TR/ATRAPS.Gen2 und TR/Sirefef.AG.35

tomatriga · 27.06.2012, 21:23

Hallo zusammen,

zwei Probleme hat mein Avira festgestellt:

In der Datei 'C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.

In der Datei 'C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@'
wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.AG.35' [trojan] gefunden.

Habe mich an die regeln gehalten und daher hier die Logs:

OTL

Code:

ATTFilter

OTL logfile created on: 27.06.2012 21:02:30 - Run 1
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Krokodil_2\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,43 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 73,37% Memory free
4,85 Gb Paging File | 3,87 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 436,22 Gb Free Space | 93,68% Space Free | Partition Type: NTFS
 
Computer Name: KROKODIL-PC | User Name: Krokodil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 20:57:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Krokodil_2\Downloads\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.06 10:22:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.27 12:04:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 23:26:58 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.22 03:19:24 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.22 14:46:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.22 14:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.22 14:45:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.24 17:48:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.14 16:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 16:47:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.14 16:47:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 16:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 16:47:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 16:47:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.09 15:50:00 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.09.09 14:11:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.16 10:59:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.06 10:22:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:04:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2011.07.06 10:22:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.06 10:22:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.03.30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 23:44:38 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.08 22:52:32 | 000,222,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.27 23:02:46 | 009,023,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2010.07.22 03:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 14:21:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.30 17:21:00 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2010.01.11 14:31:00 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.17 14:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.08 17:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Extensions
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Firefox\Profiles\1qvyutew.default\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.04.17 14:58:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:06:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.17 14:58:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.17 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.17 14:58:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 14:58:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.17 14:58:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.17 14:58:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100ADBEC-3DE1-4F2B-BE40-FAF300B8C328}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5182D2D-D8FB-4A1D-A45D-14F8D15CF306}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 20:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.27 20:55:52 | 000,000,000 | ---- | M] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.27 20:46:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:46:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:43:18 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 20:43:18 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 20:43:18 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 20:43:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.27 20:38:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 20:38:41 | 1954,959,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 11:24:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
[2012.06.22 14:44:29 | 000,338,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.27 20:55:52 | 000,000,000 | ---- | C] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.26 11:34:42 | 000,018,944 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@
[2012.06.26 11:30:22 | 000,012,288 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@
[2012.06.24 11:40:40 | 000,001,648 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@
[2012.01.13 12:54:05 | 000,002,048 | -HS- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@
[2011.04.17 16:46:29 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.08 03:44:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.08 03:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.08 03:35:31 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2011.04.08 03:30:19 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 02:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.08 02:54:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.07.27 23:01:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.07.27 23:01:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.27 23:01:08 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.07.27 22:20:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.07.27 22:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.27 22:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.27 22:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012.05.07 18:10:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Die Extra.txt und gmer.txt habe ich als zip Datei angehängt.

Vielen Dank für die Hilfe.

Chris4You · 28.06.2012, 07:00

Hi,

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL
[2012.06.26 11:34:42 | 000,018,944 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@
[2012.06.26 11:30:22 | 000,012,288 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@
[2012.06.24 11:40:40 | 000,001,648 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@
[2012.01.13 12:54:05 | 000,002,048 | -HS- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:

Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

tomatriga · 28.06.2012, 09:14

Hi,
danke für deine Hilfe. hier die Scan Ergebnisse.

OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Krokodil
->Temp folder emptied: 12774251 bytes
->Temporary Internet Files folder emptied: 18578147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17856874 bytes
 
User: Krokodil_2
->Temp folder emptied: 110534273 bytes
->Temporary Internet Files folder emptied: 31739989 bytes
->Java cache emptied: 199805 bytes
->FireFox cache emptied: 899454654 bytes
->Google Chrome cache emptied: 10928868 bytes
->Flash cache emptied: 2427 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140489014 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.185,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_095536

TDS Log:

Code:

ATTFilter

10:07:09.0521 2936	TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:07:09.0567 2936	============================================================
10:07:09.0567 2936	Current date / time: 2012/06/28 10:07:09.0567
10:07:09.0567 2936	SystemInfo:
10:07:09.0567 2936	
10:07:09.0567 2936	OS Version: 6.1.7601 ServicePack: 1.0
10:07:09.0567 2936	Product type: Workstation
10:07:09.0567 2936	ComputerName: KROKODIL-PC
10:07:09.0567 2936	UserName: Krokodil
10:07:09.0567 2936	Windows directory: C:\Windows
10:07:09.0567 2936	System windows directory: C:\Windows
10:07:09.0567 2936	Processor architecture: Intel x86
10:07:09.0567 2936	Number of processors: 4
10:07:09.0567 2936	Page size: 0x1000
10:07:09.0567 2936	Boot type: Normal boot
10:07:09.0567 2936	============================================================
10:07:10.0176 2936	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:07:10.0191 2936	============================================================
10:07:10.0191 2936	\Device\Harddisk0\DR0:
10:07:10.0191 2936	MBR partitions:
10:07:10.0191 2936	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:07:10.0191 2936	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
10:07:10.0191 2936	============================================================
10:07:10.0238 2936	C: <-> \Device\Harddisk0\DR0\Partition1
10:07:10.0238 2936	============================================================
10:07:10.0238 2936	Initialize success
10:07:10.0238 2936	============================================================
10:07:43.0763 0248	============================================================
10:07:43.0763 0248	Scan started
10:07:43.0763 0248	Mode: Manual; SigCheck; TDLFS; 
10:07:43.0763 0248	============================================================
10:07:44.0121 0248	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:07:44.0262 0248	1394ohci - ok
10:07:44.0293 0248	Accelerometer   (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:07:44.0324 0248	Accelerometer - ok
10:07:44.0355 0248	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:07:44.0387 0248	ACPI - ok
10:07:44.0402 0248	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:07:44.0496 0248	AcpiPmi - ok
10:07:44.0574 0248	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:07:44.0589 0248	AdobeARMservice - ok
10:07:44.0652 0248	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:07:44.0699 0248	adp94xx - ok
10:07:44.0714 0248	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:07:44.0745 0248	adpahci - ok
10:07:44.0761 0248	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:07:44.0792 0248	adpu320 - ok
10:07:44.0823 0248	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:07:44.0948 0248	AeLookupSvc - ok
10:07:45.0026 0248	AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
10:07:45.0089 0248	AESTFilters - ok
10:07:45.0151 0248	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:07:45.0229 0248	AFD - ok
10:07:45.0260 0248	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:07:45.0291 0248	agp440 - ok
10:07:45.0338 0248	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:07:45.0354 0248	aic78xx - ok
10:07:45.0401 0248	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:07:45.0463 0248	ALG - ok
10:07:45.0510 0248	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:07:45.0525 0248	aliide - ok
10:07:45.0572 0248	AMD External Events Utility (14c7d74ac4f90f881659532f4ce74f83) C:\Windows\system32\atiesrxx.exe
10:07:45.0650 0248	AMD External Events Utility - ok
10:07:45.0713 0248	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:07:45.0744 0248	amdagp - ok
10:07:45.0759 0248	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:07:45.0775 0248	amdide - ok
10:07:45.0791 0248	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:07:45.0822 0248	AmdK8 - ok
10:07:46.0149 0248	amdkmdag        (280578aa4f589bfda3a76375a47a26b5) C:\Windows\system32\DRIVERS\atikmdag.sys
10:07:46.0337 0248	amdkmdag - ok
10:07:46.0493 0248	amdkmdap        (ba43ee7d325877677bad4d0b3ccde02a) C:\Windows\system32\DRIVERS\atikmpag.sys
10:07:46.0539 0248	amdkmdap - ok
10:07:46.0586 0248	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:07:46.0633 0248	AmdPPM - ok
10:07:46.0680 0248	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:07:46.0695 0248	amdsata - ok
10:07:46.0727 0248	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:07:46.0758 0248	amdsbs - ok
10:07:46.0773 0248	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:07:46.0789 0248	amdxata - ok
10:07:46.0898 0248	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:07:46.0914 0248	AntiVirSchedulerService - ok
10:07:46.0929 0248	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:07:46.0945 0248	AntiVirService - ok
10:07:46.0992 0248	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:07:47.0054 0248	AppID - ok
10:07:47.0085 0248	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:07:47.0163 0248	AppIDSvc - ok
10:07:47.0179 0248	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:07:47.0241 0248	Appinfo - ok
10:07:47.0288 0248	AppMgmt         (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:07:47.0351 0248	AppMgmt - ok
10:07:47.0382 0248	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:07:47.0413 0248	arc - ok
10:07:47.0429 0248	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:07:47.0460 0248	arcsas - ok
10:07:47.0475 0248	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:07:47.0585 0248	AsyncMac - ok
10:07:47.0616 0248	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:07:47.0647 0248	atapi - ok
10:07:47.0694 0248	AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
10:07:47.0725 0248	AtiHdmiService - ok
10:07:47.0772 0248	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:07:47.0850 0248	AudioEndpointBuilder - ok
10:07:47.0865 0248	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:07:47.0928 0248	Audiosrv - ok
10:07:47.0959 0248	avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
10:07:47.0975 0248	avgntflt - ok
10:07:48.0006 0248	avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
10:07:48.0021 0248	avipbb - ok
10:07:48.0068 0248	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:07:48.0146 0248	AxInstSV - ok
10:07:48.0193 0248	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:07:48.0255 0248	b06bdrv - ok
10:07:48.0287 0248	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:07:48.0333 0248	b57nd60x - ok
10:07:48.0567 0248	BCM43XX         (9e209171c51b1d750f53777253b80e81) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:07:48.0723 0248	BCM43XX - ok
10:07:48.0817 0248	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:07:48.0895 0248	BDESVC - ok
10:07:48.0942 0248	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:07:48.0989 0248	Beep - ok
10:07:49.0035 0248	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:07:49.0113 0248	BFE - ok
10:07:49.0176 0248	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:07:49.0254 0248	BITS - ok
10:07:49.0285 0248	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:07:49.0332 0248	blbdrive - ok
10:07:49.0363 0248	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:07:49.0425 0248	bowser - ok
10:07:49.0425 0248	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:07:49.0503 0248	BrFiltLo - ok
10:07:49.0503 0248	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:07:49.0550 0248	BrFiltUp - ok
10:07:49.0581 0248	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:07:49.0644 0248	Browser - ok
10:07:49.0691 0248	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:07:49.0769 0248	Brserid - ok
10:07:49.0769 0248	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:07:49.0815 0248	BrSerWdm - ok
10:07:49.0831 0248	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:07:49.0878 0248	BrUsbMdm - ok
10:07:49.0878 0248	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:07:49.0909 0248	BrUsbSer - ok
10:07:49.0909 0248	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:07:49.0940 0248	BTHMODEM - ok
10:07:50.0003 0248	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:07:50.0081 0248	bthserv - ok
10:07:50.0112 0248	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:07:50.0174 0248	cdfs - ok
10:07:50.0221 0248	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:07:50.0237 0248	cdrom - ok
10:07:50.0283 0248	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:07:50.0346 0248	CertPropSvc - ok
10:07:50.0361 0248	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:07:50.0393 0248	circlass - ok
10:07:50.0424 0248	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:07:50.0455 0248	CLFS - ok
10:07:50.0517 0248	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:50.0533 0248	clr_optimization_v2.0.50727_32 - ok
10:07:50.0595 0248	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:07:50.0627 0248	clr_optimization_v4.0.30319_32 - ok
10:07:50.0642 0248	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:07:50.0658 0248	CmBatt - ok
10:07:50.0689 0248	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:07:50.0705 0248	cmdide - ok
10:07:50.0751 0248	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:07:50.0798 0248	CNG - ok
10:07:50.0814 0248	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:07:50.0829 0248	Compbatt - ok
10:07:50.0845 0248	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:07:50.0892 0248	CompositeBus - ok
10:07:50.0923 0248	COMSysApp - ok
10:07:50.0939 0248	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:07:50.0954 0248	crcdisk - ok
10:07:51.0001 0248	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:07:51.0063 0248	CryptSvc - ok
10:07:51.0110 0248	CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:07:51.0173 0248	CSC - ok
10:07:51.0219 0248	CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:07:51.0266 0248	CscService - ok
10:07:51.0313 0248	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:07:51.0391 0248	DcomLaunch - ok
10:07:51.0422 0248	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:07:51.0500 0248	defragsvc - ok
10:07:51.0563 0248	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:07:51.0641 0248	DfsC - ok
10:07:51.0703 0248	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:07:51.0765 0248	Dhcp - ok
10:07:51.0797 0248	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:07:51.0859 0248	discache - ok
10:07:51.0906 0248	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:07:51.0921 0248	Disk - ok
10:07:51.0953 0248	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:07:51.0999 0248	Dnscache - ok
10:07:52.0031 0248	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:07:52.0093 0248	dot3svc - ok
10:07:52.0140 0248	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:07:52.0187 0248	DPS - ok
10:07:52.0218 0248	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:07:52.0249 0248	drmkaud - ok
10:07:52.0311 0248	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:07:52.0358 0248	DXGKrnl - ok
10:07:52.0389 0248	E1G60           (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:07:52.0436 0248	E1G60 - ok
10:07:52.0467 0248	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:07:52.0514 0248	EapHost - ok
10:07:52.0670 0248	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:07:52.0779 0248	ebdrv - ok
10:07:52.0889 0248	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:07:52.0935 0248	EFS - ok
10:07:53.0013 0248	ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:07:53.0076 0248	ehRecvr - ok
10:07:53.0107 0248	ehSched         (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:07:53.0169 0248	ehSched - ok
10:07:53.0232 0248	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:07:53.0279 0248	elxstor - ok
10:07:53.0294 0248	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:07:53.0341 0248	ErrDev - ok
10:07:53.0388 0248	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:07:53.0466 0248	EventSystem - ok
10:07:53.0497 0248	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:07:53.0575 0248	exfat - ok
10:07:53.0606 0248	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:07:53.0669 0248	fastfat - ok
10:07:53.0731 0248	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:07:53.0793 0248	Fax - ok
10:07:53.0825 0248	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:07:53.0856 0248	fdc - ok
10:07:53.0887 0248	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:07:53.0965 0248	fdPHost - ok
10:07:53.0996 0248	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:07:54.0059 0248	FDResPub - ok
10:07:54.0090 0248	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:07:54.0105 0248	FileInfo - ok
10:07:54.0121 0248	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:07:54.0183 0248	Filetrace - ok
10:07:54.0199 0248	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:07:54.0246 0248	flpydisk - ok
10:07:54.0277 0248	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:07:54.0308 0248	FltMgr - ok
10:07:54.0371 0248	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
10:07:54.0449 0248	FontCache - ok
10:07:54.0542 0248	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:07:54.0573 0248	FontCache3.0.0.0 - ok
10:07:54.0589 0248	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:07:54.0605 0248	FsDepends - ok
10:07:54.0651 0248	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:07:54.0667 0248	Fs_Rec - ok
10:07:54.0714 0248	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:07:54.0729 0248	fvevol - ok
10:07:54.0761 0248	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:07:54.0792 0248	gagp30kx - ok
10:07:54.0854 0248	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:07:54.0932 0248	gpsvc - ok
10:07:54.0963 0248	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:07:55.0026 0248	hcw85cir - ok
10:07:55.0073 0248	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:07:55.0119 0248	HdAudAddService - ok
10:07:55.0166 0248	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:07:55.0213 0248	HDAudBus - ok
10:07:55.0385 0248	HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
10:07:55.0463 0248	HECI - ok
10:07:55.0494 0248	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:07:55.0541 0248	HidBatt - ok
10:07:55.0665 0248	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:07:55.0712 0248	HidBth - ok
10:07:55.0743 0248	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:07:55.0790 0248	HidIr - ok
10:07:55.0837 0248	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:07:55.0884 0248	hidserv - ok
10:07:55.0993 0248	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:07:56.0009 0248	HidUsb - ok
10:07:56.0071 0248	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:07:56.0118 0248	hkmsvc - ok
10:07:56.0196 0248	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:07:56.0305 0248	HomeGroupListener - ok
10:07:56.0414 0248	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:07:56.0477 0248	HomeGroupProvider - ok
10:07:56.0508 0248	hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:07:56.0523 0248	hpdskflt - ok
10:07:56.0586 0248	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:07:56.0601 0248	HpSAMD - ok
10:07:56.0664 0248	hpsrv           (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
10:07:56.0679 0248	hpsrv - ok
10:07:57.0069 0248	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:07:57.0147 0248	HTTP - ok
10:07:57.0225 0248	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:07:57.0257 0248	hwpolicy - ok
10:07:57.0381 0248	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:07:57.0428 0248	i8042prt - ok
10:07:57.0584 0248	iaStor          (e11ed9b1ea60e747655e1090c7509d08) C:\Windows\system32\DRIVERS\iaStor.sys
10:07:57.0615 0248	iaStor - ok
10:07:57.0771 0248	IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:07:57.0787 0248	IAStorDataMgrSvc - ok
10:07:58.0068 0248	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:07:58.0099 0248	iaStorV - ok
10:07:58.0489 0248	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:07:58.0567 0248	idsvc - ok
10:07:58.0661 0248	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:07:58.0692 0248	iirsp - ok
10:07:58.0879 0248	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:07:58.0973 0248	IKEEXT - ok
10:07:59.0066 0248	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:07:59.0082 0248	intelide - ok
10:07:59.0815 0248	intelkmd        (db7413cf09d74231720f78737dcf4188) C:\Windows\system32\DRIVERS\igdpmd32.sys
10:08:00.0127 0248	intelkmd - ok
10:08:00.0267 0248	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:08:00.0299 0248	intelppm - ok
10:08:00.0314 0248	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:08:00.0377 0248	IPBusEnum - ok
10:08:00.0439 0248	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:00.0501 0248	IpFilterDriver - ok
10:08:00.0564 0248	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:08:00.0626 0248	iphlpsvc - ok
10:08:01.0063 0248	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:08:01.0110 0248	IPMIDRV - ok
10:08:01.0203 0248	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:08:01.0281 0248	IPNAT - ok
10:08:01.0328 0248	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:08:01.0406 0248	IRENUM - ok
10:08:01.0484 0248	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:08:01.0500 0248	isapnp - ok
10:08:01.0718 0248	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:08:01.0749 0248	iScsiPrt - ok
10:08:01.0843 0248	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:08:01.0859 0248	kbdclass - ok
10:08:01.0937 0248	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:08:01.0968 0248	kbdhid - ok
10:08:02.0015 0248	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:02.0046 0248	KeyIso - ok
10:08:02.0077 0248	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:08:02.0093 0248	KSecDD - ok
10:08:02.0186 0248	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:08:02.0217 0248	KSecPkg - ok
10:08:02.0264 0248	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:08:02.0358 0248	KtmRm - ok
10:08:02.0420 0248	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:08:02.0498 0248	LanmanServer - ok
10:08:02.0529 0248	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:08:02.0607 0248	LanmanWorkstation - ok
10:08:02.0701 0248	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:08:02.0779 0248	lltdio - ok
10:08:02.0826 0248	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:08:02.0888 0248	lltdsvc - ok
10:08:02.0904 0248	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:08:02.0982 0248	lmhosts - ok
10:08:03.0122 0248	LMS             (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:03.0153 0248	LMS - ok
10:08:03.0185 0248	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:03.0216 0248	LSI_FC - ok
10:08:03.0231 0248	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:03.0263 0248	LSI_SAS - ok
10:08:03.0278 0248	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:03.0294 0248	LSI_SAS2 - ok
10:08:03.0387 0248	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:03.0403 0248	LSI_SCSI - ok
10:08:03.0434 0248	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:08:03.0497 0248	luafv - ok
10:08:03.0543 0248	Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:08:03.0575 0248	Mcx2Svc - ok
10:08:03.0762 0248	MDM             (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:08:03.0793 0248	MDM - ok
10:08:03.0824 0248	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:08:03.0840 0248	megasas - ok
10:08:03.0933 0248	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:03.0965 0248	MegaSR - ok
10:08:04.0011 0248	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:08:04.0089 0248	MMCSS - ok
10:08:04.0121 0248	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:08:04.0199 0248	Modem - ok
10:08:04.0230 0248	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:08:04.0277 0248	monitor - ok
10:08:04.0323 0248	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:08:04.0339 0248	mouclass - ok
10:08:04.0386 0248	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:08:04.0433 0248	mouhid - ok
10:08:04.0526 0248	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:08:04.0542 0248	mountmgr - ok
10:08:04.0589 0248	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:08:04.0620 0248	mpio - ok
10:08:04.0667 0248	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:08:04.0729 0248	mpsdrv - ok
10:08:04.0838 0248	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:08:04.0963 0248	MpsSvc - ok
10:08:05.0010 0248	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:08:05.0088 0248	MRxDAV - ok
10:08:05.0119 0248	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:05.0181 0248	mrxsmb - ok
10:08:05.0275 0248	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:05.0322 0248	mrxsmb10 - ok
10:08:05.0353 0248	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:05.0400 0248	mrxsmb20 - ok
10:08:05.0462 0248	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:08:05.0493 0248	msahci - ok
10:08:05.0540 0248	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:08:05.0556 0248	msdsm - ok
10:08:05.0618 0248	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:08:05.0665 0248	MSDTC - ok
10:08:05.0727 0248	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:08:05.0790 0248	Msfs - ok
10:08:05.0805 0248	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:08:05.0883 0248	mshidkmdf - ok
10:08:05.0930 0248	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:08:05.0946 0248	msisadrv - ok
10:08:06.0071 0248	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:08:06.0164 0248	MSiSCSI - ok
10:08:06.0164 0248	msiserver - ok
10:08:06.0195 0248	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:08:06.0273 0248	MSKSSRV - ok
10:08:06.0289 0248	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:06.0351 0248	MSPCLOCK - ok
10:08:06.0367 0248	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:08:06.0445 0248	MSPQM - ok
10:08:06.0539 0248	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:08:06.0554 0248	MsRPC - ok
10:08:06.0632 0248	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:08:06.0648 0248	mssmbios - ok
10:08:06.0679 0248	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:08:06.0726 0248	MSTEE - ok
10:08:06.0757 0248	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:06.0804 0248	MTConfig - ok
10:08:06.0835 0248	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:08:06.0851 0248	Mup - ok
10:08:06.0929 0248	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:08:07.0022 0248	napagent - ok
10:08:07.0194 0248	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:08:07.0225 0248	NativeWifiP - ok
10:08:07.0646 0248	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:08:07.0693 0248	NDIS - ok
10:08:07.0771 0248	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:07.0849 0248	NdisCap - ok
10:08:07.0880 0248	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:07.0958 0248	NdisTapi - ok
10:08:08.0021 0248	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:08.0067 0248	Ndisuio - ok
10:08:08.0145 0248	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:08.0208 0248	NdisWan - ok
10:08:08.0270 0248	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:08:08.0333 0248	NDProxy - ok
10:08:08.0395 0248	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:08:08.0473 0248	NetBIOS - ok
10:08:08.0567 0248	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:08:08.0629 0248	NetBT - ok
10:08:08.0660 0248	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:08.0691 0248	Netlogon - ok
10:08:08.0910 0248	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:08:08.0988 0248	Netman - ok
10:08:09.0159 0248	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:08:09.0253 0248	netprofm - ok
10:08:09.0425 0248	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:09.0440 0248	NetTcpPortSharing - ok
10:08:09.0487 0248	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:09.0518 0248	nfrd960 - ok
10:08:09.0627 0248	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:08:09.0721 0248	NlaSvc - ok
10:08:09.0737 0248	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:08:09.0815 0248	Npfs - ok
10:08:09.0846 0248	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:08:09.0908 0248	nsi - ok
10:08:09.0955 0248	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:08:10.0033 0248	nsiproxy - ok
10:08:10.0392 0248	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:08:10.0454 0248	Ntfs - ok
10:08:10.0501 0248	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:08:10.0688 0248	Null - ok
10:08:10.0766 0248	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:08:10.0797 0248	nvraid - ok
10:08:10.0907 0248	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:08:10.0938 0248	nvstor - ok
10:08:11.0094 0248	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:08:11.0125 0248	nv_agp - ok
10:08:11.0172 0248	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:08:11.0219 0248	ohci1394 - ok
10:08:11.0359 0248	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:08:11.0390 0248	ose - ok
10:08:11.0655 0248	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:08:11.0733 0248	p2pimsvc - ok
10:08:11.0905 0248	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:08:11.0936 0248	p2psvc - ok
10:08:12.0061 0248	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:08:12.0092 0248	Parport - ok
10:08:12.0201 0248	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:08:12.0217 0248	partmgr - ok
10:08:12.0248 0248	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:08:12.0295 0248	Parvdm - ok
10:08:12.0373 0248	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:08:12.0420 0248	PcaSvc - ok
10:08:12.0685 0248	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:08:12.0716 0248	pci - ok
10:08:12.0763 0248	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:08:12.0794 0248	pciide - ok
10:08:13.0153 0248	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:13.0200 0248	pcmcia - ok
10:08:13.0293 0248	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:08:13.0309 0248	pcw - ok
10:08:14.0027 0248	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:08:14.0105 0248	PEAUTH - ok
10:08:15.0072 0248	PeerDistSvc     (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:08:15.0165 0248	PeerDistSvc - ok
10:08:15.0571 0248	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:08:15.0696 0248	pla - ok
10:08:16.0429 0248	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:08:16.0554 0248	PlugPlay - ok
10:08:16.0601 0248	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:08:16.0663 0248	PNRPAutoReg - ok
10:08:16.0788 0248	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:08:16.0803 0248	PNRPsvc - ok
10:08:17.0147 0248	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:08:17.0225 0248	PolicyAgent - ok
10:08:17.0334 0248	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:08:17.0427 0248	Power - ok
10:08:17.0537 0248	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:08:17.0615 0248	PptpMiniport - ok
10:08:17.0661 0248	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:08:17.0708 0248	Processor - ok
10:08:17.0817 0248	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:08:17.0911 0248	ProfSvc - ok
10:08:17.0958 0248	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:17.0973 0248	ProtectedStorage - ok
10:08:18.0114 0248	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:08:18.0192 0248	Psched - ok
10:08:18.0441 0248	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:08:18.0519 0248	ql2300 - ok
10:08:18.0847 0248	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:18.0878 0248	ql40xx - ok
10:08:18.0941 0248	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:08:18.0987 0248	QWAVE - ok
10:08:19.0003 0248	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:08:19.0034 0248	QWAVEdrv - ok
10:08:19.0050 0248	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:08:19.0128 0248	RasAcd - ok
10:08:19.0175 0248	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:19.0253 0248	RasAgileVpn - ok
10:08:19.0346 0248	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:08:19.0424 0248	RasAuto - ok
10:08:19.0487 0248	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:19.0549 0248	Rasl2tp - ok
10:08:19.0611 0248	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:08:19.0689 0248	RasMan - ok
10:08:19.0736 0248	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:19.0799 0248	RasPppoe - ok
10:08:19.0877 0248	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:08:19.0939 0248	RasSstp - ok
10:08:20.0033 0248	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:08:20.0111 0248	rdbss - ok
10:08:20.0126 0248	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:20.0157 0248	rdpbus - ok
10:08:20.0189 0248	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:20.0251 0248	RDPCDD - ok
10:08:20.0313 0248	RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:08:20.0360 0248	RDPDR - ok
10:08:20.0391 0248	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:08:20.0469 0248	RDPENCDD - ok
10:08:20.0485 0248	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:08:20.0532 0248	RDPREFMP - ok
10:08:20.0594 0248	RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:08:20.0657 0248	RdpVideoMiniport - ok
10:08:20.0797 0248	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:08:20.0859 0248	RDPWD - ok
10:08:20.0937 0248	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:08:20.0969 0248	rdyboost - ok
10:08:21.0062 0248	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:08:21.0140 0248	RemoteAccess - ok
10:08:21.0203 0248	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:08:21.0281 0248	RemoteRegistry - ok
10:08:21.0312 0248	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:08:21.0405 0248	RpcEptMapper - ok
10:08:21.0421 0248	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:08:21.0452 0248	RpcLocator - ok
10:08:21.0530 0248	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:08:21.0577 0248	RpcSs - ok
10:08:21.0624 0248	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:08:21.0671 0248	rspndr - ok
10:08:21.0780 0248	RSUSBSTOR       (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\system32\Drivers\RtsUStor.sys
10:08:21.0811 0248	RSUSBSTOR - ok
10:08:21.0920 0248	RTL8167         (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:08:21.0936 0248	RTL8167 - ok
10:08:21.0983 0248	s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:08:22.0061 0248	s3cap - ok
10:08:22.0107 0248	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:22.0123 0248	SamSs - ok
10:08:22.0217 0248	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:08:22.0248 0248	sbp2port - ok
10:08:22.0326 0248	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:08:22.0388 0248	SCardSvr - ok
10:08:22.0404 0248	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:08:22.0482 0248	scfilter - ok
10:08:22.0732 0248	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:08:22.0825 0248	Schedule - ok
10:08:22.0856 0248	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:08:22.0903 0248	SCPolicySvc - ok
10:08:22.0934 0248	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:08:22.0981 0248	SDRSVC - ok
10:08:23.0044 0248	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:08:23.0090 0248	secdrv - ok
10:08:23.0122 0248	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:08:23.0184 0248	seclogon - ok
10:08:23.0215 0248	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:08:23.0278 0248	SENS - ok
10:08:23.0293 0248	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:08:23.0371 0248	SensrSvc - ok
10:08:23.0387 0248	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:08:23.0434 0248	Serenum - ok
10:08:23.0449 0248	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:08:23.0543 0248	Serial - ok
10:08:23.0574 0248	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:08:23.0636 0248	sermouse - ok
10:08:23.0730 0248	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:08:23.0808 0248	SessionEnv - ok
10:08:23.0870 0248	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:08:23.0917 0248	sffdisk - ok
10:08:23.0948 0248	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:08:23.0995 0248	sffp_mmc - ok
10:08:24.0011 0248	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:08:24.0042 0248	sffp_sd - ok
10:08:24.0089 0248	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:24.0104 0248	sfloppy - ok
10:08:24.0198 0248	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:08:24.0276 0248	SharedAccess - ok
10:08:24.0307 0248	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:08:24.0370 0248	ShellHWDetection - ok
10:08:24.0448 0248	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:08:24.0463 0248	sisagp - ok
10:08:24.0526 0248	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:24.0541 0248	SiSRaid2 - ok
10:08:24.0572 0248	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:24.0604 0248	SiSRaid4 - ok
10:08:24.0666 0248	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:08:24.0713 0248	Smb - ok
10:08:24.0822 0248	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:08:24.0853 0248	SNMPTRAP - ok
10:08:24.0869 0248	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:08:24.0884 0248	spldr - ok
10:08:24.0947 0248	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:08:25.0009 0248	Spooler - ok
10:08:25.0789 0248	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:08:25.0945 0248	sppsvc - ok
10:08:26.0117 0248	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:08:26.0195 0248	sppuinotify - ok
10:08:26.0273 0248	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:08:26.0351 0248	srv - ok
10:08:26.0944 0248	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:08:27.0006 0248	srv2 - ok
10:08:27.0084 0248	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:08:27.0146 0248	srvnet - ok
10:08:27.0271 0248	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:08:27.0334 0248	SSDPSRV - ok
10:08:27.0396 0248	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:08:27.0412 0248	ssmdrv - ok
10:08:27.0552 0248	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:08:27.0614 0248	SstpSvc - ok
10:08:27.0864 0248	STacSV          (7aefc130355aa99307b31ee678614380) C:\Program Files\IDT\WDM\STacSV.exe
10:08:27.0880 0248	STacSV - ok
10:08:27.0926 0248	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:08:27.0958 0248	stexstor - ok
10:08:28.0036 0248	STHDA           (ec4b4125ba14f7436b1740f63f7bff21) C:\Windows\system32\DRIVERS\stwrt.sys
10:08:28.0098 0248	STHDA - ok
10:08:28.0363 0248	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:08:28.0426 0248	StiSvc - ok
10:08:28.0488 0248	storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:08:28.0504 0248	storflt - ok
10:08:28.0535 0248	storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:08:28.0566 0248	storvsc - ok
10:08:28.0597 0248	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:08:28.0613 0248	swenum - ok
10:08:28.0691 0248	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:08:28.0753 0248	swprv - ok
10:08:28.0784 0248	Synth3dVsc - ok
10:08:29.0206 0248	SynTP           (67c4590262c28bbaecb5b4e8aaf101fd) C:\Windows\system32\DRIVERS\SynTP.sys
10:08:29.0268 0248	SynTP - ok
10:08:29.0705 0248	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:08:29.0767 0248	SysMain - ok
10:08:29.0876 0248	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:08:29.0939 0248	TabletInputService - ok
10:08:30.0017 0248	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:08:30.0079 0248	TapiSrv - ok
10:08:30.0173 0248	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:08:30.0235 0248	TBS - ok
10:08:30.0641 0248	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:08:30.0703 0248	Tcpip - ok
10:08:31.0390 0248	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:08:31.0436 0248	TCPIP6 - ok
10:08:31.0686 0248	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:08:31.0764 0248	tcpipreg - ok
10:08:31.0780 0248	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:08:31.0842 0248	TDPIPE - ok
10:08:31.0873 0248	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:08:31.0920 0248	TDTCP - ok
10:08:31.0951 0248	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:08:32.0014 0248	tdx - ok
10:08:32.0778 0248	TeamViewer6     (a409a5c99c29328018e1e3dce9abdc36) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
10:08:32.0872 0248	TeamViewer6 - ok
10:08:33.0215 0248	teamviewervpn   (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:08:33.0293 0248	teamviewervpn - ok
10:08:33.0340 0248	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:08:33.0355 0248	TermDD - ok
10:08:33.0418 0248	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:08:33.0480 0248	TermService - ok
10:08:33.0511 0248	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:08:33.0558 0248	Themes - ok
10:08:33.0605 0248	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:08:33.0652 0248	THREADORDER - ok
10:08:33.0730 0248	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:08:33.0808 0248	TrkWks - ok
10:08:33.0917 0248	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:08:33.0995 0248	TrustedInstaller - ok
10:08:34.0010 0248	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:34.0073 0248	tssecsrv - ok
10:08:34.0104 0248	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:08:34.0151 0248	TsUsbFlt - ok
10:08:34.0151 0248	tsusbhub - ok
10:08:34.0244 0248	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:08:34.0307 0248	tunnel - ok
10:08:34.0354 0248	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:08:34.0385 0248	uagp35 - ok
10:08:34.0447 0248	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:08:34.0556 0248	udfs - ok
10:08:34.0588 0248	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:08:34.0634 0248	UI0Detect - ok
10:08:34.0681 0248	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:08:34.0712 0248	uliagpkx - ok
10:08:34.0744 0248	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:08:34.0790 0248	umbus - ok
10:08:34.0837 0248	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:08:34.0868 0248	UmPass - ok
10:08:34.0931 0248	UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:08:34.0978 0248	UmRdpService - ok
10:08:35.0539 0248	UNS             (0fadd949576a164b4e51e716f46b6c33) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:08:35.0648 0248	UNS - ok
10:08:35.0992 0248	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:08:36.0038 0248	upnphost - ok
10:08:36.0257 0248	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:36.0319 0248	usbccgp - ok
10:08:36.0397 0248	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:08:36.0460 0248	usbcir - ok
10:08:36.0538 0248	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
10:08:36.0553 0248	usbehci - ok
10:08:36.0647 0248	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:08:36.0678 0248	usbhub - ok
10:08:36.0725 0248	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:08:36.0772 0248	usbohci - ok
10:08:36.0818 0248	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:08:36.0850 0248	usbprint - ok
10:08:36.0928 0248	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:08:36.0974 0248	usbscan - ok
10:08:37.0037 0248	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:08:37.0099 0248	USBSTOR - ok
10:08:37.0130 0248	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:08:37.0146 0248	usbuhci - ok
10:08:37.0255 0248	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:08:37.0318 0248	usbvideo - ok
10:08:37.0396 0248	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:08:37.0474 0248	UxSms - ok
10:08:37.0520 0248	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:37.0536 0248	VaultSvc - ok
10:08:38.0737 0248	vcsFPService    (6bcad8c95eca6d6ebaf2b25a9ccf7bc6) C:\Windows\system32\vcsFPService.exe
10:08:38.0831 0248	vcsFPService - ok
10:08:39.0236 0248	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:08:39.0252 0248	vdrvroot - ok
10:08:39.0283 0248	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:08:39.0361 0248	vds - ok
10:08:39.0408 0248	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:39.0424 0248	vga - ok
10:08:39.0517 0248	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:08:39.0580 0248	VgaSave - ok
10:08:39.0580 0248	VGPU - ok
10:08:39.0626 0248	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:08:39.0658 0248	vhdmp - ok
10:08:39.0704 0248	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:08:39.0736 0248	viaagp - ok
10:08:39.0751 0248	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:08:39.0782 0248	ViaC7 - ok
10:08:39.0860 0248	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:08:39.0892 0248	viaide - ok
10:08:39.0923 0248	vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:08:39.0954 0248	vmbus - ok
10:08:39.0985 0248	VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:08:40.0001 0248	VMBusHID - ok
10:08:40.0048 0248	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:08:40.0063 0248	volmgr - ok
10:08:40.0157 0248	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:08:40.0188 0248	volmgrx - ok
10:08:40.0219 0248	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:08:40.0250 0248	volsnap - ok
10:08:40.0313 0248	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:40.0328 0248	vsmraid - ok
10:08:40.0609 0248	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:08:40.0687 0248	VSS - ok
10:08:40.0703 0248	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:40.0750 0248	vwifibus - ok
10:08:40.0765 0248	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:40.0812 0248	vwififlt - ok
10:08:40.0890 0248	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:08:40.0952 0248	W32Time - ok
10:08:41.0030 0248	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:08:41.0062 0248	WacomPen - ok
10:08:41.0124 0248	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:41.0186 0248	WANARP - ok
10:08:41.0186 0248	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:41.0249 0248	Wanarpv6 - ok
10:08:41.0311 0248	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:08:41.0389 0248	wbengine - ok
10:08:41.0436 0248	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:08:41.0467 0248	WbioSrvc - ok
10:08:41.0498 0248	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:08:41.0530 0248	wcncsvc - ok
10:08:41.0639 0248	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:08:41.0717 0248	WcsPlugInService - ok
10:08:41.0748 0248	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:08:41.0779 0248	Wd - ok
10:08:41.0810 0248	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:08:41.0842 0248	Wdf01000 - ok
10:08:41.0857 0248	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:08:41.0966 0248	WdiServiceHost - ok
10:08:41.0966 0248	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:08:41.0998 0248	WdiSystemHost - ok
10:08:42.0029 0248	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:08:42.0060 0248	WebClient - ok
10:08:42.0076 0248	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:08:42.0138 0248	Wecsvc - ok
10:08:42.0154 0248	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:08:42.0200 0248	wercplsupport - ok
10:08:42.0216 0248	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:08:42.0278 0248	WerSvc - ok
10:08:42.0294 0248	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:42.0341 0248	WfpLwf - ok
10:08:42.0356 0248	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:08:42.0388 0248	WIMMount - ok
10:08:42.0466 0248	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:08:42.0528 0248	WinDefend - ok
10:08:42.0544 0248	WinHttpAutoProxySvc - ok
10:08:42.0606 0248	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:08:42.0653 0248	Winmgmt - ok
10:08:42.0715 0248	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:08:42.0793 0248	WinRM - ok
10:08:42.0856 0248	WinUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
10:08:42.0887 0248	WinUSB - ok
10:08:42.0949 0248	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:08:42.0996 0248	Wlansvc - ok
10:08:43.0027 0248	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:08:43.0043 0248	WmiAcpi - ok
10:08:43.0105 0248	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:08:43.0136 0248	wmiApSrv - ok
10:08:43.0292 0248	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:08:43.0370 0248	WMPNetworkSvc - ok
10:08:43.0464 0248	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:08:43.0526 0248	WPCSvc - ok
10:08:43.0558 0248	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:08:43.0667 0248	WPDBusEnum - ok
10:08:43.0776 0248	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:08:43.0838 0248	ws2ifsl - ok
10:08:43.0979 0248	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:08:44.0041 0248	wscsvc - ok
10:08:44.0041 0248	WSearch - ok
10:08:45.0180 0248	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:08:45.0289 0248	wuauserv - ok
10:08:45.0851 0248	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:08:45.0913 0248	WudfPf - ok
10:08:46.0007 0248	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:46.0054 0248	WUDFRd - ok
10:08:46.0194 0248	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:08:46.0272 0248	wudfsvc - ok
10:08:46.0412 0248	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:08:46.0600 0248	WwanSvc - ok
10:08:46.0662 0248	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:08:47.0317 0248	\Device\Harddisk0\DR0 - ok
10:08:47.0333 0248	Boot (0x1200)   (a98eea5640ad49c0d6caecd0cd3f0850) \Device\Harddisk0\DR0\Partition0
10:08:47.0333 0248	\Device\Harddisk0\DR0\Partition0 - ok
10:08:47.0348 0248	Boot (0x1200)   (b0d76643689caf9f1aaec91ee1ae1023) \Device\Harddisk0\DR0\Partition1
10:08:47.0348 0248	\Device\Harddisk0\DR0\Partition1 - ok
10:08:47.0348 0248	============================================================
10:08:47.0348 0248	Scan finished
10:08:47.0348 0248	============================================================
10:08:47.0364 4024	Detected object count: 0
10:08:47.0364 4024	Actual detected object count: 0

Chris4You · 28.06.2012, 09:19

Hi,

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

tomatriga · 28.06.2012, 10:04

Hallo,

Habe CombiFix gestartet und lief auch durch. Dann hat es einen Neustart bewirkt und Windows wieder hochgefahren. Dann ging wieder Combofix auf und das Fenster ist schwarz und wechselt immer zwischen schwarz und Blau und bewegt sich auf und ab auf dem Desktop. Aber nichts weiter passiert.

Was soll ich nun tun?

Edit: Das ist so in der Art wie wenn ich mehrere Notepad Fenster auf einmal aufmache und die sich halb überdecken nach unten hin.

Chris4You · 28.06.2012, 10:36

Hi,

wenn es geht die Fenster schließen und den Rechner neu starten.
Das LOG von CF findest Du unter C:\ComboFix.txt, bitte posten...

chris

tomatriga · 28.06.2012, 10:55

Hallo,

jetzt hat sich das Programm einfach geschlossen, hier also der Log.

Code:

ATTFilter

ComboFix 12-06-28.01 - Krokodil 28.06.2012  10:44:33.1.4 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2486.1508 [GMT 2:00]
ausgeführt von:: C:\Users\Krokodil_2\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Edit: Grad gesehen das das falsche Log ist, dies war unter C:\ComboFix gespeichert.
Unter C: finde ich leider kein ComboFix Log bzw. txt Datei.

Chris4You · 28.06.2012, 12:29

Hi,

boote in den abgesicherten Modus (F8 beim Booten) und starte ComboFix nochmal...

chris

tomatriga · 28.06.2012, 22:34

So habe das ganze jetzt mal im abgesichertern Modus gestartet.
Und nachdem ich wieder zur normalen Oberfläche gewechselt hatte, war das Programm auch beendet.

So hier nochmal das normale Log.

Code:

ATTFilter

ComboFix 12-06-28.03 - Krokodil 28.06.2012  23:21:59.3.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2486.1739 [GMT 2:00]
ausgeführt von:: c:\users\Krokodil_2\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt 
.
--------
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 21:25 . 2012-06-28 21:25	--------	d-----w-	c:\users\Krokodil\AppData\Local\temp
2012-06-28 21:25 . 2012-06-28 21:25	--------	d-----w-	c:\users\Krokodil_2\AppData\Local\temp
2012-06-28 21:25 . 2012-06-28 21:25	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-28 21:09 . 2012-06-28 21:09	--------	d-----w-	c:\users\Krokodil_2\AppData\Roaming\Avira
2012-06-28 21:04 . 2012-04-27 08:20	137928	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-06-28 21:04 . 2012-04-24 22:32	83392	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-06-28 21:04 . 2012-04-16 19:17	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-06-28 21:04 . 2012-06-28 21:04	--------	d-----w-	c:\programdata\Avira
2012-06-28 21:04 . 2012-06-28 21:04	--------	d-----w-	c:\program files\Avira
2012-06-28 08:40 . 2012-06-28 08:40	--------	d-----w-	c:\users\Krokodil_2\AppData\Local\Macromedia
2012-06-28 08:11 . 2011-02-19 06:30	805376	----a-w-	c:\windows\system32\FntCache.dll
2012-06-28 08:11 . 2011-02-19 06:30	739840	----a-w-	c:\windows\system32\d2d1.dll
2012-06-28 07:55 . 2012-06-28 07:55	--------	d-----w-	C:\_OTL
2012-06-27 20:09 . 2012-06-27 20:09	--------	d-----w-	c:\program files\7-Zip
2012-06-27 19:09 . 2012-06-27 19:09	--------	d-----w-	c:\users\Krokodil_2\AppData\Local\Diagnostics
2012-06-24 09:45 . 2012-06-02 22:19	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-24 09:45 . 2012-06-02 22:19	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-24 09:45 . 2012-06-02 22:19	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-24 09:45 . 2012-06-02 22:12	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-24 09:45 . 2012-06-02 22:19	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-24 09:45 . 2012-06-02 22:19	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-24 09:45 . 2012-06-02 22:12	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-24 09:45 . 2012-06-02 13:19	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-24 09:45 . 2012-06-02 13:12	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-20 16:48 . 2012-04-28 04:41	919040	----a-w-	c:\windows\system32\rdpcorets.dll
2012-06-20 16:48 . 2012-04-28 03:17	183808	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-06-20 16:48 . 2012-04-07 11:26	2342400	----a-w-	c:\windows\system32\msi.dll
2012-06-20 16:48 . 2012-05-15 01:05	2343936	----a-w-	c:\windows\system32\win32k.sys
2012-06-20 16:48 . 2012-04-26 04:45	58880	----a-w-	c:\windows\system32\rdpwsx.dll
2012-06-20 16:48 . 2012-04-26 04:45	129536	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-06-20 16:48 . 2012-04-26 04:41	8192	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-06-20 16:48 . 2012-05-01 04:44	164352	----a-w-	c:\windows\system32\profsvc.dll
2012-06-20 16:48 . 2012-04-24 04:36	1158656	----a-w-	c:\windows\system32\crypt32.dll
2012-06-20 16:48 . 2012-04-24 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-06-20 16:48 . 2012-04-24 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 07:50 . 2012-04-26 15:01	70344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 07:50 . 2012-04-26 15:01	426184	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-04-26 14:06 . 2011-08-08 15:56	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 10:41	3968368	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 10:41	3913072	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-04-17 12:58 . 2011-04-17 12:58	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-22 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-27 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-27 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-27 170520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002Core.job
- c:\users\Krokodil_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 14:19]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
- c:\users\Krokodil_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Krokodil\AppData\Roaming\Mozilla\Firefox\Profiles\1qvyutew.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-28  23:25:58
ComboFix-quarantined-files.txt  2012-06-28 21:25
.
Vor Suchlauf: 8 Verzeichnis(se), 469.853.089.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 469.679.349.760 Bytes frei
.
- - End Of File - - DC34F97F2F865F8D1E6CC8A325960AC4

Chris4You · 28.06.2012, 23:23

Hi,

das sieht gut aus, bitte MAM updaten und Fullscan, log posten...

chris

tomatriga · 28.06.2012, 23:38

Hallo,

Das freut mich.

Was ist MAM? Und wo bekomme ich das her?

MfG

Habs raus bekommen, MAM ist Malwarebytes Anti Malware. Habe daher einen Fullscan durchgeführt und hier ist der Log dazu.

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Krokodil :: KROKODIL-PC [Administrator]

Schutz: Aktiviert

29.06.2012 10:24:08
mbam-log-2012-06-29 (10-55-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284315
Laufzeit: 28 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Chris4You · 29.06.2012, 10:25

Hi,

MAM=Anitmalwarebyte... ;o)...

Poste bitte noch ein neues OTL-Log...

Gibt es noch Umleitungen bzw. verhält sich der Rechner normal?

chris

tomatriga · 29.06.2012, 10:55

Was sind bitte Umleitungen? Da der Rechner nicht mir gehört sondern der Schwiegermutter kann ich jetzt nicht beurteilen ob er sich komisch verhält, aber gesagt hat sie nichts. und ich habe bisher auch keine Vorkommnisse daran feststellen können, die mir merkwürdig vorkommen.

Hier noch der neue OtL Log.

Code:

ATTFilter

OTL logfile created on: 29.06.2012 11:45:33 - Run 2
OTL by OldTimer - Version 3.2.53.0     Folder = C:\Users\Krokodil_2\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,43 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 67,86% Memory free
4,85 Gb Paging File | 3,92 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 437,32 Gb Free Space | 93,91% Space Free | Partition Type: NTFS
 
Computer Name: KROKODIL-PC | User Name: Krokodil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 20:57:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Krokodil_2\Downloads\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.01 10:31:38 | 007,690,104 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 23:26:58 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.22 03:19:24 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.04.13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.22 14:46:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.22 14:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.22 14:45:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.24 17:48:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.14 16:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 16:47:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 16:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 16:47:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 16:47:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.09 15:50:00 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.09.09 14:11:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Krokodil\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.03.30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 23:44:38 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.08 22:52:32 | 000,222,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.27 23:02:46 | 009,023,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2010.07.22 03:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 14:21:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.30 17:21:00 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2010.01.11 14:31:00 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.17 14:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.08 17:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Extensions
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Firefox\Profiles\1qvyutew.default\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.04.17 14:58:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:06:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.17 14:58:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.17 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.17 14:58:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 14:58:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.17 14:58:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.17 14:58:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.28 23:25:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100ADBEC-3DE1-4F2B-BE40-FAF300B8C328}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5182D2D-D8FB-4A1D-A45D-14F8D15CF306}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 10:22:57 | 000,000,000 | ---D | C] -- C:\Users\Krokodil\AppData\Roaming\Malwarebytes
[2012.06.29 10:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 10:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 10:21:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 10:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.28 23:26:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.28 23:26:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.28 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Krokodil\AppData\Local\temp
[2012.06.28 23:11:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.28 23:11:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.28 23:11:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.28 23:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.28 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.28 23:04:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.28 23:04:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.28 23:04:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.28 23:04:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.28 23:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.28 23:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.28 10:42:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.28 10:11:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.06.28 09:55:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.27 22:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.27 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.06.24 11:45:19 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.24 11:45:18 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.24 11:45:11 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.24 11:45:11 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.24 11:45:11 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.24 11:45:02 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.24 11:45:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.20 19:50:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.20 19:50:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.20 19:50:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.20 19:50:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.20 19:50:48 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.20 19:50:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.20 19:50:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.20 18:48:19 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.06.20 18:48:17 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.20 18:48:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.20 18:48:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.20 18:48:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 11:48:42 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.29 11:48:42 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.29 11:48:42 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.29 11:48:42 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.29 11:48:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:48:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 11:43:21 | 1954,959,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 10:24:03 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
[2012.06.29 10:21:39 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 23:25:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.28 23:04:18 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.28 09:50:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.28 09:50:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.27 20:55:52 | 000,000,000 | ---- | M] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.22 14:44:29 | 000,338,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012.06.29 10:21:39 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.28 23:11:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.28 23:11:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.28 23:11:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.28 23:11:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.28 23:11:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.28 23:04:18 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 20:55:52 | 000,000,000 | ---- | C] () -- C:\Users\Krokodil\defogger_reenable
[2011.04.17 16:46:29 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.08 03:44:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.08 03:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.08 03:35:31 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2011.04.08 03:30:19 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 02:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.08 02:54:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.07.27 23:01:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.07.27 23:01:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.27 23:01:08 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.07.27 22:20:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.07.27 22:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.27 22:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.27 22:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

< End of report >

Mfg

Chris4You · 29.06.2012, 16:19

Hi,

sieht gut aus...

Combofix deinstallieren:
Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist.
Combofix deinstallieren

chris

tomatriga · 29.06.2012, 20:30

Hallo,

Super das freut mich. Habe das jetzt deinstalliert und nun fertig, oder muss ich noch was machen?

MfG

TR/ATRAPS.Gen2 und TR/Sirefef.AG.35

Plagegeister aller Art und deren Bekämpfung: TR/ATRAPS.Gen2 und TR/Sirefef.AG.35