| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.06.2013, 14:38
| #1 |
 |  Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hard und Software, Intel i5, 4 GB Ram, DVD-Brenner, 500GB HDD, Windows 7 32bit Proffesional. Hallo ich habe folgendes Problem. Wenn ich den PC normal starte, habe ich nach dem einloggen einen weißen Bildschirm. In den Abgesicherten Modus komme ich nicht da der PC sich nach dem Laden des Abgesicherten Modus sofort neu startet. Nun habe ich versucht das OTLpe zu laden aber wärend des Bootens bekomme ich einen Bluescreen. Habe die CD auch schon mehrfach gebrannt und einen USB Stick probiert, jedesmal Bluescreen beim versuch von dem Medium zu booten. |
|
11.06.2013, 14:39
| #2 |
| /// Malware-holic   | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus hi ins bios gehen, unter advanced, bzw sata pptionen schauen ob ide oder ahci gewählt ist, gegenteiliges konfigurieren, cd erneut probieren
__________________
__________________ |
|
12.06.2013, 06:43
| #3 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus So das hat geklappt und den Scan hab ich auch gemacht, hier ist die OTL Datei
__________________Code:
ATTFilter OTL logfile created on: 6/11/2013 5:57:19 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16443)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files
Drive C: | 100.00 Mb Total Space | 75.30 Mb Free Space | 75.31% Space Free | Partition Type: NTFS
Drive D: | 297.99 Gb Total Space | 244.76 Gb Free Space | 82.14% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - [2013/06/02 10:22:06 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 15:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/19 06:29:42 | 001,699,168 | ---- | M] (TuneUp Software) [Auto] -- D:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/08/24 09:15:52 | 000,577,536 | ---- | M] (Hauppauge Computer Works) [Auto] -- D:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe -- (HauppaugeTVServer)
SRV - [2011/09/06 14:56:23 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/09/06 14:56:23 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- D:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/11/20 09:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/20 03:11:58 | 000,595,232 | ---- | M] (Broadcom Corporation.) [Auto] -- D:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/30 08:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 08:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto] -- D:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/09/21 09:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009/09/21 09:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto] -- D:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/22 09:21:58 | 000,304,592 | ---- | M] () [Auto] -- D:\Program Files\XSManager\WTGService.exe -- (WTGService)
SRV - [2009/06/17 06:28:08 | 000,125,200 | R--- | M] (4G Systems GmbH & Co. KG) [Auto] -- D:\Windows\service4g.exe -- (XS Stick Service)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (USBCCID)
DRV - File not found [Kernel | On_Demand] -- -- (RtsUIR)
DRV - [2012/09/19 05:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- D:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012/08/06 06:18:48 | 000,061,744 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\hcw17bda.sys -- (hcw17bda)
DRV - [2011/09/06 14:56:23 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/06 14:56:23 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/04/01 20:05:36 | 000,642,560 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AVerAF35.sys -- (AVerAF35)
DRV - [2010/02/10 03:01:12 | 000,132,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2010/01/18 03:39:06 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/01/07 12:22:38 | 000,043,520 | ---- | M] (Sentelic Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fspad_wlh32.sys -- (fspad_wlh32)
DRV - [2009/09/17 00:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/09/15 06:40:18 | 006,114,816 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R)
DRV - [2009/07/30 05:45:22 | 000,171,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 19:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/01 00:46:20 | 000,043,944 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
DRV - [2009/05/11 04:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/10/31 10:19:38 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2007/11/05 05:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - D:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Walter_Fink_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE - HKU\Walter_Fink_ON_D\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Walter_Fink_ON_D\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - D:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\Walter_Fink_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\Windows\System32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: D:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - D:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - D:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Walter_Fink_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - D:\Program Files\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\Walter_Fink_ON_D\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] D:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avgnt] D:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [fspuip] D:\Program Files\FSP\FspUip.exe (Sentelic Corporation)
O4 - HKLM..\Run: [HotKeyOSD] D:\Program Files\Hotkey OSD Driver\HotKeyOSD.exe (Dritek System Inc.)
O4 - HKLM..\Run: [IAStorIcon] D:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [starter4g] D:\Windows\starter4g.exe (4G Systems GmbH & Co. KG)
O4 - HKU\Walter_Fink_ON_D..\Run: [ISUSPM] D:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Walter_Fink_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Walter_Fink_ON_D Winlogon: Shell - (C:\Users\Walter Fink\AppData\Roaming\skype.dat) - D:\Users\Walter Fink\AppData\Roaming\skype.dat ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/06/02 10:21:59 | 000,000,000 | -HSD | C] -- D:\Config.Msi
[2010/08/25 13:59:08 | 000,004,096 | ---- | C] ( ) -- D:\Windows\System32\IGFXDEVLib.dll
========== Files - Modified Within 30 Days ==========
[2013/06/11 09:06:12 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/06/11 09:06:10 | 000,000,004 | ---- | M] () -- D:\Users\Walter Fink\AppData\Roaming\skype.ini
[2013/06/11 09:05:08 | 000,654,166 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/06/11 09:05:08 | 000,616,008 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/06/11 09:05:08 | 000,130,006 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/06/11 09:05:08 | 000,106,388 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/06/11 09:00:42 | 000,001,104 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/11 09:00:16 | 2307,280,896 | -HS- | M] () -- D:\hiberfil.sys
[2013/06/11 08:54:41 | 000,001,108 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/11 08:54:24 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/06/07 16:04:37 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 16:04:37 | 000,014,032 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/07 15:46:16 | 000,002,441 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/07 15:43:34 | 000,001,989 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/06/02 10:22:05 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe
[2013/06/02 10:22:05 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/06/07 15:52:14 | 000,000,004 | ---- | C] () -- D:\Users\Walter Fink\AppData\Roaming\skype.ini
[2013/06/07 15:43:34 | 000,002,441 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/06/07 15:43:34 | 000,001,989 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/25 12:02:12 | 000,000,209 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2013/03/25 12:01:48 | 000,037,639 | ---- | C] () -- D:\Windows\Irremote.ini
[2013/03/25 12:01:22 | 000,142,337 | ---- | C] () -- D:\Windows\System32\Wait.exe
[2013/03/25 12:01:01 | 000,006,088 | ---- | C] () -- D:\Windows\HCWPNP.INI
[2012/04/10 12:00:22 | 000,145,920 | ---- | C] () -- D:\Users\Walter Fink\AppData\Roaming\skype.dat
[2011/08/31 17:11:59 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll
[2011/08/31 17:09:52 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe
[2010/08/25 14:30:02 | 000,127,868 | ---- | C] () -- D:\Windows\System32\igcompkrng575.bin
[2010/08/25 14:30:00 | 000,104,796 | ---- | C] () -- D:\Windows\System32\igfcg575m.bin
[2010/06/23 15:22:05 | 000,000,056 | -H-- | C] () -- D:\ProgramData\ezsidmv.dat
[2010/06/11 01:46:41 | 000,000,507 | ---- | C] () -- D:\Windows\ODBC.INI
[2010/02/20 10:16:08 | 000,870,560 | ---- | C] () -- D:\Windows\System32\igkrng575.bin
[2010/02/20 09:32:46 | 000,000,151 | ---- | C] () -- D:\Windows\System32\GfxUI.exe.config
[2010/02/20 09:27:38 | 000,208,896 | ---- | C] () -- D:\Windows\System32\iglhsip32.dll
[2010/02/20 09:27:38 | 000,143,360 | ---- | C] () -- D:\Windows\System32\iglhcp32.dll
[2009/09/18 12:31:53 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat
[2009/09/18 12:31:52 | 000,654,166 | ---- | C] () -- D:\Windows\System32\perfh007.dat
[2009/09/18 12:31:52 | 000,130,006 | ---- | C] () -- D:\Windows\System32\perfc007.dat
[2009/09/18 12:31:52 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,356,664 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,616,008 | ---- | C] () -- D:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,106,388 | ---- | C] () -- D:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat
[2005/10/10 08:00:00 | 000,031,232 | R--- | C] () -- D:\Windows\System32\cmdow.exe
[2005/10/10 08:00:00 | 000,005,702 | ---- | C] () -- D:\Windows\System32\OUTLPERF.INI
========== LOP Check ==========
[2010/06/10 14:38:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/10/30 09:20:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Ask
[2012/12/05 06:37:45 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/06/10 14:38:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2010/06/10 14:38:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2013/03/26 13:17:39 | 000,000,000 | ---D | M] -- D:\ProgramData\Hauppauge
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/06/10 14:38:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 00:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/12/05 06:38:04 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2010/06/10 14:38:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/12/05 06:37:45 | 000,000,000 | -HSD | M] -- D:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2011/11/28 06:56:13 | 000,032,630 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
 |
|
12.06.2013, 14:17
| #4 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hi, auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL
O20 - HKU\Walter_Fink_ON_D Winlogon: Shell - (C:\Users\Walter Fink\AppData\Roaming\skype.dat) - D:\Users\Walter Fink\AppData\Roaming\skype.dat ()
[2013/06/11 09:06:10 | 000,000,004 | ---- | M] () -- D:\Users\Walter Fink\AppData\Roaming\skype.ini
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 15:03
| #5 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus So Windows hat wieder gebootet, die OTL.zip hab ich Hochgeladen und hier ist der log vom Fix. Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\Walter_Fink_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Walter Fink\AppData\Roaming\skype.dat deleted successfully.
D:\Users\Walter Fink\AppData\Roaming\skype.dat moved successfully.
D:\Users\Walter Fink\AppData\Roaming\skype.ini moved successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Walter Fink
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
User: Default User
User: Public
User: Walter Fink
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 224155802 bytes
Total Files Cleaned = 214.00 mb
OTLPE by OldTimer - Version 3.1.48.0 log created on 06122013_204930
|
|
12.06.2013, 15:11
| #6 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Danke. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus |
|
12.06.2013, 15:24
| #7 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hier die Logfile vom TDSSKiller Code:
ATTFilter 21:21:24.0969 5432 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
21:21:24.0984 5432 ============================================================
21:21:24.0984 5432 Current date / time: 2013/06/12 21:21:24.0984
21:21:24.0984 5432 SystemInfo:
21:21:24.0984 5432
21:21:24.0984 5432 OS Version: 6.1.7601 ServicePack: 1.0
21:21:24.0984 5432 Product type: Workstation
21:21:24.0984 5432 ComputerName: WKSFIL14
21:21:24.0984 5432 UserName: Walter Fink
21:21:24.0984 5432 Windows directory: C:\Windows
21:21:24.0984 5432 System windows directory: C:\Windows
21:21:24.0984 5432 Processor architecture: Intel x86
21:21:24.0984 5432 Number of processors: 4
21:21:24.0984 5432 Page size: 0x1000
21:21:24.0984 5432 Boot type: Normal boot
21:21:24.0984 5432 ============================================================
21:21:25.0717 5432 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:21:25.0717 5432 Drive \Device\Harddisk1\DR2 - Size: 0x1EA0000 (0.03 Gb), SectorSize: 0x200, Cylinders: 0x3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:21:25.0717 5432 ============================================================
21:21:25.0717 5432 \Device\Harddisk0\DR0:
21:21:25.0717 5432 MBR partitions:
21:21:25.0717 5432 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:21:25.0717 5432 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800
21:21:25.0717 5432 \Device\Harddisk1\DR2:
21:21:25.0717 5432 MBR partitions:
21:21:25.0717 5432 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x4, StartLBA 0x33, BlocksNum 0xF4CD
21:21:25.0717 5432 ============================================================
21:21:25.0749 5432 C: <-> \Device\Harddisk0\DR0\Partition2
21:21:25.0749 5432 ============================================================
21:21:25.0749 5432 Initialize success
21:21:25.0749 5432 ============================================================
21:22:11.0031 3256 ============================================================
21:22:11.0031 3256 Scan started
21:22:11.0031 3256 Mode: Manual; SigCheck; TDLFS;
21:22:11.0031 3256 ============================================================
21:22:11.0453 3256 ================ Scan system memory ========================
21:22:11.0453 3256 System memory - ok
21:22:11.0453 3256 ================ Scan services =============================
21:22:11.0655 3256 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:22:11.0749 3256 1394ohci - ok
21:22:11.0780 3256 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:22:11.0811 3256 ACPI - ok
21:22:11.0858 3256 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:22:11.0874 3256 AcpiPmi - ok
21:22:11.0983 3256 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:22:11.0999 3256 AdobeARMservice - ok
21:22:12.0123 3256 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:22:12.0155 3256 AdobeFlashPlayerUpdateSvc - ok
21:22:12.0233 3256 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
21:22:12.0264 3256 adp94xx - ok
21:22:12.0295 3256 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
21:22:12.0326 3256 adpahci - ok
21:22:12.0342 3256 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
21:22:12.0373 3256 adpu320 - ok
21:22:12.0404 3256 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:22:12.0435 3256 AeLookupSvc - ok
21:22:12.0482 3256 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
21:22:12.0513 3256 AFD - ok
21:22:12.0545 3256 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
21:22:12.0560 3256 agp440 - ok
21:22:12.0623 3256 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
21:22:12.0654 3256 aic78xx - ok
21:22:12.0716 3256 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
21:22:12.0747 3256 ALG - ok
21:22:12.0794 3256 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
21:22:12.0810 3256 aliide - ok
21:22:12.0841 3256 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
21:22:12.0857 3256 amdagp - ok
21:22:12.0872 3256 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
21:22:12.0888 3256 amdide - ok
21:22:12.0919 3256 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
21:22:12.0950 3256 AmdK8 - ok
21:22:12.0966 3256 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
21:22:12.0997 3256 AmdPPM - ok
21:22:13.0044 3256 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:22:13.0059 3256 amdsata - ok
21:22:13.0091 3256 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
21:22:13.0106 3256 amdsbs - ok
21:22:13.0137 3256 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:22:13.0153 3256 amdxata - ok
21:22:13.0200 3256 [ C27D46B06D340293670450FCE9DFB166 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:22:13.0215 3256 AntiVirSchedulerService - ok
21:22:13.0262 3256 [ 72D90E56563165984224493069C69ED4 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:22:13.0278 3256 AntiVirService - ok
21:22:13.0325 3256 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
21:22:13.0371 3256 AppID - ok
21:22:13.0403 3256 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:22:13.0449 3256 AppIDSvc - ok
21:22:13.0481 3256 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
21:22:13.0527 3256 Appinfo - ok
21:22:13.0574 3256 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
21:22:13.0605 3256 AppMgmt - ok
21:22:13.0637 3256 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
21:22:13.0652 3256 arc - ok
21:22:13.0668 3256 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
21:22:13.0699 3256 arcsas - ok
21:22:13.0730 3256 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:22:13.0777 3256 AsyncMac - ok
21:22:13.0824 3256 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
21:22:13.0839 3256 atapi - ok
21:22:13.0886 3256 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:22:13.0933 3256 AudioEndpointBuilder - ok
21:22:13.0949 3256 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
21:22:14.0011 3256 Audiosrv - ok
21:22:14.0073 3256 [ 335695874407763E72FC61B8D7FB01AA ] AVerAF35 C:\Windows\system32\Drivers\AVerAF35.sys
21:22:14.0120 3256 AVerAF35 - ok
21:22:14.0136 3256 [ 1E4114685DE1FFA9675E09C6A1FB3F4B ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
21:22:14.0167 3256 avgntflt - ok
21:22:14.0229 3256 [ 0F78D3DAE6DEDD99AE54C9491C62ADF2 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
21:22:14.0261 3256 avipbb - ok
21:22:14.0292 3256 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:22:14.0354 3256 AxInstSV - ok
21:22:14.0401 3256 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
21:22:14.0432 3256 b06bdrv - ok
21:22:14.0479 3256 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
21:22:14.0510 3256 b57nd60x - ok
21:22:14.0573 3256 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
21:22:14.0604 3256 BDESVC - ok
21:22:14.0635 3256 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
21:22:14.0697 3256 Beep - ok
21:22:14.0760 3256 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
21:22:14.0807 3256 BFE - ok
21:22:14.0853 3256 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
21:22:14.0931 3256 BITS - ok
21:22:14.0947 3256 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:22:14.0963 3256 blbdrive - ok
21:22:14.0994 3256 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:22:15.0009 3256 bowser - ok
21:22:15.0041 3256 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:22:15.0056 3256 BrFiltLo - ok
21:22:15.0103 3256 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:22:15.0134 3256 BrFiltUp - ok
21:22:15.0165 3256 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
21:22:15.0212 3256 Browser - ok
21:22:15.0243 3256 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:22:15.0290 3256 Brserid - ok
21:22:15.0306 3256 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:22:15.0337 3256 BrSerWdm - ok
21:22:15.0384 3256 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:22:15.0399 3256 BrUsbMdm - ok
21:22:15.0446 3256 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:22:15.0477 3256 BrUsbSer - ok
21:22:15.0524 3256 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
21:22:15.0555 3256 BthEnum - ok
21:22:15.0587 3256 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
21:22:15.0618 3256 BTHMODEM - ok
21:22:15.0633 3256 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:22:15.0649 3256 BthPan - ok
21:22:15.0711 3256 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:22:15.0743 3256 BTHPORT - ok
21:22:15.0805 3256 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
21:22:15.0852 3256 bthserv - ok
21:22:15.0899 3256 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:22:15.0914 3256 BTHUSB - ok
21:22:15.0945 3256 [ 92C5B845803F3662637EB691AC0B250F ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
21:22:15.0977 3256 btusbflt - ok
21:22:16.0023 3256 [ 7E826BE3B3558208D5C9B00034E51BE5 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
21:22:16.0039 3256 btwaudio - ok
21:22:16.0086 3256 [ AF9148C3E844131AC954CB53FF43D971 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
21:22:16.0101 3256 btwavdt - ok
21:22:16.0179 3256 [ 45F36763576B8AE91E809337DC7CE4E6 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:22:16.0195 3256 btwdins - ok
21:22:16.0211 3256 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
21:22:16.0226 3256 btwl2cap - ok
21:22:16.0257 3256 [ 480B3D195854B2E55299CDDDDC50BCF9 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
21:22:16.0289 3256 btwrchid - ok
21:22:16.0304 3256 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:22:16.0351 3256 cdfs - ok
21:22:16.0413 3256 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:22:16.0429 3256 cdrom - ok
21:22:16.0476 3256 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
21:22:16.0523 3256 CertPropSvc - ok
21:22:16.0569 3256 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
21:22:16.0585 3256 circlass - ok
21:22:16.0647 3256 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
21:22:16.0663 3256 CLFS - ok
21:22:16.0788 3256 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:22:16.0803 3256 clr_optimization_v2.0.50727_32 - ok
21:22:16.0897 3256 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:22:16.0913 3256 clr_optimization_v4.0.30319_32 - ok
21:22:16.0928 3256 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:22:16.0944 3256 CmBatt - ok
21:22:16.0991 3256 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:22:17.0006 3256 cmdide - ok
21:22:17.0037 3256 [ 675D67423980FC1784B93AA47D350A31 ] cmnsusbser C:\Windows\system32\DRIVERS\cmnsusbser.sys
21:22:17.0069 3256 cmnsusbser - ok
21:22:17.0115 3256 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
21:22:17.0162 3256 CNG - ok
21:22:17.0193 3256 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:22:17.0209 3256 Compbatt - ok
21:22:17.0256 3256 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
21:22:17.0271 3256 CompositeBus - ok
21:22:17.0287 3256 COMSysApp - ok
21:22:17.0318 3256 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
21:22:17.0334 3256 crcdisk - ok
21:22:17.0381 3256 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:22:17.0412 3256 CryptSvc - ok
21:22:17.0427 3256 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
21:22:17.0459 3256 CSC - ok
21:22:17.0505 3256 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
21:22:17.0537 3256 CscService - ok
21:22:17.0583 3256 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
21:22:17.0646 3256 DcomLaunch - ok
21:22:17.0677 3256 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
21:22:17.0739 3256 defragsvc - ok
21:22:17.0755 3256 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:22:17.0802 3256 DfsC - ok
21:22:17.0849 3256 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:22:17.0880 3256 Dhcp - ok
21:22:17.0911 3256 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
21:22:17.0958 3256 discache - ok
21:22:17.0989 3256 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
21:22:18.0005 3256 Disk - ok
21:22:18.0036 3256 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:22:18.0083 3256 Dnscache - ok
21:22:18.0114 3256 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
21:22:18.0161 3256 dot3svc - ok
21:22:18.0207 3256 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
21:22:18.0254 3256 DPS - ok
21:22:18.0301 3256 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:22:18.0317 3256 drmkaud - ok
21:22:18.0363 3256 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:22:18.0410 3256 DXGKrnl - ok
21:22:18.0457 3256 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
21:22:18.0504 3256 EapHost - ok
21:22:18.0629 3256 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
21:22:18.0769 3256 ebdrv - ok
21:22:18.0800 3256 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
21:22:18.0831 3256 EFS - ok
21:22:18.0878 3256 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:22:18.0925 3256 ehRecvr - ok
21:22:18.0956 3256 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
21:22:18.0987 3256 ehSched - ok
21:22:19.0034 3256 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
21:22:19.0065 3256 elxstor - ok
21:22:19.0081 3256 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:22:19.0097 3256 ErrDev - ok
21:22:19.0159 3256 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
21:22:19.0206 3256 EventSystem - ok
21:22:19.0315 3256 [ A57BE3307ADA2FC086B5B43135735283 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:22:19.0362 3256 EvtEng - ok
21:22:19.0393 3256 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
21:22:19.0455 3256 exfat - ok
21:22:19.0502 3256 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:22:19.0580 3256 fastfat - ok
21:22:19.0627 3256 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
21:22:19.0689 3256 Fax - ok
21:22:19.0705 3256 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
21:22:19.0752 3256 fdc - ok
21:22:19.0783 3256 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
21:22:19.0845 3256 fdPHost - ok
21:22:19.0861 3256 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
21:22:19.0939 3256 FDResPub - ok
21:22:19.0970 3256 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:22:19.0986 3256 FileInfo - ok
21:22:20.0001 3256 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:22:20.0079 3256 Filetrace - ok
21:22:20.0095 3256 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
21:22:20.0111 3256 flpydisk - ok
21:22:20.0173 3256 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:22:20.0204 3256 FltMgr - ok
21:22:20.0267 3256 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
21:22:20.0345 3256 FontCache - ok
21:22:20.0423 3256 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:22:20.0438 3256 FontCache3.0.0.0 - ok
21:22:20.0454 3256 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:22:20.0485 3256 FsDepends - ok
21:22:20.0532 3256 [ F15E39F40448815AECE76D08845B1763 ] fspad_wlh32 C:\Windows\system32\DRIVERS\fspad_wlh32.sys
21:22:20.0547 3256 fspad_wlh32 - ok
21:22:20.0579 3256 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:22:20.0610 3256 Fs_Rec - ok
21:22:20.0688 3256 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:22:20.0735 3256 fvevol - ok
21:22:20.0781 3256 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
21:22:20.0797 3256 gagp30kx - ok
21:22:20.0844 3256 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
21:22:20.0922 3256 gpsvc - ok
21:22:21.0000 3256 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:21.0015 3256 gupdate - ok
21:22:21.0031 3256 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
21:22:21.0062 3256 gupdatem - ok
21:22:21.0140 3256 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
21:22:21.0171 3256 gusvc - ok
21:22:21.0265 3256 [ CCEEE2B29DC6A6F6F702D282CA407033 ] HauppaugeTVServer C:\Program Files\WinTV\TVServer\HauppaugeTVServer.exe
21:22:21.0296 3256 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - warning
21:22:21.0296 3256 HauppaugeTVServer - detected UnsignedFile.Multi.Generic (1)
21:22:21.0343 3256 [ B77CE38D72F6D620836E26D0F18E0FDE ] hcw17bda C:\Windows\system32\drivers\hcw17bda.sys
21:22:21.0374 3256 hcw17bda - ok
21:22:21.0405 3256 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:22:21.0452 3256 hcw85cir - ok
21:22:21.0546 3256 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:22:21.0577 3256 HdAudAddService - ok
21:22:21.0624 3256 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
21:22:21.0655 3256 HDAudBus - ok
21:22:21.0717 3256 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys
21:22:21.0749 3256 HECI - ok
21:22:21.0811 3256 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
21:22:21.0827 3256 HidBatt - ok
21:22:21.0873 3256 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
21:22:21.0905 3256 HidBth - ok
21:22:21.0920 3256 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
21:22:21.0951 3256 HidIr - ok
21:22:22.0014 3256 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
21:22:22.0076 3256 hidserv - ok
21:22:22.0123 3256 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:22:22.0154 3256 HidUsb - ok
21:22:22.0185 3256 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:22:22.0248 3256 hkmsvc - ok
21:22:22.0295 3256 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:22:22.0341 3256 HomeGroupListener - ok
21:22:22.0404 3256 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:22:22.0435 3256 HomeGroupProvider - ok
21:22:22.0466 3256 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:22:22.0497 3256 HpSAMD - ok
21:22:22.0560 3256 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:22:22.0622 3256 HTTP - ok
21:22:22.0669 3256 [ 4E370A583E78B614918C8F2CD5B733EF ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
21:22:22.0700 3256 hwdatacard - ok
21:22:22.0716 3256 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:22:22.0747 3256 hwpolicy - ok
21:22:22.0778 3256 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
21:22:22.0794 3256 i8042prt - ok
21:22:22.0887 3256 [ ED3D980E2D3E15FE179269699D65F5A7 ] ialm C:\Windows\system32\DRIVERS\igxpmp32.sys
21:22:23.0028 3256 ialm - ok
21:22:23.0059 3256 [ EDF5ECC965FAAA533D35E02F47B9132E ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
21:22:23.0106 3256 iaStor - ok
21:22:23.0168 3256 [ CC800D2D9FD467542BAC7C186C4774AD ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:22:23.0184 3256 IAStorDataMgrSvc - ok
21:22:23.0231 3256 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:22:23.0262 3256 iaStorV - ok
21:22:23.0324 3256 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:22:23.0387 3256 idsvc - ok
21:22:23.0667 3256 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
21:22:24.0120 3256 igfx - ok
21:22:24.0151 3256 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
21:22:24.0182 3256 iirsp - ok
21:22:24.0229 3256 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
21:22:24.0307 3256 IKEEXT - ok
21:22:24.0354 3256 [ 03C0D99BC2913226F1CEA7CB0D984659 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
21:22:24.0369 3256 Impcd - ok
21:22:24.0479 3256 [ 8C513F0F34CBA1E146922562BEA4C7A1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
21:22:24.0681 3256 IntcAzAudAddService - ok
21:22:24.0697 3256 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
21:22:24.0713 3256 intelide - ok
21:22:24.0759 3256 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:22:24.0775 3256 intelppm - ok
21:22:24.0806 3256 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:22:24.0884 3256 IPBusEnum - ok
21:22:24.0915 3256 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:22:24.0962 3256 IpFilterDriver - ok
21:22:25.0025 3256 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:22:25.0056 3256 iphlpsvc - ok
21:22:25.0087 3256 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:22:25.0134 3256 IPMIDRV - ok
21:22:25.0196 3256 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:22:25.0259 3256 IPNAT - ok
21:22:25.0290 3256 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:22:25.0337 3256 IRENUM - ok
21:22:25.0383 3256 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:22:25.0399 3256 isapnp - ok
21:22:25.0461 3256 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:22:25.0493 3256 iScsiPrt - ok
21:22:25.0524 3256 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
21:22:25.0555 3256 kbdclass - ok
21:22:25.0571 3256 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
21:22:25.0602 3256 kbdhid - ok
21:22:25.0617 3256 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
21:22:25.0649 3256 KeyIso - ok
21:22:25.0695 3256 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:22:25.0711 3256 KSecDD - ok
21:22:25.0758 3256 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:22:25.0773 3256 KSecPkg - ok
21:22:25.0820 3256 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
21:22:25.0883 3256 KtmRm - ok
21:22:25.0929 3256 [ 325651DF5C85C372DBA3C45DF2F4FE70 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys
21:22:25.0961 3256 L1C - ok
21:22:25.0992 3256 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
21:22:26.0039 3256 LanmanServer - ok
21:22:26.0054 3256 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:22:26.0132 3256 LanmanWorkstation - ok
21:22:26.0163 3256 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:22:26.0241 3256 lltdio - ok
21:22:26.0273 3256 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:22:26.0335 3256 lltdsvc - ok
21:22:26.0351 3256 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
21:22:26.0413 3256 lmhosts - ok
21:22:26.0475 3256 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:22:26.0507 3256 LMS - ok
21:22:26.0553 3256 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
21:22:26.0585 3256 LSI_FC - ok
21:22:26.0616 3256 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
21:22:26.0631 3256 LSI_SAS - ok
21:22:26.0663 3256 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:22:26.0678 3256 LSI_SAS2 - ok
21:22:26.0709 3256 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:22:26.0741 3256 LSI_SCSI - ok
21:22:26.0756 3256 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
21:22:26.0819 3256 luafv - ok
21:22:26.0834 3256 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:22:26.0865 3256 Mcx2Svc - ok
21:22:26.0881 3256 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
21:22:26.0897 3256 megasas - ok
21:22:26.0943 3256 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
21:22:26.0959 3256 MegaSR - ok
21:22:26.0990 3256 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
21:22:27.0037 3256 MMCSS - ok
21:22:27.0053 3256 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
21:22:27.0099 3256 Modem - ok
21:22:27.0131 3256 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:22:27.0162 3256 monitor - ok
21:22:27.0209 3256 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:22:27.0224 3256 mouclass - ok
21:22:27.0271 3256 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:22:27.0287 3256 mouhid - ok
21:22:27.0333 3256 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:22:27.0349 3256 mountmgr - ok
21:22:27.0396 3256 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
21:22:27.0411 3256 mpio - ok
21:22:27.0427 3256 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:22:27.0489 3256 mpsdrv - ok
21:22:27.0536 3256 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:22:27.0614 3256 MpsSvc - ok
21:22:27.0630 3256 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:22:27.0661 3256 MRxDAV - ok
21:22:27.0708 3256 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:22:27.0723 3256 mrxsmb - ok
21:22:27.0755 3256 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:22:27.0801 3256 mrxsmb10 - ok
21:22:27.0817 3256 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:22:27.0833 3256 mrxsmb20 - ok
21:22:27.0864 3256 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
21:22:27.0879 3256 msahci - ok
21:22:27.0895 3256 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:22:27.0926 3256 msdsm - ok
21:22:27.0942 3256 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
21:22:27.0973 3256 MSDTC - ok
21:22:28.0004 3256 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:22:28.0067 3256 Msfs - ok
21:22:28.0082 3256 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:22:28.0129 3256 mshidkmdf - ok
21:22:28.0160 3256 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:22:28.0191 3256 msisadrv - ok
21:22:28.0207 3256 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:22:28.0285 3256 MSiSCSI - ok
21:22:28.0285 3256 msiserver - ok
21:22:28.0347 3256 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:22:28.0425 3256 MSKSSRV - ok
21:22:28.0457 3256 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:22:28.0503 3256 MSPCLOCK - ok
21:22:28.0535 3256 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:22:28.0597 3256 MSPQM - ok
21:22:28.0613 3256 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:22:28.0644 3256 MsRPC - ok
21:22:28.0675 3256 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
21:22:28.0691 3256 mssmbios - ok
21:22:28.0722 3256 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:22:28.0784 3256 MSTEE - ok
21:22:28.0800 3256 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
21:22:28.0831 3256 MTConfig - ok
21:22:28.0862 3256 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
21:22:28.0878 3256 Mup - ok
21:22:28.0925 3256 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
21:22:28.0987 3256 napagent - ok
21:22:29.0034 3256 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:22:29.0081 3256 NativeWifiP - ok
21:22:29.0127 3256 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
21:22:29.0174 3256 NDIS - ok
21:22:29.0190 3256 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:22:29.0268 3256 NdisCap - ok
21:22:29.0283 3256 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:22:29.0361 3256 NdisTapi - ok
21:22:29.0408 3256 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:22:29.0486 3256 Ndisuio - ok
21:22:29.0517 3256 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:22:29.0595 3256 NdisWan - ok
21:22:29.0611 3256 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:22:29.0689 3256 NDProxy - ok
21:22:29.0720 3256 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:22:29.0798 3256 NetBIOS - ok
21:22:29.0829 3256 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:22:29.0907 3256 NetBT - ok
21:22:29.0923 3256 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
21:22:29.0954 3256 Netlogon - ok
21:22:30.0001 3256 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
21:22:30.0095 3256 Netman - ok
21:22:30.0126 3256 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
21:22:30.0219 3256 netprofm - ok
21:22:30.0282 3256 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:22:30.0313 3256 NetTcpPortSharing - ok
21:22:30.0500 3256 [ EF51B405AD8ACAAE6F0231290D20F516 ] NETw5s32 C:\Windows\system32\DRIVERS\NETw5s32.sys
21:22:30.0812 3256 NETw5s32 - ok
21:22:30.0859 3256 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
21:22:30.0906 3256 nfrd960 - ok
21:22:30.0937 3256 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:22:30.0984 3256 NlaSvc - ok
21:22:30.0999 3256 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:22:31.0093 3256 Npfs - ok
21:22:31.0124 3256 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
21:22:31.0202 3256 nsi - ok
21:22:31.0218 3256 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:22:31.0296 3256 nsiproxy - ok
21:22:31.0358 3256 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:22:31.0467 3256 Ntfs - ok
21:22:31.0514 3256 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
21:22:31.0592 3256 Null - ok
21:22:31.0639 3256 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:22:31.0655 3256 nvraid - ok
21:22:31.0686 3256 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:22:31.0733 3256 nvstor - ok
21:22:31.0748 3256 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:22:31.0779 3256 nv_agp - ok
21:22:31.0826 3256 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:22:31.0857 3256 ohci1394 - ok
21:22:31.0904 3256 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:22:31.0935 3256 ose - ok
21:22:31.0982 3256 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:22:32.0045 3256 p2pimsvc - ok
21:22:32.0076 3256 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
21:22:32.0123 3256 p2psvc - ok
21:22:32.0201 3256 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:22:32.0232 3256 Parport - ok
21:22:32.0263 3256 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:22:32.0294 3256 partmgr - ok
21:22:32.0310 3256 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
21:22:32.0341 3256 Parvdm - ok
21:22:32.0403 3256 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
21:22:32.0450 3256 PcaSvc - ok
21:22:32.0481 3256 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
21:22:32.0528 3256 pci - ok
21:22:32.0544 3256 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
21:22:32.0575 3256 pciide - ok
21:22:32.0606 3256 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
21:22:32.0637 3256 pcmcia - ok
21:22:32.0669 3256 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
21:22:32.0700 3256 pcw - ok
21:22:32.0747 3256 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:22:32.0856 3256 PEAUTH - ok
21:22:32.0918 3256 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:22:33.0012 3256 PeerDistSvc - ok
21:22:33.0105 3256 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
21:22:33.0261 3256 pla - ok
21:22:33.0293 3256 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:22:33.0355 3256 PlugPlay - ok
21:22:33.0371 3256 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:22:33.0417 3256 PNRPAutoReg - ok
21:22:33.0449 3256 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:22:33.0495 3256 PNRPsvc - ok
21:22:33.0542 3256 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:22:33.0651 3256 PolicyAgent - ok
21:22:33.0698 3256 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
21:22:33.0776 3256 Power - ok
21:22:33.0807 3256 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:22:33.0901 3256 PptpMiniport - ok
21:22:33.0917 3256 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
21:22:33.0963 3256 Processor - ok
21:22:33.0995 3256 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
21:22:34.0057 3256 ProfSvc - ok
21:22:34.0057 3256 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:22:34.0104 3256 ProtectedStorage - ok
21:22:34.0135 3256 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:22:34.0213 3256 Psched - ok
21:22:34.0275 3256 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
21:22:34.0385 3256 ql2300 - ok
21:22:34.0400 3256 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
21:22:34.0431 3256 ql40xx - ok
21:22:34.0463 3256 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
21:22:34.0494 3256 QWAVE - ok
21:22:34.0525 3256 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:22:34.0556 3256 QWAVEdrv - ok
21:22:34.0603 3256 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:22:34.0665 3256 RasAcd - ok
21:22:34.0712 3256 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:22:34.0759 3256 RasAgileVpn - ok
21:22:34.0775 3256 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
21:22:34.0853 3256 RasAuto - ok
21:22:34.0868 3256 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:22:34.0931 3256 Rasl2tp - ok
21:22:34.0993 3256 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
21:22:35.0055 3256 RasMan - ok
21:22:35.0071 3256 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:22:35.0149 3256 RasPppoe - ok
21:22:35.0180 3256 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:22:35.0243 3256 RasSstp - ok
21:22:35.0258 3256 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:22:35.0336 3256 rdbss - ok
21:22:35.0336 3256 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:22:35.0383 3256 rdpbus - ok
21:22:35.0445 3256 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:22:35.0508 3256 RDPCDD - ok
21:22:35.0555 3256 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:22:35.0601 3256 RDPDR - ok
21:22:35.0633 3256 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:22:35.0695 3256 RDPENCDD - ok
21:22:35.0711 3256 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:22:35.0773 3256 RDPREFMP - ok
21:22:35.0804 3256 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:22:35.0835 3256 RDPWD - ok
21:22:35.0882 3256 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:22:35.0913 3256 rdyboost - ok
21:22:35.0976 3256 [ A171029D6B6C2D93C22861A347F43C2A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:22:36.0023 3256 RegSrvc - ok
21:22:36.0054 3256 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
21:22:36.0116 3256 RemoteAccess - ok
21:22:36.0163 3256 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:22:36.0225 3256 RemoteRegistry - ok
21:22:36.0257 3256 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:22:36.0288 3256 RFCOMM - ok
21:22:36.0319 3256 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:22:36.0381 3256 RpcEptMapper - ok
21:22:36.0428 3256 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
21:22:36.0475 3256 RpcLocator - ok
21:22:36.0491 3256 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
21:22:36.0569 3256 RpcSs - ok
21:22:36.0631 3256 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:22:36.0709 3256 rspndr - ok
21:22:36.0771 3256 [ EF8B2AFC3C0751C5E5A59983C8893260 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
21:22:36.0803 3256 RSUSBSTOR - ok
21:22:36.0818 3256 RtsUIR - ok
21:22:36.0865 3256 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:22:36.0896 3256 s3cap - ok
21:22:36.0927 3256 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
21:22:36.0959 3256 SamSs - ok
21:22:37.0005 3256 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:22:37.0037 3256 sbp2port - ok
21:22:37.0068 3256 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:22:37.0130 3256 SCardSvr - ok
21:22:37.0177 3256 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:22:37.0224 3256 scfilter - ok
21:22:37.0271 3256 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
21:22:37.0364 3256 Schedule - ok
21:22:37.0380 3256 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
21:22:37.0442 3256 SCPolicySvc - ok
21:22:37.0458 3256 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:22:37.0505 3256 SDRSVC - ok
21:22:37.0536 3256 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:22:37.0614 3256 secdrv - ok
21:22:37.0629 3256 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
21:22:37.0692 3256 seclogon - ok
21:22:37.0739 3256 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
21:22:37.0817 3256 SENS - ok
21:22:37.0863 3256 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:22:37.0910 3256 SensrSvc - ok
21:22:37.0957 3256 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
21:22:37.0988 3256 Serenum - ok
21:22:38.0019 3256 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
21:22:38.0051 3256 Serial - ok
21:22:38.0066 3256 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
21:22:38.0082 3256 sermouse - ok
21:22:38.0129 3256 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
21:22:38.0175 3256 SessionEnv - ok
21:22:38.0207 3256 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:22:38.0253 3256 sffdisk - ok
21:22:38.0269 3256 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:22:38.0300 3256 sffp_mmc - ok
21:22:38.0347 3256 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:22:38.0363 3256 sffp_sd - ok
21:22:38.0425 3256 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
21:22:38.0441 3256 sfloppy - ok
21:22:38.0503 3256 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:22:38.0565 3256 SharedAccess - ok
21:22:38.0612 3256 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:22:38.0690 3256 ShellHWDetection - ok
21:22:38.0737 3256 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
21:22:38.0753 3256 sisagp - ok
21:22:38.0799 3256 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:22:38.0831 3256 SiSRaid2 - ok
21:22:38.0846 3256 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
21:22:38.0862 3256 SiSRaid4 - ok
21:22:38.0893 3256 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:22:38.0955 3256 Smb - ok
21:22:39.0018 3256 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:22:39.0049 3256 SNMPTRAP - ok
21:22:39.0065 3256 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
21:22:39.0080 3256 spldr - ok
21:22:39.0127 3256 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
21:22:39.0158 3256 Spooler - ok
21:22:39.0267 3256 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
21:22:39.0486 3256 sppsvc - ok
21:22:39.0517 3256 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:22:39.0595 3256 sppuinotify - ok
21:22:39.0626 3256 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:22:39.0673 3256 srv - ok
21:22:39.0689 3256 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:22:39.0735 3256 srv2 - ok
21:22:39.0751 3256 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:22:39.0782 3256 srvnet - ok
21:22:39.0829 3256 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:22:39.0907 3256 SSDPSRV - ok
21:22:39.0969 3256 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
21:22:40.0001 3256 ssmdrv - ok
21:22:40.0016 3256 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:22:40.0110 3256 SstpSvc - ok
21:22:40.0141 3256 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
21:22:40.0172 3256 stexstor - ok
21:22:40.0219 3256 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
21:22:40.0297 3256 StiSvc - ok
21:22:40.0328 3256 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
21:22:40.0359 3256 storflt - ok
21:22:40.0391 3256 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
21:22:40.0422 3256 StorSvc - ok
21:22:40.0453 3256 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:22:40.0484 3256 storvsc - ok
21:22:40.0515 3256 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
21:22:40.0547 3256 swenum - ok
21:22:40.0578 3256 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
21:22:40.0671 3256 swprv - ok
21:22:40.0749 3256 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
21:22:40.0843 3256 SysMain - ok
21:22:40.0905 3256 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:22:40.0952 3256 TabletInputService - ok
21:22:40.0983 3256 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
21:22:41.0077 3256 TapiSrv - ok
21:22:41.0108 3256 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
21:22:41.0186 3256 TBS - ok
21:22:41.0233 3256 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:22:41.0358 3256 Tcpip - ok
21:22:41.0405 3256 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:22:41.0483 3256 TCPIP6 - ok
21:22:41.0545 3256 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:22:41.0576 3256 tcpipreg - ok
21:22:41.0623 3256 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:22:41.0670 3256 TDPIPE - ok
21:22:41.0701 3256 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:22:41.0732 3256 TDTCP - ok
21:22:41.0779 3256 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:22:41.0857 3256 tdx - ok
21:22:41.0873 3256 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
21:22:41.0904 3256 TermDD - ok
21:22:41.0951 3256 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
21:22:42.0044 3256 TermService - ok
21:22:42.0091 3256 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
21:22:42.0138 3256 Themes - ok
21:22:42.0138 3256 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
21:22:42.0216 3256 THREADORDER - ok
21:22:42.0231 3256 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
21:22:42.0309 3256 TrkWks - ok
21:22:42.0372 3256 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:22:42.0434 3256 TrustedInstaller - ok
21:22:42.0465 3256 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:22:42.0528 3256 tssecsrv - ok
21:22:42.0606 3256 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:22:42.0653 3256 TsUsbFlt - ok
21:22:42.0793 3256 [ 7D133CB3A08BDFAE656A6580D4A6ED14 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
21:22:42.0902 3256 TuneUp.UtilitiesSvc - ok
21:22:42.0965 3256 [ 94C4CD2D19B8C4137A46261F229FEC24 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys
21:22:42.0996 3256 TuneUpUtilitiesDrv - ok
21:22:43.0043 3256 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:22:43.0121 3256 tunnel - ok
21:22:43.0152 3256 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
21:22:43.0183 3256 uagp35 - ok
21:22:43.0214 3256 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:22:43.0277 3256 udfs - ok
21:22:43.0323 3256 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:22:43.0355 3256 UI0Detect - ok
21:22:43.0417 3256 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:22:43.0448 3256 uliagpkx - ok
21:22:43.0511 3256 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
21:22:43.0542 3256 umbus - ok
21:22:43.0573 3256 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:22:43.0604 3256 UmPass - ok
21:22:43.0651 3256 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
21:22:43.0698 3256 UmRdpService - ok
21:22:43.0854 3256 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:22:44.0041 3256 UNS - ok
21:22:44.0088 3256 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
21:22:44.0181 3256 upnphost - ok
21:22:44.0197 3256 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:22:44.0259 3256 usbccgp - ok
21:22:44.0259 3256 USBCCID - ok
21:22:44.0306 3256 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:22:44.0337 3256 usbcir - ok
21:22:44.0369 3256 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
21:22:44.0415 3256 usbehci - ok
21:22:44.0462 3256 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:22:44.0509 3256 usbhub - ok
21:22:44.0540 3256 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:22:44.0556 3256 usbohci - ok
21:22:44.0587 3256 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
21:22:44.0649 3256 usbprint - ok
21:22:44.0665 3256 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:22:44.0727 3256 USBSTOR - ok
21:22:44.0743 3256 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:22:44.0774 3256 usbuhci - ok
21:22:44.0837 3256 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
21:22:44.0883 3256 usbvideo - ok
21:22:44.0930 3256 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
21:22:44.0993 3256 UxSms - ok
21:22:45.0008 3256 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
21:22:45.0039 3256 VaultSvc - ok
21:22:45.0071 3256 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:22:45.0102 3256 vdrvroot - ok
21:22:45.0149 3256 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
21:22:45.0242 3256 vds - ok
21:22:45.0273 3256 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:22:45.0320 3256 vga - ok
21:22:45.0336 3256 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:22:45.0414 3256 VgaSave - ok
21:22:45.0461 3256 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:22:45.0492 3256 vhdmp - ok
21:22:45.0539 3256 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
21:22:45.0570 3256 viaagp - ok
21:22:45.0601 3256 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
21:22:45.0648 3256 ViaC7 - ok
21:22:45.0663 3256 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
21:22:45.0695 3256 viaide - ok
21:22:45.0741 3256 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
21:22:45.0773 3256 vmbus - ok
21:22:45.0804 3256 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:22:45.0851 3256 VMBusHID - ok
21:22:45.0866 3256 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:22:45.0897 3256 volmgr - ok
21:22:45.0929 3256 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:22:45.0975 3256 volmgrx - ok
21:22:46.0007 3256 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:22:46.0038 3256 volsnap - ok
21:22:46.0069 3256 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
21:22:46.0100 3256 vsmraid - ok
21:22:46.0178 3256 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
21:22:46.0287 3256 VSS - ok
21:22:46.0303 3256 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:22:46.0350 3256 vwifibus - ok
21:22:46.0381 3256 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:22:46.0412 3256 vwififlt - ok
21:22:46.0443 3256 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:22:46.0506 3256 vwifimp - ok
21:22:46.0537 3256 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
21:22:46.0615 3256 W32Time - ok
21:22:46.0646 3256 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
21:22:46.0662 3256 WacomPen - ok
21:22:46.0693 3256 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:22:46.0771 3256 WANARP - ok
21:22:46.0787 3256 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:22:46.0865 3256 Wanarpv6 - ok
21:22:46.0927 3256 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
21:22:47.0021 3256 wbengine - ok
21:22:47.0052 3256 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:22:47.0099 3256 WbioSrvc - ok
21:22:47.0145 3256 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:22:47.0192 3256 wcncsvc - ok
21:22:47.0208 3256 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:22:47.0255 3256 WcsPlugInService - ok
21:22:47.0301 3256 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
21:22:47.0317 3256 Wd - ok
21:22:47.0364 3256 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:22:47.0442 3256 Wdf01000 - ok
21:22:47.0457 3256 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:22:47.0551 3256 WdiServiceHost - ok
21:22:47.0551 3256 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:22:47.0598 3256 WdiSystemHost - ok
21:22:47.0629 3256 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
21:22:47.0676 3256 WebClient - ok
21:22:47.0723 3256 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
21:22:47.0801 3256 Wecsvc - ok
21:22:47.0816 3256 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:22:47.0894 3256 wercplsupport - ok
21:22:47.0925 3256 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
21:22:48.0019 3256 WerSvc - ok
21:22:48.0050 3256 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:22:48.0113 3256 WfpLwf - ok
21:22:48.0144 3256 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:22:48.0175 3256 WIMMount - ok
21:22:48.0269 3256 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:22:48.0331 3256 WinDefend - ok
21:22:48.0347 3256 WinHttpAutoProxySvc - ok
21:22:48.0425 3256 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:22:48.0503 3256 Winmgmt - ok
21:22:48.0565 3256 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
21:22:48.0705 3256 WinRM - ok
21:22:48.0783 3256 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
21:22:48.0815 3256 WinUsb - ok
21:22:48.0877 3256 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:22:48.0955 3256 Wlansvc - ok
21:22:49.0002 3256 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
21:22:49.0033 3256 WmiAcpi - ok
21:22:49.0080 3256 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:22:49.0111 3256 wmiApSrv - ok
21:22:49.0189 3256 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:22:49.0283 3256 WMPNetworkSvc - ok
21:22:49.0314 3256 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:22:49.0345 3256 WPCSvc - ok
21:22:49.0376 3256 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:22:49.0423 3256 WPDBusEnum - ok
21:22:49.0470 3256 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:22:49.0532 3256 ws2ifsl - ok
21:22:49.0548 3256 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
21:22:49.0595 3256 wscsvc - ok
21:22:49.0595 3256 WSearch - ok
21:22:49.0673 3256 [ 67C1BCCCB4B59552BD62827F812A3A8B ] WTGService C:\Program Files\XSManager\WTGService.exe
21:22:49.0704 3256 WTGService - ok
21:22:49.0797 3256 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
21:22:49.0922 3256 wuauserv - ok
21:22:49.0953 3256 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:22:50.0000 3256 WudfPf - ok
21:22:50.0047 3256 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:22:50.0063 3256 WUDFRd - ok
21:22:50.0109 3256 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:22:50.0125 3256 wudfsvc - ok
21:22:50.0156 3256 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
21:22:50.0203 3256 WwanSvc - ok
21:22:50.0234 3256 [ 4A8DE57515970066E1AFC562CBE818C7 ] XS Stick Service C:\Windows\service4g.exe
21:22:50.0265 3256 XS Stick Service - ok
21:22:50.0297 3256 ================ Scan global ===============================
21:22:50.0328 3256 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:22:50.0359 3256 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:22:50.0375 3256 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
21:22:50.0406 3256 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:22:50.0437 3256 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:22:50.0453 3256 [Global] - ok
21:22:50.0453 3256 ================ Scan MBR ==================================
21:22:50.0468 3256 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:22:50.0858 3256 \Device\Harddisk0\DR0 - ok
21:22:50.0874 3256 ================ Scan VBR ==================================
21:22:50.0874 3256 [ 8FB2D88B79521C96CC25CF11B9D4D51B ] \Device\Harddisk0\DR0\Partition1
21:22:50.0874 3256 \Device\Harddisk0\DR0\Partition1 - ok
21:22:50.0905 3256 [ 44553F28FC797405BFFBDB427C9354A9 ] \Device\Harddisk0\DR0\Partition2
21:22:50.0905 3256 \Device\Harddisk0\DR0\Partition2 - ok
21:22:50.0921 3256 ============================================================
21:22:50.0921 3256 Scan finished
21:22:50.0921 3256 ============================================================
21:22:50.0936 4136 Detected object count: 1
21:22:50.0936 4136 Actual detected object count: 1
21:23:03.0370 4136 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - skipped by user
21:23:03.0385 4136 HauppaugeTVServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
12.06.2013, 15:26
| #8 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.06.2013, 15:43
| #9 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Die Log Datei von Combofix Code:
ATTFilter ComboFix 13-06-08.02 - Walter Fink 12.06.2013 21:35:10.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2934.1677 [GMT 2:00]
ausgeführt von:: c:\users\Walter Fink\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\IsUn0407.exe
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-12 bis 2013-06-12 ))))))))))))))))))))))))))))))
.
.
2013-06-13 00:49 . 2013-06-13 00:49 -------- d-----w- C:\_OTL
2013-06-12 19:40 . 2013-06-12 19:40 -------- d-----w- c:\users\Walter Fink\AppData\Local\temp
2013-06-12 19:40 . 2013-06-12 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-12 19:39 . 2013-06-12 19:40 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B102A65-7CDA-474C-A71B-46F1D9CB7791}\offreg.dll
2013-06-07 20:01 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B102A65-7CDA-474C-A71B-46F1D9CB7791}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-02 14:22 . 2012-04-10 17:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-02 14:22 . 2011-08-31 19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-06-10 19:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-24 17:47 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 15:25 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:25 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 15:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 15:25 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-01-12 8423968]
"fspuip"="c:\program files\FSP\fspuip.exe" [2010-01-06 3354624]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]
"HotKeyOSD"="c:\program files\Hotkey OSD Driver\HotKeyOSD.exe" [2010-01-18 232528]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-22 281768]
"starter4g"="c:\windows\starter4g.exe" [2009-06-17 157968]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2013-3-26 117344]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-10-20 795936]
WinTV Recording Status.lnk - c:\program files\WinTV\WinTV7\WinTVTray.exe [2013-3-26 155136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2013-04-25 15:36 1648264 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-31 19:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [2010-04-02 642560]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2012-08-06 61744]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-06 136360]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2012-08-24 577536]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-19 1699168]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S2 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-06-22 304592]
S2 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-06-17 125200]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2010-01-07 43520]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-01-18 66600]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-19 10088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 67996074
*Deregistered* - 67996074
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:22]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 19:03]
.
2013-06-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Walter Fink\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{66223E8A-8EDA-4718-AC69-369DA3D393AA}: NameServer = 192.168.0.10
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-797345483-2753674056-3930043987-1000\Software\SecuROM\License information*]
"datasecu"=hex:72,e1,71,18,e8,20,22,cf,2a,23,8a,df,ac,24,5f,d7,97,91,5b,93,b0,
8e,14,08,7d,ed,4f,12,48,35,44,09,7c,82,95,31,16,93,a9,86,9c,9b,ad,08,ab,56,\
"rkeysecu"=hex:a8,ad,61,ed,81,92,a7,7c,ef,2c,62,ee,f4,4f,aa,48
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-12 21:42:05
ComboFix-quarantined-files.txt 2013-06-12 19:42
.
Vor Suchlauf: 12 Verzeichnis(se), 271.751.598.080 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 271.755.091.968 Bytes frei
.
- - End Of File - - 3F57B414722B9B376EFB8EBC5E019E88
A36C5E4F47E84449FF07ED3517B43A31
|
|
12.06.2013, 17:05
| #10 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 07:19
| #11 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Mir ist der Rechner während des 2. Combofix Durchgangs abgestürtzt aufgrund von Überhitzung. Wie soll ich weiter machen? Er fährt normal in Windows hoch. Geändert von mopses (13.06.2013 um 07:26 Uhr) |
|
13.06.2013, 12:05
| #12 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus wieso überhitzt dein Rechner schon bei Combofix. ast du den schon mal von innen gereinigt? combofix noch mal ausführen bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 12:49
| #13 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Ja das is halt n mist Laptop :-D, egal hier ist die 2. Log von Combofix :-) Code:
ATTFilter ComboFix 13-06-08.02 - Walter Fink 13.06.2013 18:40:28.4.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.2934.2020 [GMT 2:00]
ausgeführt von:: c:\users\Walter Fink\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-05-13 bis 2013-06-13 ))))))))))))))))))))))))))))))
.
.
2013-06-13 16:45 . 2013-06-13 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-13 00:49 . 2013-06-13 00:49 -------- d-----w- C:\_OTL
2013-06-12 19:42 . 2013-06-13 16:45 -------- d-----w- c:\users\Walter Fink\AppData\Local\temp
2013-06-07 20:01 . 2013-05-13 06:19 7016152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B102A65-7CDA-474C-A71B-46F1D9CB7791}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-13 16:45 . 2013-06-13 16:45 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B102A65-7CDA-474C-A71B-46F1D9CB7791}\offreg.dll
2013-06-02 14:22 . 2012-04-10 17:05 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-02 14:22 . 2011-08-31 19:02 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-06-10 19:04 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-12 13:45 . 2013-04-24 17:47 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 05:04 . 2013-04-10 15:25 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 15:25 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:48 . 2013-04-10 15:25 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 02:49 . 2013-04-10 15:25 69632 ----a-w- c:\windows\system32\smss.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-04-25 1520776]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2011-05-09 09:49 176936 ----a-w- c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\program files\DVDVideoSoftTB_DE\prxtbDVDV.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-02-22 281768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AutoStart IR.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutoStart IR.lnk
backup=c:\windows\pss\AutoStart IR.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WinTV Recording Status.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk
backup=c:\windows\pss\WinTV Recording Status.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-18 19:08 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
2013-04-25 15:36 1648264 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fspuip]
2010-01-06 16:56 3354624 ----a-w- c:\program files\FSP\FspUip.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeyOSD]
2010-01-18 07:35 232528 ----a-w- c:\program files\Hotkey OSD Driver\HotKeyOSD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-08-25 18:45 171032 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
2009-11-20 13:25 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-08-25 18:45 136216 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2007-03-29 13:41 222128 ----a-w- c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-08-25 18:45 170520 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2010-01-12 10:23 8423968 ------w- c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-05-13 14:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\starter4g]
2009-06-17 10:28 157968 ----a-r- c:\windows\starter4g.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-09-17 11:41 254896 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-31 19:03 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
R3 AVerAF35;AVerMedia A835 USB DVB-T;c:\windows\system32\Drivers\AVerAF35.sys [2010-04-02 642560]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-07-01 43944]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2008-10-31 103424]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2012-08-06 61744]
R3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-07-30 171520]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-19 10088]
R4 HauppaugeTVServer;HauppaugeTVServer;c:\program files\WinTV\TVServer\HauppaugeTVServer.exe [2012-08-24 577536]
R4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-19 1699168]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
R4 WTGService;WTGService;c:\program files\XSManager\WTGService.exe [2009-06-22 304592]
R4 XS Stick Service;XS Stick Service;c:\windows\service4g.exe [2009-06-17 125200]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-09-06 136360]
S3 fspad_wlh32;Finger Sensing Pad Driver for Windows 2000/XP/Vista/Win7_wlh32;c:\windows\system32\DRIVERS\fspad_wlh32.sys [2010-01-07 43520]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 132352]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-01-18 66600]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 14:22]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 19:03]
.
2013-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-31 19:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2625848
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to MP3 Converter - c:\users\Walter Fink\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{66223E8A-8EDA-4718-AC69-369DA3D393AA}: NameServer = 192.168.0.10
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-797345483-2753674056-3930043987-1000\Software\SecuROM\License information*]
"datasecu"=hex:72,e1,71,18,e8,20,22,cf,2a,23,8a,df,ac,24,5f,d7,97,91,5b,93,b0,
8e,14,08,7d,ed,4f,12,48,35,44,09,7c,82,95,31,16,93,a9,86,9c,9b,ad,08,ab,56,\
"rkeysecu"=hex:a8,ad,61,ed,81,92,a7,7c,ef,2c,62,ee,f4,4f,aa,48
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-06-13 18:46:57
ComboFix-quarantined-files.txt 2013-06-13 16:46
ComboFix2.txt 2013-06-12 19:42
.
Vor Suchlauf: 14 Verzeichnis(se), 270.583.857.152 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 270.534.549.504 Bytes frei
.
- - End Of File - - 736532D681724AEEA9E1DEC15996F957
A36C5E4F47E84449FF07ED3517B43A31
|
|
13.06.2013, 13:06
| #14 |
| /// Malware-holic | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus Hiho, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.06.2013, 14:17
| #15 |
| | Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus 3 Funde hatte mbam. Hier ist das Log. Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.06.13.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Walter Fink :: WKSFIL14 [Administrator] 13.06.2013 19:28:41 mbam-log-2013-06-13 (19-28-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 288548 Laufzeit: 44 Minute(n), 27 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\Walter Fink\Desktop\_OTL.zip (Trojan.Agent.instb) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\cmdow.exe (PUP.Tool) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\_OTL\MovedFiles\06122013_204930\D_Users\Walter Fink\AppData\Roaming\skype.dat (Trojan.Agent.instb) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
| Themen zu Trojaner, weißer Bildschirm nach Windows 7 Start und sofortige Abmeldung im Abgesicherten Modus |
| 500gb, abgesicherten, abmeldung, bildschirm, einloggen, folge, folgendes, intel, laden, modus, neu, pc normal, ram, sofort, software, start, starte, stick, trojaner, usb, usb stick, versucht, weiße, weißer, weißer bildschirm otl, windows, windows 7, windows 7 32bit, wärend |
WARNUNG an die MITLESER: 
Linear-Darstellung
