0376 2804 MSPQM - ok
16:04:22.0486 2804 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:04:22.0517 2804 MsRPC - ok
16:04:22.0532 2804 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:04:22.0548 2804 mssmbios - ok
16:04:22.0564 2804 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:04:22.0626 2804 MSTEE - ok
16:04:22.0688 2804 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:04:22.0751 2804 MTConfig - ok
16:04:22.0844 2804 MTsensor (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
16:04:22.0860 2804 MTsensor - ok
16:04:22.0907 2804 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:04:22.0922 2804 Mup - ok
16:04:23.0000 2804 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:04:23.0078 2804 NativeWifiP - ok
16:04:23.0188 2804 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:04:23.0234 2804 NDIS - ok
16:04:23.0266 2804 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:04:23.0312 2804 NdisCap - ok
16:04:23.0390 2804 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:04:23.0453 2804 NdisTapi - ok
16:04:23.0562 2804 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:04:23.0640 2804 Ndisuio - ok
16:04:23.0734 2804 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:04:23.0796 2804 NdisWan - ok
16:04:23.0858 2804 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:04:23.0936 2804 NDProxy - ok
16:04:24.0046 2804 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:04:24.0092 2804 NetBIOS - ok
16:04:24.0186 2804 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:04:24.0248 2804 NetBT - ok
16:04:24.0342 2804 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:04:24.0373 2804 nfrd960 - ok
16:04:24.0389 2804 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:04:24.0436 2804 Npfs - ok
16:04:24.0514 2804 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:04:24.0576 2804 nsiproxy - ok
16:04:24.0638 2804 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:04:24.0716 2804 Ntfs - ok
16:04:24.0763 2804 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:04:24.0826 2804 Null - ok
16:04:24.0919 2804 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:04:24.0935 2804 nusb3xhc - ok
16:04:25.0013 2804 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
16:04:25.0044 2804 NVHDA - ok
16:04:25.0340 2804 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:04:25.0465 2804 nvlddmkm - ok
16:04:25.0574 2804 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:04:25.0606 2804 nvraid - ok
16:04:25.0637 2804 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:04:25.0652 2804 nvstor - ok
16:04:25.0762 2804 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:04:25.0808 2804 ohci1394 - ok
16:04:25.0840 2804 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:04:25.0855 2804 Parport - ok
16:04:25.0871 2804 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:04:25.0886 2804 partmgr - ok
16:04:25.0933 2804 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:04:25.0933 2804 pci - ok
16:04:25.0964 2804 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:04:25.0964 2804 pciide - ok
16:04:25.0996 2804 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:04:26.0011 2804 pcmcia - ok
16:04:26.0027 2804 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:04:26.0042 2804 pcw - ok
16:04:26.0058 2804 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:04:26.0120 2804 PEAUTH - ok
16:04:26.0198 2804 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:04:26.0261 2804 PptpMiniport - ok
16:04:26.0308 2804 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:04:26.0354 2804 Processor - ok
16:04:26.0448 2804 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:04:26.0526 2804 Psched - ok
16:04:26.0651 2804 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:04:26.0713 2804 ql2300 - ok
16:04:26.0713 2804 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:04:26.0729 2804 ql40xx - ok
16:04:26.0729 2804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:04:26.0760 2804 QWAVEdrv - ok
16:04:26.0776 2804 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:04:26.0791 2804 RasAcd - ok
16:04:26.0869 2804 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:04:26.0916 2804 RasAgileVpn - ok
16:04:26.0947 2804 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:04:27.0010 2804 Rasl2tp - ok
16:04:27.0134 2804 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:04:27.0212 2804 RasPppoe - ok
16:04:27.0306 2804 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:04:27.0384 2804 RasSstp - ok
16:04:27.0446 2804 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:04:27.0556 2804 rdbss - ok
16:04:27.0602 2804 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:04:27.0649 2804 rdpbus - ok
16:04:27.0680 2804 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:04:27.0743 2804 RDPCDD - ok
16:04:27.0821 2804 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:04:27.0899 2804 RDPENCDD - ok
16:04:27.0946 2804 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:04:27.0977 2804 RDPREFMP - ok
16:04:28.0024 2804 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:04:28.0070 2804 RDPWD - ok
16:04:28.0133 2804 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:04:28.0164 2804 rdyboost - ok
16:04:28.0273 2804 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:04:28.0336 2804 rspndr - ok
16:04:28.0445 2804 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:04:28.0460 2804 RTL8167 - ok
16:04:28.0492 2804 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:04:28.0507 2804 sbp2port - ok
16:04:28.0585 2804 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:04:28.0632 2804 scfilter - ok
16:04:28.0694 2804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:04:28.0757 2804 secdrv - ok
16:04:28.0850 2804 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:04:28.0882 2804 Serenum - ok
16:04:28.0897 2804 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:04:28.0928 2804 Serial - ok
16:04:29.0006 2804 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:04:29.0084 2804 sermouse - ok
16:04:29.0131 2804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:04:29.0178 2804 sffdisk - ok
16:04:29.0194 2804 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:04:29.0209 2804 sffp_mmc - ok
16:04:29.0256 2804 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:04:29.0303 2804 sffp_sd - ok
16:04:29.0318 2804 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:04:29.0365 2804 sfloppy - ok
16:04:29.0459 2804 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:04:29.0490 2804 SiSRaid2 - ok
16:04:29.0490 2804 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:04:29.0506 2804 SiSRaid4 - ok
16:04:29.0615 2804 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:04:29.0677 2804 Smb - ok
16:04:29.0740 2804 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:04:29.0755 2804 spldr - ok
16:04:29.0802 2804 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:04:29.0880 2804 srv - ok
16:04:29.0989 2804 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:04:30.0036 2804 srv2 - ok
16:04:30.0098 2804 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:04:30.0130 2804 srvnet - ok
16:04:30.0208 2804 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:04:30.0239 2804 stexstor - ok
16:04:30.0286 2804 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:04:30.0317 2804 swenum - ok
16:04:30.0410 2804 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:04:30.0488 2804 Tcpip - ok
16:04:30.0582 2804 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:04:30.0613 2804 TCPIP6 - ok
16:04:30.0660 2804 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:04:30.0723 2804 tcpipreg - ok
16:04:30.0785 2804 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:04:30.0816 2804 TDPIPE - ok
16:04:30.0863 2804 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:04:30.0910 2804 TDTCP - ok
16:04:30.0972 2804 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:04:31.0019 2804 tdx - ok
16:04:31.0050 2804 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:04:31.0066 2804 TermDD - ok
16:04:31.0113 2804 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:04:31.0175 2804 tssecsrv - ok
16:04:31.0269 2804 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:04:31.0315 2804 TsUsbFlt - ok
16:04:31.0393 2804 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:04:31.0456 2804 tunnel - ok
16:04:31.0487 2804 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:04:31.0518 2804 uagp35 - ok
16:04:31.0549 2804 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:04:31.0596 2804 udfs - ok
16:04:31.0643 2804 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:04:31.0659 2804 uliagpkx - ok
16:04:31.0799 2804 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:04:31.0830 2804 umbus - ok
16:04:31.0846 2804 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:04:31.0877 2804 UmPass - ok
16:04:31.0986 2804 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:04:32.0033 2804 usbaudio - ok
16:04:32.0049 2804 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:04:32.0095 2804 usbccgp - ok
16:04:32.0205 2804 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:04:32.0251 2804 usbcir - ok
16:04:32.0283 2804 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:04:32.0314 2804 usbehci - ok
16:04:32.0361 2804 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:04:32.0407 2804 usbhub - ok
16:04:32.0454 2804 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:04:32.0501 2804 usbohci - ok
16:04:32.0579 2804 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:04:32.0626 2804 usbprint - ok
16:04:32.0657 2804 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:04:32.0673 2804 USBSTOR - ok
16:04:32.0719 2804 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:04:32.0766 2804 usbuhci - ok
16:04:32.0829 2804 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:04:32.0860 2804 vdrvroot - ok
16:04:32.0922 2804 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:04:32.0953 2804 vga - ok
16:04:32.0985 2804 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:04:33.0047 2804 VgaSave - ok
16:04:33.0063 2804 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:04:33.0078 2804 vhdmp - ok
16:04:33.0094 2804 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:04:33.0109 2804 viaide - ok
16:04:33.0125 2804 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:04:33.0125 2804 volmgr - ok
16:04:33.0156 2804 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:04:33.0172 2804 volmgrx - ok
16:04:33.0187 2804 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:04:33.0219 2804 volsnap - ok
16:04:33.0312 2804 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:04:33.0343 2804 vsmraid - ok
16:04:33.0359 2804 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:04:33.0390 2804 vwifibus - ok
16:04:33.0437 2804 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:04:33.0468 2804 WacomPen - ok
16:04:33.0531 2804 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:33.0577 2804 WANARP - ok
16:04:33.0593 2804 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:33.0609 2804 Wanarpv6 - ok
16:04:33.0671 2804 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:04:33.0702 2804 Wd - ok
16:04:33.0718 2804 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:04:33.0749 2804 Wdf01000 - ok
16:04:33.0796 2804 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:04:33.0827 2804 WfpLwf - ok
16:04:33.0843 2804 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:04:33.0843 2804 WIMMount - ok
16:04:33.0967 2804 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:04:33.0999 2804 WmiAcpi - ok
16:04:34.0030 2804 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:04:34.0061 2804 ws2ifsl - ok
16:04:34.0108 2804 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:04:34.0123 2804 WudfPf - ok
16:04:34.0155 2804 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:04:34.0217 2804 WUDFRd - ok
16:04:34.0233 2804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:04:34.0389 2804 \Device\Harddisk0\DR0 - ok
16:04:34.0389 2804 Boot (0x1200) (7b05a0c8d90e988eb4136b3e23d9e93e) \Device\Harddisk0\DR0\Partition0
16:04:34.0404 2804 \Device\Harddisk0\DR0\Partition0 - ok
16:04:34.0435 2804 Boot (0x1200) (b554268e4eca51bf36d05f9f16170c41) \Device\Harddisk0\DR0\Partition1
16:04:34.0435 2804 \Device\Harddisk0\DR0\Partition1 - ok
16:04:34.0467 2804 Boot (0x1200) (2ccdf725c11161936deb7a8a74877aba) \Device\Harddisk0\DR0\Partition2
16:04:34.0467 2804 \Device\Harddisk0\DR0\Partition2 - ok
16:04:34.0467 2804 ============================================================
16:04:34.0467 2804 Scan finished
16:04:34.0467 2804 ============================================================
16:04:34.0498 2004 Detected object count: 0
16:04:34.0498 2004 Actual detected object count: 0
|
|
19.03.2012, 17:02
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2012, 18:25
| #21 |
| | Ist mein PC Sauber? hi habe den scan gemacht und keine maus oder tastatur verwendet. Code:
ATTFilter ComboFix 12-03-18.04 - Robin 19.03.2012 18:10:06.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2895 [GMT 1:00]
ausgeführt von:: c:\users\Robin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-19 bis 2012-03-19 ))))))))))))))))))))))))))))))
.
.
2012-03-19 17:13 . 2012-03-19 17:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-19 16:12 . 2012-03-19 16:13 -------- d-----w- c:\program files\Core Temp
2012-03-17 09:31 . 2012-03-17 09:31 -------- d-----w- c:\program files (x86)\7-Zip
2012-03-17 09:27 . 2012-03-17 09:27 -------- d-----w- C:\_OTL
2012-03-16 09:44 . 2012-02-20 00:05 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{93CA4E39-1C82-4176-B393-38F33324CD83}\mpengine.dll
2012-03-15 02:47 . 2012-03-15 02:47 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2012-03-15 02:47 . 2012-03-15 02:47 -------- d-----w- c:\program files\Common Files\logishrd
2012-03-14 20:17 . 2012-03-14 20:17 -------- d-----w- c:\program files (x86)\ESET
2012-03-14 20:16 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 20:16 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:16 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 19:10 . 2012-03-14 19:10 -------- d-----w- c:\programdata\Malwarebytes
2012-03-14 19:10 . 2012-03-14 19:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 19:10 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-14 19:08 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 19:08 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 19:08 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 19:07 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 19:07 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 19:07 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 19:07 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-14 19:07 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 19:07 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 19:07 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:14 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-03-14 02:14 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-03-14 02:14 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-03-14 02:14 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-03-14 02:14 . 2010-06-02 03:55 239960 ----a-w- c:\windows\SysWow64\xactengine3_7.dll
2012-03-14 02:14 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-03-14 02:14 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-03-14 02:14 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-03-14 01:42 . 2012-03-14 01:42 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-03-14 01:29 . 2012-03-14 01:36 -------- d-----w- C:\The Elder Scrolls V- Skyrim
2012-03-14 01:16 . 2012-03-14 01:27 -------- d-----w- c:\program files (x86)\The Elder Scrolls V- Skyrim
2012-03-14 01:02 . 2012-03-14 01:03 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-03-13 20:34 . 2012-03-15 11:05 -------- d-----w- c:\users\UpdatusUser
2012-03-13 20:33 . 2012-02-29 21:00 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-03-13 20:33 . 2012-02-29 21:00 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-03-13 20:33 . 2012-02-29 20:59 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-03-13 20:33 . 2012-02-29 20:59 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-03-13 20:33 . 2012-02-29 20:59 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-13 20:33 . 2012-02-29 20:59 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-03-13 20:33 . 2012-02-29 20:59 2515790 ----a-w- c:\windows\system32\nvcoproc.bin
2012-03-13 20:33 . 2012-03-13 20:33 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-03-13 20:23 . 2012-03-13 20:33 -------- d-----w- C:\NVIDIA
2012-03-13 19:59 . 2012-03-13 20:18 -------- d-----w- c:\program files (x86)\Driver Cleaner Pro
2012-03-13 10:14 . 2012-01-09 12:43 606208 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-03-13 10:14 . 2012-01-09 12:43 139264 ----a-w- c:\windows\SysWow64\xvid.ax
2012-03-13 10:14 . 2006-07-17 23:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-03-13 10:14 . 2004-04-05 09:31 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-13 10:14 . 2012-03-13 10:14 -------- d-----w- c:\program files (x86)\Moyea
2012-03-13 05:09 . 2012-03-13 05:09 -------- d-----w- c:\program files\GIMP-2.0
2012-03-08 13:49 . 2012-03-08 13:49 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-03-08 13:49 . 2012-03-08 13:49 -------- d-----w- c:\windows\system32\wbem\en-US
2012-03-07 16:46 . 2012-03-07 16:46 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-03-07 16:46 . 2012-03-07 16:46 -------- d-----r- c:\program files (x86)\Skype
2012-03-07 16:46 . 2012-03-07 16:46 -------- d-----w- c:\programdata\Skype
2012-03-07 14:28 . 2012-01-03 07:03 810496 ----a-w- c:\windows\system32\xvidcore.dll
2012-03-07 14:28 . 2012-01-03 07:03 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2012-03-07 14:28 . 2012-01-03 07:03 183808 ----a-w- c:\windows\system32\xvidvfw.dll
2012-03-07 14:28 . 2012-01-03 07:03 389120 ----a-w- c:\windows\SysWow64\actskn43.ocx
2012-03-07 14:28 . 2012-01-03 07:03 389120 ----a-w- c:\windows\system32\actskn43.ocx
2012-03-07 14:28 . 2012-03-07 14:28 -------- d-----w- c:\program files (x86)\SplitCam
2012-03-07 14:06 . 2012-03-07 14:20 -------- d-----w- c:\programdata\WebcamMax
2012-03-07 14:01 . 2012-03-07 19:20 -------- d-----w- c:\program files (x86)\7.1.0.0
2012-03-07 13:09 . 2004-03-08 23:00 152848 ----a-w- c:\windows\SysWow64\COMDLG32.OCX
2012-03-07 13:09 . 2004-03-08 22:00 132880 ----a-w- c:\windows\SysWow64\MSINET.OCX
2012-03-07 13:09 . 2004-03-08 22:00 1081616 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-03-07 13:09 . 2012-03-07 13:09 -------- d-----w- c:\program files (x86)\Common Files\Web Solution Mart
2012-03-07 05:48 . 2012-03-07 12:17 -------- d-----w- c:\program files (x86)\PC Tools
2012-03-07 05:42 . 2012-03-07 12:17 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-03-07 05:42 . 2012-02-24 09:36 230952 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-03-07 05:41 . 2012-03-07 06:03 -------- d-----w- c:\programdata\PC Tools
2012-03-07 04:59 . 2012-03-07 05:40 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-07 04:59 . 2012-03-07 04:59 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-07 04:53 . 2012-03-07 04:59 -------- d-----w- c:\programdata\Lavasoft
2012-03-07 04:04 . 2012-03-08 17:10 -------- d-----w- c:\program files (x86)\Pidgin
2012-03-07 01:53 . 2012-03-07 01:53 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-07 01:52 . 2012-03-07 01:52 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-03-07 01:52 . 2012-03-07 01:52 -------- d-----w- c:\program files (x86)\Java
2012-03-07 00:55 . 2012-03-19 17:00 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-07 00:55 . 2012-03-07 00:55 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-03-06 02:03 . 2012-03-06 02:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-03-05 16:46 . 2012-03-05 16:46 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-03-05 11:53 . 2012-03-05 11:53 -------- d-----w- c:\program files (x86)\SlimBrowser
2012-03-05 09:18 . 2012-03-05 09:18 -------- d-----w- c:\windows\system32\SPReview
2012-03-05 09:17 . 2012-03-05 09:17 -------- d-----w- c:\windows\system32\EventProviders
2012-03-04 12:13 . 2010-11-20 13:33 951680 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-03-04 12:12 . 2010-11-20 13:34 71552 ----a-w- c:\windows\system32\drivers\volmgr.sys
2012-03-04 12:11 . 2010-11-20 13:33 155008 ----a-w- c:\windows\system32\drivers\mpio.sys
2012-03-04 12:10 . 2010-11-20 13:27 36352 ----a-w- c:\windows\system32\wdiasqmmodule.dll
2012-03-04 12:09 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll
2012-03-04 12:09 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2012-03-04 12:09 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll
2012-03-04 12:09 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2012-03-04 12:09 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-04 12:09 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2012-03-04 12:07 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2012-03-04 12:07 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-04 12:07 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll
2012-03-04 09:44 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-03-04 09:44 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-03-04 09:44 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-03-03 12:44 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2012-03-03 12:44 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2012-03-03 12:44 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2012-03-03 12:44 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2012-03-03 12:44 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2012-03-03 12:44 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2012-03-03 02:28 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-03-03 02:14 . 2010-12-23 10:42 961024 ----a-w- c:\windows\system32\CPFilters.dll
2012-03-03 02:13 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-03-03 02:12 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2012-03-03 02:11 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2012-03-03 02:08 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-03-03 02:08 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-03-02 19:44 . 2012-03-02 19:44 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-03-02 19:44 . 2012-03-02 19:44 -------- d-----w- c:\programdata\ICQ
2012-03-02 19:40 . 2012-03-02 19:45 -------- d-----w- c:\program files (x86)\ICQ7.7
2012-03-02 11:24 . 2012-03-02 11:24 -------- d-----w- c:\windows\SysWow64\QuickTime
2012-03-02 11:24 . 2012-03-02 11:25 -------- d-----w- c:\programdata\TechSmith
2012-03-02 11:24 . 2012-03-02 11:24 -------- d-----w- c:\program files (x86)\QuickTime
2012-03-02 11:24 . 2012-03-02 11:24 -------- d-----w- c:\program files (x86)\Common Files\TechSmith Shared
2012-03-02 11:24 . 2012-03-02 11:24 -------- d-----w- c:\program files (x86)\TechSmith
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 09:24 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-03-05 09:24 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-03-02 09:34 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-02 09:34 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-18 05:44 . 2012-01-18 05:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 05:44 . 2012-01-18 05:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 05:44 . 2012-01-18 05:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 05:44 . 2012-01-18 05:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 05:44 . 2012-01-18 05:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 05:44 . 2012-01-18 05:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 05:44 . 2012-01-18 05:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 05:44 . 2012-01-18 05:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 05:44 . 2012-01-18 05:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 05:44 . 2012-01-18 05:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 05:44 . 2012-01-18 05:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-18 05:23 . 2012-01-18 05:23 38958 ----a-w- c:\windows\system32\Repository.reg
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A02B5E09-122E-4A2D-B996-D997485B8C9E}]
2012-02-28 17:11 269312 ----a-w- c:\users\Robin\AppData\LocalLow\Flagfox\IE\Flagfox.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ALSysIO;ALSysIO;c:\users\Robin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FlagfoxUpdater;Flagfox Updater;c:\users\Robin\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe [2012-02-28 18432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 135408 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page =
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\SecuROM\License information*]
"datasecu"=hex:51,61,cc,75,07,db,89,fd,0d,69,f4,14,17,19,52,52,53,0f,28,8b,42,
f1,19,f0,55,93,ef,fc,00,12,82,5a,9b,a0,f8,17,65,11,d3,50,5d,2b,1a,32,1e,35,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-19 18:17:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-19 17:17
.
Vor Suchlauf: 9 Verzeichnis(se), 112.393.822.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 112.277.676.032 Bytes frei
.
- - End Of File - - E9A397C92D285160F2E951C24B5FF8B8
__________________ --> Ist mein PC Sauber? |
|
19.03.2012, 18:33
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2012, 18:56
| #23 |
| | Ist mein PC Sauber?Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 18:44:12
-----------------------------
18:44:12.585 OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:12.585 Number of processors: 4 586 0x403
18:44:12.586 ComputerName: ROBIN-PC UserName: Robin
18:44:12.978 Initialize success
18:44:13.011 AVAST engine defs: 12031900
18:44:33.465 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:44:33.466 Disk 0 Vendor: ST3360320AS 3.AAM Size: 343399MB BusType: 3
18:44:33.488 Disk 0 MBR read successfully
18:44:33.490 Disk 0 MBR scan
18:44:33.491 Disk 0 Windows 7 default MBR code
18:44:33.501 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
18:44:33.512 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
18:44:33.517 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 222005 MB offset 25372672
18:44:33.538 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 109004 MB offset 480038912
18:44:33.561 Disk 0 scanning C:\Windows\system32\drivers
18:44:37.887 Service scanning
18:44:47.467 Modules scanning
18:44:47.467 Disk 0 trace - called modules:
18:44:47.482 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:44:47.485 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5c060]
18:44:47.487 3 CLASSPNP.SYS[fffff8800199343f] -> nt!IofCallDriver -> [0xfffffa80043f4520]
18:44:47.497 5 ACPI.sys[fffff88000e357a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0xfffffa80043f9680]
18:44:47.824 AVAST engine scan C:\Windows
18:44:49.170 AVAST engine scan C:\Windows\system32
18:46:16.114 AVAST engine scan C:\Windows\system32\drivers
18:46:21.170 AVAST engine scan C:\Users\Robin
18:47:08.024 File: C:\Users\Robin\Desktop\skyrim4gb.exe **INFECTED** Win32:Ransom [Trj]
18:47:13.038 AVAST engine scan C:\ProgramData
18:47:23.363 Scan finished successfully
18:55:07.094 Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
18:55:07.097 The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"
diese skyrim4gb.exe habe ich gedownloaded damit skyrim die 4gb ram ausnutzen kann, vom entwickler macht es sonst nur 2 gb ram
__________________ CPU phenom II x4 965 @ 4,10 ghz Grafikkarte GTX 560 Ti Ram 4 GB |
|
19.03.2012, 19:00
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2012, 20:24
| #25 |
| | Ist mein PC Sauber?Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.19.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Robin :: ROBIN-PC [Administrator] Schutz: Deaktiviert 19.03.2012 19:12:12 mbam-log-2012-03-19 (19-12-12).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 335081 Laufzeit: 32 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/19/2012 at 08:21 PM
Application Version : 5.0.1146
Core Rules Database Version : 8350
Trace Rules Database Version: 6162
Scan type : Complete Scan
Total Scan Time : 00:33:53
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User
Memory items scanned : 475
Memory threats detected : 0
Registry items scanned : 67553
Registry threats detected : 0
File items scanned : 52433
File threats detected : 6
Adware.Tracking Cookie
stats.computecmedia.de [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
Trojan.Agent/Gen-InstallIQ
C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00089F
C:\USERS\ROBIN\DOWNLOADS\CORETEMP_1236.EXE
C:\Windows\Prefetch\CORETEMP_1236.EXE-3190DE95.pf
__________________ CPU phenom II x4 965 @ 4,10 ghz Grafikkarte GTX 560 Ti Ram 4 GB |
|
20.03.2012, 16:07
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Kann alle weg. Nur Cookies und wenn überhaupt nur Überreste wenn es denn überhaupt Schädlinge sind und keine Fehlalarme. Rechner soweit wieder ok?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.03.2012, 20:37
| #27 |
| | Ist mein PC Sauber? hey danke cosinus ich glaube der rechner läuft jetzt wieder schneller. Vielen Dank Super Arbeit
__________________ CPU phenom II x4 965 @ 4,10 ghz Grafikkarte GTX 560 Ti Ram 4 GB |
|
21.03.2012, 14:59
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Ist mein PC Sauber? Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Adobe - Andere Version des Adobe Flash Player installieren Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.03.2012, 19:35
| #29 |
| | Ist mein PC Sauber? danke hab alles geupdatet und passwörter geändert. duuu bist ein held. :-) mfg Roxii
__________________ CPU phenom II x4 965 @ 4,10 ghz Grafikkarte GTX 560 Ti Ram 4 GB |
|
| Themen zu Ist mein PC Sauber? |
| antivirus, asus, avast, cdrom, computer, defender, explorer, firefox, google, helper, home, icq, ics, log, mozilla, nvidia, nvidia update, plug-in, realtek, software, studio, svchost.exe, system, trojaner, usb, usb 3.0, viren, webcam, windows, windows 7 64bit, windows 7 home, windows 7 home premium |
Linear-Darstellung
