| |
| |||||||
Log-Analyse und Auswertung: Kaspersky Rescue Disc Log AuswertungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
05.03.2015, 11:26
| #1 | |
 |  Kaspersky Rescue Disc Log Auswertung Hallo  habe gestern an einem Rechner die Rescue Disc laufen lassen. Kenne mich in dem Gebiet leider nicht aus und wollte mal nachfragen wie bedrohlich die Trojaner sind die gefunden wurden. Desweiteren sind manche dabei welche anscheinend nicht desinfiziert werden konnten: "Nicht desinfizierte Objekte: "? Zitat:
Dominik Geändert von feiste (05.03.2015 um 11:44 Uhr) |
|
05.03.2015, 11:37
| #2 |
| /// the machine /// TB-Ausbilder    | Kaspersky Rescue Disc Log Auswertung Hi,
__________________Logs bitte immer in den thread posten.
__________________ |
|
05.03.2015, 11:45
| #3 | |
| | Kaspersky Rescue Disc Log AuswertungZitat:
|
|
05.03.2015, 18:55
| #4 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung Jop, da haben wir Arbeit Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.03.2015, 09:33
| #5 |
| | Kaspersky Rescue Disc Log Auswertung Erstmal vielen Dank für die Hilfe!! Alles klar erledige ich heute im laufe des Tages. VG Dominik Konnte den Scan jetzt durchführen: Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 04-03-2015
Ran by Ulmer-Kemo at 2015-03-06 09:03:22
Running from C:\
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Anti-Virus (Enabled - Out of date) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus (Disabled) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
CITIZEN CT-S310II Printer Driver (x32) (HKLM\...\{F1014FF9-FFA2-44E9-B1DD-13EA24933FC3}) (Version: 2.002.005.2 - CITIZEN SYSTEMS JAPAN)
CITIZEN Driver Port Setting (Version: 1.03.0000 - CITIZEN SYSTEMS JAPAN) Hidden
CITIZEN Journal Viewer & Status Monitor (HKLM\...\{680DED1F-770C-4826-B22F-2375A34D2739}) (Version: 1.03.0000 - CITIZEN SYSTEMS JAPAN)
CITIZEN Journal Viewer (Version: 1.03.0000 - CITIZEN SYSTEMS JAPAN) Hidden
CITIZEN Printer COM Port (HKLM\...\{5AB6DDE7-B1A7-4E8C-8811-5457852DBBEF}) (Version: 1.00.0001 - CITIZEN SYSTEMS JAPAN)
CITIZEN Status Monitor Library (Version: 1.30.0001 - CITIZEN SYSTEMS JAPAN) Hidden
CITIZEN Windows Driver Guide (Version: 2.02.0000 - CITIZEN SYSTEMS JAPAN) Hidden
eGalaxTouch (HKLM\...\{C6A750AE-6029-4435-9A8D-06507AA46798}) (Version: 1.00.000 - eGalaxTouch)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 6.14.10.5244 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM\...\{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}) (Version: 14.8.43.0 - Intel)
Kaspersky Anti-Virus (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Anti-Virus (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Microsoft .NET Framework 2.0 Language Pack - DEU (HKLM\...\Microsoft .NET Framework 2.0 Language Pack - DEU) (Version: - Microsoft Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.6101 - Realtek Semiconductor Corp.)
Sicherheitsupdate für Windows XP (KB923789) (HKLM\...\KB923789) (Version: - Microsoft Corporation)
UltraVNC 1.0.8.2 (HKLM\...\Ultravnc2_is1) (Version: 1.0.8.2 - 1.0.8.2)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (11/29/2011 2.08.14) (HKLM\...\334D65D3E7E8B3090306ABDD7BAF3783FB2300E2) (Version: 11/29/2011 2.08.14 - FTDI)
Windows-Treiberpaket - FTDI CDM Driver Package (11/29/2011 2.08.14) (HKLM\...\6E3E26874C9AB98D9F6C77A024C3C5301F429D38) (Version: 11/29/2011 2.08.14 - FTDI)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-01-2013 01:26:09 Systemprüfpunkt
27-01-2013 02:26:09 Systemprüfpunkt
28-01-2013 03:26:09 Systemprüfpunkt
29-01-2013 04:26:09 Systemprüfpunkt
30-01-2013 04:58:25 Systemprüfpunkt
31-01-2013 06:01:14 Systemprüfpunkt
01-02-2013 06:07:59 Systemprüfpunkt
02-02-2013 12:36:39 Systemprüfpunkt
03-02-2013 12:56:45 Systemprüfpunkt
04-02-2013 17:40:52 Systemprüfpunkt
05-02-2013 18:38:36 Systemprüfpunkt
06-02-2013 19:06:21 Systemprüfpunkt
07-02-2013 19:10:12 Systemprüfpunkt
08-02-2013 19:54:48 Systemprüfpunkt
09-02-2013 20:54:48 Systemprüfpunkt
10-02-2013 21:54:47 Systemprüfpunkt
11-02-2013 21:54:53 Systemprüfpunkt
12-02-2013 22:54:51 Systemprüfpunkt
13-02-2013 23:54:52 Systemprüfpunkt
15-02-2013 00:51:11 Systemprüfpunkt
16-02-2013 01:51:11 Systemprüfpunkt
18-02-2013 06:09:42 Systemprüfpunkt
19-02-2013 16:35:05 Systemprüfpunkt
20-02-2013 18:41:21 Systemprüfpunkt
21-02-2013 18:50:58 Systemprüfpunkt
22-02-2013 18:58:11 Systemprüfpunkt
23-02-2013 19:51:30 Systemprüfpunkt
24-02-2013 20:51:30 Systemprüfpunkt
25-02-2013 20:53:36 Systemprüfpunkt
26-02-2013 21:53:35 Systemprüfpunkt
27-02-2013 22:53:35 Systemprüfpunkt
28-02-2013 23:53:35 Systemprüfpunkt
01-03-2013 23:54:13 Systemprüfpunkt
03-03-2013 00:46:59 Systemprüfpunkt
04-03-2013 01:46:58 Systemprüfpunkt
05-03-2013 01:53:47 Systemprüfpunkt
06-03-2013 02:53:47 Systemprüfpunkt
07-03-2013 03:53:47 Systemprüfpunkt
08-03-2013 04:53:47 Systemprüfpunkt
09-03-2013 05:53:47 Systemprüfpunkt
10-03-2013 06:53:47 Systemprüfpunkt
11-03-2013 14:04:47 Systemprüfpunkt
12-03-2013 14:38:11 Systemprüfpunkt
13-03-2013 19:00:50 Systemprüfpunkt
14-03-2013 19:02:14 Systemprüfpunkt
15-03-2013 19:03:27 Systemprüfpunkt
16-03-2013 19:32:48 Systemprüfpunkt
17-03-2013 20:32:48 Systemprüfpunkt
18-03-2013 21:32:48 Systemprüfpunkt
19-03-2013 22:32:48 Systemprüfpunkt
20-03-2013 23:32:48 Systemprüfpunkt
22-03-2013 00:32:48 Systemprüfpunkt
23-03-2013 01:32:48 Systemprüfpunkt
24-03-2013 02:32:48 Systemprüfpunkt
25-03-2013 03:32:48 Systemprüfpunkt
26-03-2013 04:32:48 Systemprüfpunkt
27-03-2013 05:32:48 Systemprüfpunkt
28-03-2013 16:33:10 Systemprüfpunkt
29-03-2013 17:32:48 Systemprüfpunkt
30-03-2013 18:32:48 Systemprüfpunkt
31-03-2013 19:32:48 Systemprüfpunkt
01-04-2013 20:32:48 Systemprüfpunkt
02-04-2013 21:32:48 Systemprüfpunkt
03-04-2013 22:32:48 Systemprüfpunkt
04-04-2013 23:32:48 Systemprüfpunkt
06-04-2013 00:32:48 Systemprüfpunkt
07-04-2013 01:32:48 Systemprüfpunkt
08-04-2013 02:32:48 Systemprüfpunkt
09-04-2013 03:32:48 Systemprüfpunkt
10-04-2013 04:32:48 Systemprüfpunkt
11-04-2013 05:33:53 Systemprüfpunkt
12-04-2013 13:06:42 Systemprüfpunkt
13-04-2013 13:32:48 Systemprüfpunkt
14-04-2013 14:32:48 Systemprüfpunkt
15-04-2013 15:04:47 Systemprüfpunkt
16-04-2013 17:46:56 Systemprüfpunkt
17-04-2013 18:32:48 Systemprüfpunkt
18-04-2013 18:50:29 Systemprüfpunkt
19-04-2013 19:50:28 Systemprüfpunkt
20-04-2013 20:49:27 Systemprüfpunkt
21-04-2013 21:49:26 Systemprüfpunkt
22-04-2013 22:49:26 Systemprüfpunkt
23-04-2013 23:49:26 Systemprüfpunkt
25-04-2013 00:49:26 Systemprüfpunkt
16-09-2013 09:35:03 Installation eines unsignierten Treibers
18-02-2015 15:29:18 First Restore Point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2008-04-14 13:00 - 2008-04-14 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) ==============
2013-02-16 07:14 - 2011-08-07 05:01 - 00040960 _____ () C:\WINDOWS\mod32\bpkwb.dll
2013-02-16 07:14 - 2011-08-07 05:01 - 00008704 _____ () C:\WINDOWS\mod32\bpkhk.dll
2013-02-16 07:14 - 2011-08-07 05:01 - 00401408 _____ () C:\WINDOWS\mod32\bpk.exe
2011-07-18 11:53 - 2006-02-09 12:38 - 00561664 _____ () C:\kasse_win\touch.dll
2011-07-18 11:53 - 2002-07-24 04:52 - 00032768 _____ () C:\kasse_win\inpout32.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 8.8.8.8
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^LaunchTouchMon.lnk => C:\WINDOWS\pss\LaunchTouchMon.lnkCommon Startup
MSCONFIG\startupfolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Message.lnk => C:\WINDOWS\pss\Message.lnkCommon Startup
MSCONFIG\startupreg: ClearTKHandle => C:\Programme\eGalaxTouch\ClearTKHandle.exe
MSCONFIG\startupreg: CTFMON.EXE => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: HotKeysCmds => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: Persistence => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: RTHDCPL => RTHDCPL.EXE
==================== Accounts: =============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015
Ran by Ulmer-Kemo (administrator) on SYSTEM-V0475 on 06-03-2015 09:07:29
Running from C:\
Loaded Profiles: Ulmer-Kemo (Available profiles: Ulmer-Kemo)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(UltraVNC) C:\Programme\UltraVNC\winvnc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
() C:\WINDOWS\mod32\bpk.exe
(UltraVNC) C:\Programme\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Ulmer-Kemo GmbH) C:\kasse_win\winkasse.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
HKLM\...\Run: [bpk] => C:\WINDOWS\mod32\bpk.exe [401408 2011-08-07] ()
HKU\S-1-5-21-1844237615-448539723-299502267-1004\...\MountPoints2: {38207741-b11b-11e0-96e5-806d6172696f} - D:\autorun.exe
Startup: C:\Dokumente und Einstellungen\Ulmer-Kemo\Startmenü\Programme\Autostart\winkasse.lnk
ShortcutTarget: winkasse.lnk -> C:\kasse_win\winkasse.exe (Ulmer-Kemo GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ulmer-kemo.de/
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: IE Plugin Class -> {1E1B2879-88FF-11D3-8D96-D7ACAC95951A} -> C:\WINDOWS\mod32\bpkwb.dll ()
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{1D441218-89C8-4ED8-8F35-4786A8243580}: [NameServer] 8.8.8.8
FireFox:
========
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-15]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-18]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.2; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 uvnc_service; C:\Programme\UltraVNC\WinVNC.exe [1590216 2009-12-07] (UltraVNC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2009-10-20] (Intel Corporation)
S3 EGXFilter; C:\WINDOWS\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
R3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2996 2011-07-18] (Buzz) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [37896 2014-08-19] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [690872 2014-12-13] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 xTouch; C:\WINDOWS\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S4 IntelIde; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 08:59 - 2015-03-06 09:07 - 00000000 ____D () C:\FRST
2015-03-06 08:52 - 2015-03-06 08:52 - 00000000 ____D () C:\Support
2015-03-04 19:30 - 2015-03-05 07:38 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2015-02-18 16:33 - 2015-02-18 16:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-02-18 16:33 - 2015-02-18 16:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-448539723-299502267-1004-0.dat
2015-02-18 16:00 - 2008-04-14 07:52 - 00021504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidserv.dll
2015-02-18 16:00 - 2008-04-14 07:52 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-02-18 15:59 - 2008-04-14 00:15 - 00032128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys
2015-02-18 15:59 - 2008-04-14 00:15 - 00032128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-02-18 15:47 - 2015-02-18 16:30 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-18 15:46 - 2015-02-18 15:57 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG
2015-02-18 15:46 - 2015-02-18 15:46 - 00262144 _____ () C:\WINDOWS\system32\config\elam
2015-02-18 15:32 - 2015-02-18 15:32 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Kaspersky Anti-Virus
2015-02-18 15:32 - 2015-02-18 15:31 - 00001808 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Kaspersky Anti-Virus.lnk
2015-02-18 15:29 - 2015-03-06 08:49 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2015-02-18 15:29 - 2015-02-18 15:29 - 00000000 ____D () C:\Programme\Kaspersky Lab
2015-02-18 15:28 - 2014-12-13 18:21 - 00690872 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-02-18 15:28 - 2014-11-28 18:19 - 00116936 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klflt.sys
2015-02-18 15:28 - 2014-10-22 21:13 - 00035016 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klhk.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 09:08 - 2011-07-18 09:31 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp
2015-03-06 09:03 - 2013-02-16 07:14 - 00000000 ____D () C:\WINDOWS\mod32
2015-03-06 08:53 - 2012-08-14 08:59 - 00181709 _____ () C:\WINDOWS\setupapi.log
2015-03-06 08:53 - 2012-08-14 08:47 - 00000584 _____ () C:\WINDOWS\setupact.log
2015-03-06 08:49 - 2011-07-18 11:53 - 00000000 ____D () C:\kasse_win
2015-03-06 05:54 - 2013-09-06 04:55 - 00000052 _____ () C:\Kasse_Winmf.log
2015-03-06 03:44 - 2011-07-18 09:03 - 02096048 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-05 07:08 - 2011-07-18 09:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-05 07:07 - 2011-07-18 09:31 - 00027786 _____ () C:\WINDOWS\SchedLgU.Txt
2015-03-05 07:07 - 2011-07-18 09:31 - 00000190 ___SH () C:\Dokumente und Einstellungen\Ulmer-Kemo\ntuser.ini
2015-03-04 19:52 - 2013-02-16 07:08 - 00000000 ____D () C:\WINDOWS\matanii
2015-03-04 18:17 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-18 15:59 - 2013-10-17 20:03 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Anwendungsdaten\NET Framework
2015-02-18 15:36 - 2011-07-18 09:44 - 00012328 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-02-18 15:32 - 2011-07-18 09:53 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-02-18 15:29 - 2011-07-18 09:53 - 00000000 ___RD () C:\Programme
2015-02-18 15:25 - 2011-07-18 11:59 - 00001483 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Startmenü\Bildschirmtastatur.lnk
2015-02-13 07:48 - 2013-08-26 04:51 - 00001912 _____ () C:\WINDOWS\system32\perfb419.dat
2015-02-13 07:48 - 2013-04-26 01:42 - 00004090 _____ () C:\WINDOWS\system32\DebugConsole.log
==================== Files in the root of some directories =======
2008-02-05 12:28 - 2008-02-05 12:28 - 0000051 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Anwendungsdaten\setup.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- --- --- --- |
|
06.03.2015, 16:20
| #6 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung XP??? Und die Kiste darf noch Online????? Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Kaspersky Rescue Disc Log Auswertung |
|
23.04.2015, 09:19
| #7 |
| | Kaspersky Rescue Disc Log Auswertung Hallo Schrauber, hier die Logs. Vielen Dank!! TDSKiller Code:
ATTFilter 08:52:54.0921 0x0d9c TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
08:52:58.0734 0x0d9c ============================================================
08:52:58.0734 0x0d9c Current date / time: 2015/04/23 08:52:58.0734
08:52:58.0734 0x0d9c SystemInfo:
08:52:58.0734 0x0d9c
08:52:58.0734 0x0d9c OS Version: 5.1.2600 ServicePack: 3.0
08:52:58.0734 0x0d9c Product type: Workstation
08:52:58.0734 0x0d9c ComputerName: SYSTEM-V0475
08:52:58.0734 0x0d9c UserName: Ulmer-Kemo
08:52:58.0734 0x0d9c Windows directory: C:\WINDOWS
08:52:58.0734 0x0d9c System windows directory: C:\WINDOWS
08:52:58.0750 0x0d9c Processor architecture: Intel x86
08:52:58.0750 0x0d9c Number of processors: 2
08:52:58.0750 0x0d9c Page size: 0x1000
08:52:58.0750 0x0d9c Boot type: Normal boot
08:52:58.0750 0x0d9c ============================================================
08:53:09.0296 0x0d9c KLMD registered as C:\WINDOWS\system32\drivers\85266321.sys
08:53:11.0968 0x0d9c System UUID: {644670B5-B5E6-21F3-2A74-C4385452F409}
08:53:13.0984 0x0d9c Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:53:14.0000 0x0d9c Drive \Device\Harddisk1\DR4 - Size: 0x39B000000 ( 14.42 Gb ), SectorSize: 0x200, Cylinders: 0x75A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:53:14.0000 0x0d9c ============================================================
08:53:14.0000 0x0d9c \Device\Harddisk0\DR0:
08:53:14.0000 0x0d9c MBR partitions:
08:53:14.0000 0x0d9c \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
08:53:14.0000 0x0d9c \Device\Harddisk1\DR4:
08:53:14.0000 0x0d9c MBR partitions:
08:53:14.0000 0x0d9c \Device\Harddisk1\DR4\Partition1: MBR, Type 0xC, StartLBA 0x1F80, BlocksNum 0x1CD6080
08:53:14.0000 0x0d9c ============================================================
08:53:14.0031 0x0d9c C: <-> \Device\Harddisk0\DR0\Partition1
08:53:14.0031 0x0d9c ============================================================
08:53:14.0031 0x0d9c Initialize success
08:53:14.0031 0x0d9c ============================================================
08:53:54.0187 0x0dd8 ============================================================
08:53:54.0187 0x0dd8 Scan started
08:53:54.0187 0x0dd8 Mode: Manual; SigCheck; TDLFS;
08:53:54.0187 0x0dd8 ============================================================
08:53:54.0187 0x0dd8 KSN ping started
08:53:54.0281 0x0dd8 KSN ping finished: false
08:53:55.0125 0x0dd8 ================ Scan system memory ========================
08:53:55.0125 0x0dd8 System memory - ok
08:53:55.0125 0x0dd8 ================ Scan services =============================
08:53:55.0250 0x0dd8 Abiosdsk - ok
08:53:55.0250 0x0dd8 abp480n5 - ok
08:53:55.0328 0x0dd8 [ AC407F1A62C3A300B4F2B5A9F1D55B2C, 31F5FC61B37E22100B3A52A590295A7E827FFC581FA9960C64B9032452AAECED ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:53:56.0250 0x0dd8 ACPI - ok
08:53:56.0343 0x0dd8 [ 9E1CA3160DAFB159CA14F83B1E317F75, 13B3E897B0E819BF734449416D9EC6EBCAC89538EC69BF48C068593B82D57004 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
08:53:56.0609 0x0dd8 ACPIEC - ok
08:53:56.0609 0x0dd8 adpu160m - ok
08:53:56.0656 0x0dd8 [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec C:\WINDOWS\system32\drivers\aec.sys
08:53:57.0015 0x0dd8 aec - ok
08:53:57.0078 0x0dd8 [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD C:\WINDOWS\System32\drivers\afd.sys
08:53:57.0187 0x0dd8 AFD - ok
08:53:57.0203 0x0dd8 Aha154x - ok
08:53:57.0218 0x0dd8 aic78u2 - ok
08:53:57.0250 0x0dd8 aic78xx - ok
08:53:57.0281 0x0dd8 [ 738D80CC01D7BC7584BE917B7F544394, DCC17AAEF5CDDF52FAAC3CC6904EF421CD595F66318A2370BEE261D5C3A8E340 ] Alerter C:\WINDOWS\system32\alrsvc.dll
08:53:57.0531 0x0dd8 Alerter - ok
08:53:57.0562 0x0dd8 [ 190CD73D4984F94D823F9444980513E5, 93A32C2495CCA094F768BA707C74DA5C00B8A88A9236DD1A297439A7C2E6C6FA ] ALG C:\WINDOWS\System32\alg.exe
08:53:57.0671 0x0dd8 ALG - ok
08:53:57.0687 0x0dd8 AliIde - ok
08:53:57.0828 0x0dd8 [ 267FC636801EDC5AB28E14036349E3BE, CFEF5DF5F9BE820283376BB86DB3CF6609C02D316A742E17459A2BFA42E724E0 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
08:53:58.0296 0x0dd8 Ambfilt - ok
08:53:58.0312 0x0dd8 amsint - ok
08:53:58.0328 0x0dd8 AppMgmt - ok
08:53:58.0328 0x0dd8 asc - ok
08:53:58.0343 0x0dd8 asc3350p - ok
08:53:58.0359 0x0dd8 asc3550 - ok
08:53:58.0453 0x0dd8 [ 0E5E4957549056E2BF2C49F4F6B601AD, F7F19FDC906B719A3516D30A9B4A2262C8CC5B36B94E3D4195C345EC4610FF2B ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
08:53:58.0687 0x0dd8 aspnet_state - ok
08:53:58.0703 0x0dd8 [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:53:59.0109 0x0dd8 AsyncMac - ok
08:53:59.0156 0x0dd8 [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
08:53:59.0515 0x0dd8 atapi - ok
08:53:59.0515 0x0dd8 Atdisk - ok
08:53:59.0546 0x0dd8 [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:53:59.0796 0x0dd8 Atmarpc - ok
08:53:59.0828 0x0dd8 [ 58ED0D5452DF7BE732193E7999C6B9A4, 254E2ECF592DDA2E3E6CA9F6F3E77926E2265586A7937BA95199ED47BCDE69A3 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
08:54:00.0062 0x0dd8 AudioSrv - ok
08:54:00.0125 0x0dd8 [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
08:54:00.0359 0x0dd8 audstub - ok
08:54:00.0671 0x0dd8 [ CF467DE3D15EFB58C4DB780DF234EB34, B75CB9DFB86BE951505419A078F5993268062E2586CBA896B36E97BA768BD15D ] AVP15.0.2 C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
08:54:00.0734 0x0dd8 AVP15.0.2 - ok
08:54:00.0796 0x0dd8 [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep C:\WINDOWS\system32\drivers\Beep.sys
08:54:01.0125 0x0dd8 Beep - ok
08:54:01.0203 0x0dd8 [ D6F603772A789BB3228F310D650B8BD1, A539025C70FD998A9B8703DE05CAE5E99BC721D8852EA561EBC2DD20CB371D2E ] BITS C:\WINDOWS\system32\qmgr.dll
08:54:01.0515 0x0dd8 BITS - ok
08:54:01.0562 0x0dd8 [ B42057F06BBB98B31876C0B3F2B54E33, 779AF28378E8D37E784BEDBEE23DCFFC6C9C9068180F2A9058C91047E33ED078 ] Browser C:\WINDOWS\System32\browser.dll
08:54:01.0781 0x0dd8 Browser - ok
08:54:01.0796 0x0dd8 [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
08:54:02.0031 0x0dd8 cbidf2k - ok
08:54:02.0046 0x0dd8 cd20xrnt - ok
08:54:02.0078 0x0dd8 [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
08:54:02.0281 0x0dd8 Cdaudio - ok
08:54:02.0296 0x0dd8 [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
08:54:02.0875 0x0dd8 Cdfs - ok
08:54:02.0921 0x0dd8 [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:54:03.0171 0x0dd8 Cdrom - ok
08:54:03.0187 0x0dd8 Changer - ok
08:54:03.0203 0x0dd8 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E, ACB458E8A11AA2143734A5A0281973D95158E6402A6453F98F9832D1E19B01F9 ] CiSvc C:\WINDOWS\system32\cisvc.exe
08:54:03.0406 0x0dd8 CiSvc - ok
08:54:03.0468 0x0dd8 [ 778A30ED3C134EB7E406AFC407E9997D, 3E6AD115AB2596EB001BC21AEADDBC75F27C42DB90C986B7AD17743CE631234E ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
08:54:03.0859 0x0dd8 ClipSrv - ok
08:54:03.0937 0x0dd8 [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:54:04.0234 0x0dd8 clr_optimization_v2.0.50727_32 - ok
08:54:04.0296 0x0dd8 [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:54:04.0343 0x0dd8 clr_optimization_v4.0.30319_32 - ok
08:54:04.0359 0x0dd8 CmdIde - ok
08:54:04.0421 0x0dd8 [ 1A5800ECFBB105B2674D2C0F3885C3E1, 8FF7205CEEAD7EAE71BCA940F62F4724B59EB10D97E1D3F8BB69A125246BFD7D ] cm_km_w C:\WINDOWS\system32\DRIVERS\cm_km_w.sys
08:54:04.0500 0x0dd8 cm_km_w - ok
08:54:04.0515 0x0dd8 COMSysApp - ok
08:54:04.0546 0x0dd8 Cpqarray - ok
08:54:04.0640 0x0dd8 [ 611F824E5C703A5A899F84C5F1699E4D, 9EFA5612FE58E9974E4CC13D39D91D7B5DEA3ED66BEFBED3AAE6D2800FD8162A ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
08:54:04.0859 0x0dd8 CryptSvc - ok
08:54:04.0859 0x0dd8 dac2w2k - ok
08:54:04.0875 0x0dd8 dac960nt - ok
08:54:05.0015 0x0dd8 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
08:54:05.0250 0x0dd8 DcomLaunch - ok
08:54:05.0281 0x0dd8 [ C29A1C9B75BA38FA37F8C44405DEC360, 7476D8BC4380CDE56764B2034AF3741DA4ED00F315E41C9A02B5EAD04374F241 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
08:54:05.0484 0x0dd8 Dhcp - ok
08:54:05.0531 0x0dd8 [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
08:54:05.0859 0x0dd8 Disk - ok
08:54:05.0875 0x0dd8 dmadmin - ok
08:54:06.0015 0x0dd8 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA, 89B0AEE5BE01B9FE4FF2989FF16DB6121721ACDFCE6D9655C0ACD321D8C308BE ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
08:54:06.0515 0x0dd8 dmboot - ok
08:54:06.0531 0x0dd8 [ 53720AB12B48719D00E327DA470A619A, 800264866A6267C9000A85D00095D57908D059D737E5F28C9C4049B884C46228 ] dmio C:\WINDOWS\system32\drivers\dmio.sys
08:54:06.0828 0x0dd8 dmio - ok
08:54:06.0875 0x0dd8 [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload C:\WINDOWS\system32\drivers\dmload.sys
08:54:07.0109 0x0dd8 dmload - ok
08:54:07.0156 0x0dd8 [ 25C83FFBBA13B554EB6D59A9B2E2EE78, 9FBD655ED3E9163AE11EC207F283E387EFBA5A23108EC790BAE4846B35E66F16 ] dmserver C:\WINDOWS\System32\dmserver.dll
08:54:07.0453 0x0dd8 dmserver - ok
08:54:07.0531 0x0dd8 [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
08:54:07.0875 0x0dd8 DMusic - ok
08:54:07.0906 0x0dd8 [ 407F3227AC618FD1CA54B335B083DE07, 96B8E734648FE9A4EBA59C096C8779BD1A11A93A6303AFD438A406C8122D36C6 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
08:54:08.0031 0x0dd8 Dnscache - ok
08:54:08.0062 0x0dd8 [ 676E36C4FF5BCEA1900F44182B9723E6, 740CF18BD40E00FEA26CF0E6340C5D18F7D0B4390055FAEEC258B3AA790C4AE9 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
08:54:08.0359 0x0dd8 Dot3svc - ok
08:54:08.0359 0x0dd8 dpti2o - ok
08:54:08.0390 0x0dd8 [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
08:54:08.0625 0x0dd8 drmkaud - ok
08:54:08.0687 0x0dd8 [ 00043180E141111E91F008D6D86A0BBC, 1DE8F66F392D48476D4065D1C35743B6BFA6FAE1C109F444337344582E562B34 ] e1yexpress C:\WINDOWS\system32\DRIVERS\e1y5132.sys
08:54:08.0968 0x0dd8 e1yexpress - ok
08:54:08.0984 0x0dd8 [ 4E4F2FDDAB0A0736D7671134DCCE91FB, 8E2C57D1A006856C47CBDD5765A9DD317DB205B26DA8BFC70555A506257A1CD9 ] EapHost C:\WINDOWS\System32\eapsvc.dll
08:54:09.0421 0x0dd8 EapHost - ok
08:54:09.0515 0x0dd8 [ C12F4B15148A7F648D53CC6C6180270A, FC69654DCD587CD3FB54C7B64433517CD24A83FCC02756263A0308FDEEC42EC8 ] EGXFilter C:\WINDOWS\system32\drivers\egxfilter.sys
08:54:10.0250 0x0dd8 EGXFilter - ok
08:54:10.0281 0x0dd8 [ 877C18558D70587AA7823A1A308AC96B, 6B336A62112988D855513F45153F73F8470C41A448E9B7438B4A8EC1813AABF1 ] ERSvc C:\WINDOWS\System32\ersvc.dll
08:54:10.0484 0x0dd8 ERSvc - ok
08:54:10.0546 0x0dd8 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] Eventlog C:\WINDOWS\system32\services.exe
08:54:10.0593 0x0dd8 Eventlog - ok
08:54:10.0703 0x0dd8 [ AF4F6B5739D18CA7972AB53E091CBC74, A399E2CC026730D3A429727AAB48093B9F1E5DD8EB6336519C7F16182FDB3905 ] EventSystem C:\WINDOWS\system32\es.dll
08:54:10.0828 0x0dd8 EventSystem - ok
08:54:10.0906 0x0dd8 [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
08:54:11.0328 0x0dd8 Fastfat - ok
08:54:11.0406 0x0dd8 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
08:54:11.0546 0x0dd8 FastUserSwitchingCompatibility - ok
08:54:11.0609 0x0dd8 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
08:54:11.0843 0x0dd8 Fdc - ok
08:54:11.0875 0x0dd8 [ B0678A548587C5F1967B0D70BACAD6C1, 7E49910212ED87313F926E4800EA8D34809C287A686CA69B82B79C1A6451F88C ] Fips C:\WINDOWS\system32\drivers\Fips.sys
08:54:12.0078 0x0dd8 Fips - ok
08:54:12.0093 0x0dd8 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
08:54:12.0312 0x0dd8 Flpydisk - ok
08:54:12.0421 0x0dd8 [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
08:54:12.0921 0x0dd8 FltMgr - ok
08:54:13.0015 0x0dd8 [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:54:13.0078 0x0dd8 FontCache3.0.0.0 - ok
08:54:13.0093 0x0dd8 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:54:13.0296 0x0dd8 Fs_Rec - ok
08:54:13.0328 0x0dd8 [ 8C89DAB1061E3D04E902404754D3FA29, 43249B36BCDB6A684ED709CCCE06380BEE92734EA7B2ACE2190B2F699E8E28D4 ] FTDIBUS C:\WINDOWS\system32\drivers\ftdibus.sys
08:54:13.0359 0x0dd8 FTDIBUS - ok
08:54:13.0375 0x0dd8 [ 8F1955CE42E1484714B542F341647778, 8EB3F99625F409D3032561E8AB44BEFBFBFBA4EC873C2151C92A5CAAF7F2AA55 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:54:13.0656 0x0dd8 Ftdisk - ok
08:54:13.0703 0x0dd8 [ A4727C98DF89ED909AAC5F814125E0DE, 2E3B3BD48F3C2540DE785C3E054741B5EE39ADF1368F961F55AC1AC7DA48D6A6 ] FTSER2K C:\WINDOWS\system32\drivers\ftser2k.sys
08:54:13.0734 0x0dd8 FTSER2K - ok
08:54:13.0750 0x0dd8 [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:54:14.0140 0x0dd8 Gpc - ok
08:54:14.0203 0x0dd8 [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:54:14.0578 0x0dd8 HDAudBus - ok
08:54:14.0671 0x0dd8 [ CB66BF85BF599BEFD6C6A57C2E20357F, 55D3A0F9279FF316766F42548FCB61C452942B08A37590C4892DF110BE4E53C6 ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:54:14.0890 0x0dd8 helpsvc - ok
08:54:14.0937 0x0dd8 [ B35DA85E60C0103F2E4104532DA2F12B, E13C9F73DF7713554CB614B36123D75014F5121AA1FC9069733E61758751CBE4 ] HidServ C:\WINDOWS\System32\hidserv.dll
08:54:15.0140 0x0dd8 HidServ - ok
08:54:15.0156 0x0dd8 [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:54:15.0343 0x0dd8 hidusb - ok
08:54:15.0375 0x0dd8 [ ED29F14101523A6E0E808107405D452C, B8FA987637787BEECC2EB06D36293DAC355523392B49A8C5A9491EEE961917E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
08:54:15.0609 0x0dd8 hkmsvc - ok
08:54:15.0625 0x0dd8 hpn - ok
08:54:15.0671 0x0dd8 [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
08:54:15.0781 0x0dd8 HTTP - ok
08:54:15.0796 0x0dd8 [ 9E4ADB854CEBCFB81A4B36718FEECD16, 677AB64460775686F8366D6BF35D420A2486C3F07338A00A7C2788A5142B9F08 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
08:54:16.0218 0x0dd8 HTTPFilter - ok
08:54:16.0281 0x0dd8 [ DCD57B7B85AF95C603227DD4710ABFF2, 737FAC968E2699903861730C63DF01CE0C3491E8EBAB29F9C553A75D9F5FD5E2 ] hwinterface C:\WINDOWS\system32\Drivers\hwinterface.sys
08:54:16.0296 0x0dd8 hwinterface - detected UnsignedFile.Multi.Generic ( 1 )
08:54:16.0500 0x0dd8 hwinterface ( UnsignedFile.Multi.Generic ) - warning
08:54:16.0500 0x0dd8 Force sending object to P2P due to detect: hwinterface
08:54:16.0500 0x0dd8 Object send P2P result: false
08:54:16.0500 0x0dd8 i2omgmt - ok
08:54:16.0515 0x0dd8 i2omp - ok
08:54:16.0531 0x0dd8 [ E283B97CFBEB86C1D86BAED5F7846A92, 7664F791D08C80DF1E52B34BE69F073AA645610C4BD975F498254807602374AB ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:54:16.0734 0x0dd8 i8042prt - ok
08:54:16.0906 0x0dd8 [ F0425503E143A6D39AD4416F77CAD0E2, 8D6C48D2ED658B74F472B36C8C478C6CFF2688531C2E932F66AE42FF1DD19464 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
08:54:17.0359 0x0dd8 ialm - ok
08:54:17.0578 0x0dd8 [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:54:17.0875 0x0dd8 idsvc - ok
08:54:17.0906 0x0dd8 [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
08:54:18.0156 0x0dd8 Imapi - ok
08:54:18.0187 0x0dd8 [ D4B413AA210C21E46AEDD2BA5B68D38E, 2309622867AA8FC832A729FA78F48742D4BD6CA0DAFBFB9DDB0772D671E1ED75 ] ImapiService C:\WINDOWS\system32\imapi.exe
08:54:18.0484 0x0dd8 ImapiService - ok
08:54:18.0500 0x0dd8 ini910u - ok
08:54:19.0203 0x0dd8 [ 7A9299F48D6F2E802E5B0E0DC508842A, 9727AD5E056E3E52556E8D2FD526515F842D7FB769B18689160D12AB06C7C95E ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:54:19.0921 0x0dd8 IntcAzAudAddService - ok
08:54:19.0953 0x0dd8 IntelIde - ok
08:54:19.0984 0x0dd8 [ 4C7D2750158ED6E7AD642D97BFFAE351, C05E4799752F090DCB632F07F62ADE38D31534621064D269AD535CA0BDFED448 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:54:20.0250 0x0dd8 intelppm - ok
08:54:20.0281 0x0dd8 [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
08:54:20.0546 0x0dd8 Ip6Fw - ok
08:54:20.0578 0x0dd8 [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:54:21.0046 0x0dd8 IpFilterDriver - ok
08:54:21.0062 0x0dd8 [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:54:21.0406 0x0dd8 IpInIp - ok
08:54:21.0453 0x0dd8 [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:54:21.0718 0x0dd8 IpNat - ok
08:54:21.0765 0x0dd8 [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:54:21.0968 0x0dd8 IPSec - ok
08:54:21.0984 0x0dd8 [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
08:54:22.0125 0x0dd8 IRENUM - ok
08:54:22.0171 0x0dd8 [ 6DFB88F64135C525433E87648BDA30DE, 8233EEFBEF36AAA152F2C55D23D7118F0DE40C9C22EB5D9793405A4770889540 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:54:22.0531 0x0dd8 isapnp - ok
08:54:22.0562 0x0dd8 [ 1704D8C4C8807B889E43C649B478A452, E854C90CD301F42BE2520CEDAD35E49DF2D43606CF4EEED861B74882118D04D1 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:54:22.0921 0x0dd8 Kbdclass - ok
08:54:22.0937 0x0dd8 [ B6D6C117D771C98130497265F26D1882, E79CC4EA5C088F988BA61F80764F9CAD9B78BC56A7E17DD54622C75483BC5DF4 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:54:23.0156 0x0dd8 kbdhid - ok
08:54:23.0234 0x0dd8 [ 48A104DDC01F6547DED5F9C4C796DD46, C310E1A5ED192416D618AF949CCB45C60F9929072C9887CB9F824EADD58D476C ] kl1 C:\WINDOWS\system32\DRIVERS\kl1.sys
08:54:23.0265 0x0dd8 kl1 - ok
08:54:23.0281 0x0dd8 [ 7FCECF9BFCB9C17A84EDD7202B12E60B, 700AB9E896888080C369F867B22D54B9D2804538B5EDC392062882FA2B7FCF65 ] kldisk C:\WINDOWS\system32\DRIVERS\kldisk.sys
08:54:23.0312 0x0dd8 kldisk - ok
08:54:23.0375 0x0dd8 [ B6887FC49062A9895CA369659829AE14, 432773987EA157962B00ABBCFD1563FCA1DE2929EBBE9AE183288A97321507DF ] klflt C:\WINDOWS\system32\DRIVERS\klflt.sys
08:54:23.0406 0x0dd8 klflt - ok
08:54:23.0500 0x0dd8 [ 8F50AC1D4C3AAFF4E4E52394488B6417, 87B2E840B9C3DC30B7AE6D34D6E38A9A9CE7AFB3A21F90A784F064109FEA7789 ] klhk C:\WINDOWS\system32\DRIVERS\klhk.sys
08:54:23.0531 0x0dd8 klhk - ok
08:54:23.0640 0x0dd8 [ F48ABB0AFDB4B07CC7B6F8B7CF09997A, A4F650A615A2B0C35CE8D87CA931BB945B9A256A9EC41CE1B19FCA42BD321625 ] KLIF C:\WINDOWS\system32\DRIVERS\klif.sys
08:54:23.0796 0x0dd8 KLIF - ok
08:54:23.0906 0x0dd8 [ 2C85E9963B1F71E3B631B61F00790512, B2D0938DD1F0619B73A3A309CF0087EF71EAB2DA339F2265AAB539F74E61A0B5 ] klim5 C:\WINDOWS\system32\DRIVERS\klim5.sys
08:54:23.0953 0x0dd8 klim5 - ok
08:54:23.0984 0x0dd8 [ 7AAB1D3AB10F1437123F188FD4E115BB, 45B0C59DF0DF8B79D783AB55F4863F909A92706315C3FF63745D07BABF77B3ED ] klkbdflt C:\WINDOWS\system32\DRIVERS\klkbdflt.sys
08:54:24.0015 0x0dd8 klkbdflt - ok
08:54:24.0031 0x0dd8 klkbdflt2 - ok
08:54:24.0062 0x0dd8 [ 480E19A71C6EDE70B7536E96B223CE1F, B9C5E76F68B2DAB0DC9F6DB080D3E785D18AA86ADB2AB0F497B68A58222CF59C ] klmouflt C:\WINDOWS\system32\DRIVERS\klmouflt.sys
08:54:24.0109 0x0dd8 klmouflt - ok
08:54:24.0125 0x0dd8 [ EB0D72D2844C57F5F146D7A15B04FBF9, 3DFEDA024AD5D54EEAF7D4411153CFA8AD95FCF217E09F2B7AFD2D91EE623BF2 ] klpd C:\WINDOWS\system32\DRIVERS\klpd.sys
08:54:24.0171 0x0dd8 klpd - ok
08:54:24.0187 0x0dd8 [ 3DB01AC19A3251ED9416528C3810BDC0, 7F5C93D84A12FF6086E8474C3A728C7F6A7D80DDD63F6F14FC71E9BB1943FBE0 ] kltdf C:\WINDOWS\system32\DRIVERS\kltdf.sys
08:54:24.0250 0x0dd8 kltdf - ok
08:54:24.0250 0x0dd8 [ 9B6FC4843C26C0E9815A40B22CE9A806, E777712EF643DD563ED7C64F1476B1E4F6BF8C1C9C416A528E88BD1EAB8AB9FC ] kltdi C:\WINDOWS\system32\DRIVERS\kltdi.sys
08:54:24.0312 0x0dd8 kltdi - ok
08:54:24.0359 0x0dd8 [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
08:54:24.0765 0x0dd8 kmixer - ok
08:54:24.0781 0x0dd8 [ 6D4ABF3E693892D6FFB468FF0F0B969C, 5C3E3A70975CDB781CF91E597FEB95CDAED76BF48D67A098F086BDD03040BCFA ] kneps C:\WINDOWS\system32\DRIVERS\kneps.sys
08:54:24.0812 0x0dd8 kneps - ok
08:54:24.0875 0x0dd8 [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
08:54:25.0000 0x0dd8 KSecDD - ok
08:54:25.0093 0x0dd8 [ 2BBDCB79900990F0716DFCB714E72DE7, 6283789201164A9254632D9A3C8A54FE697717D5F8D5A37804D924DC2B70C8E3 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
08:54:25.0140 0x0dd8 LanmanServer - ok
08:54:25.0203 0x0dd8 [ 1869B14B06B44B44AF70548E1EA3303F, 4D63B4DAF580C86F86837C7D1753E2105B4C52E26D4CA0CAAFE83755EFF7AFBE ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
08:54:25.0265 0x0dd8 lanmanworkstation - ok
08:54:25.0281 0x0dd8 lbrtfdc - ok
08:54:25.0312 0x0dd8 [ 636714B7D43C8D0C80449123FD266920, F06F6C7DC49B26EFCAC3570C67BA9BD934F62C6F382DA4DD2AB302C7B970F414 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
08:54:25.0515 0x0dd8 LmHosts - ok
08:54:25.0546 0x0dd8 [ B7550A7107281D170CE85524B1488C98, A3854B16A65436BEF6BEDE918B43B3BE8F00D303660DB5831DD376271DC43239 ] Messenger C:\WINDOWS\System32\msgsvc.dll
08:54:25.0765 0x0dd8 Messenger - ok
08:54:25.0812 0x0dd8 [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
08:54:26.0156 0x0dd8 mnmdd - ok
08:54:26.0234 0x0dd8 [ C2F1D365FD96791B037EE504868065D3, 87BD87E08FD00D115524B049F1A3A719AB86557D68968E7090CD0F271F985CAF ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
08:54:26.0546 0x0dd8 mnmsrvc - ok
08:54:26.0562 0x0dd8 [ 6FB74EBD4EC57A6F1781DE3852CC3362, 0454509D9A31E0202C08AE17294E2682F227D177A3C73B303E4C8332757AFCA1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
08:54:26.0812 0x0dd8 Modem - ok
08:54:26.0953 0x0dd8 [ C7D9F9717916B34C1B00DD4834AF485C, A9512A03E8142C83534189963F90ADA6FA425BD606928C40C3D724177105A658 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
08:54:27.0312 0x0dd8 Monfilt - ok
08:54:27.0359 0x0dd8 [ B24CE8005DEAB254C0251E15CB71D802, 6804A8ABDAD5EC846E7F8077D1EE9BA45D6226ACFF42C70BE3DE7C8980EF9EC4 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:54:27.0750 0x0dd8 Mouclass - ok
08:54:27.0765 0x0dd8 [ 66A6F73C74E1791464160A7065CE711A, 3C570FA1E8EF976B83759220FE95BAC9D7D48D607F91B113EDE4790D34ACBD46 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:54:28.0109 0x0dd8 mouhid - ok
08:54:28.0156 0x0dd8 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
08:54:28.0406 0x0dd8 MountMgr - ok
08:54:28.0421 0x0dd8 mraid35x - ok
08:54:28.0437 0x0dd8 [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:54:28.0718 0x0dd8 MRxDAV - ok
08:54:28.0812 0x0dd8 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:54:29.0000 0x0dd8 MRxSmb - ok
08:54:29.0031 0x0dd8 [ 35A031AF38C55F92D28AA03EE9F12CC9, 97245D204C886EE8DCCC2DEAC80A0E358A7E0C1982F77389DA50DCF091FC9DDC ] MSDTC C:\WINDOWS\system32\msdtc.exe
08:54:29.0390 0x0dd8 MSDTC - ok
08:54:29.0421 0x0dd8 [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
08:54:29.0781 0x0dd8 Msfs - ok
08:54:29.0796 0x0dd8 MSIServer - ok
08:54:29.0906 0x0dd8 [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:54:30.0140 0x0dd8 MSKSSRV - ok
08:54:30.0156 0x0dd8 [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:54:30.0390 0x0dd8 MSPCLOCK - ok
08:54:30.0390 0x0dd8 [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
08:54:30.0640 0x0dd8 MSPQM - ok
08:54:30.0671 0x0dd8 [ AF5F4F3F14A8EA2C26DE30F7A1E17136, AC93A1E4ABB0D038B772E429015567E44CC2EDB66C54DBE23A5F98176FAC1520 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:54:30.0906 0x0dd8 mssmbios - ok
08:54:30.0984 0x0dd8 [ DE6A75F5C270E756C5508D94B6CF68F5, FCC972DDC36C2C44D836913F10004C2C33B11C54DEFFF0C63E0FDF901D2F9261 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
08:54:31.0140 0x0dd8 Mup - ok
08:54:31.0203 0x0dd8 [ 46BB15AE2AC7D025D6D2567B876817BD, 102A101B96D1078C98FA0F871C801A9A8538E20E5686AB0C7680B2F6C92B3165 ] napagent C:\WINDOWS\System32\qagentrt.dll
08:54:31.0812 0x0dd8 napagent - ok
08:54:31.0859 0x0dd8 [ 1DF7F42665C94B825322FAE71721130D, FE0DCB728471465B39A42A7511F4133021FBA5DF88F88BCB5FE2FF34CFD713F9 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
08:54:32.0125 0x0dd8 NDIS - ok
08:54:32.0171 0x0dd8 [ 0109C4F3850DFBAB279542515386AE22, 4F6DB1E499AC853FD36FD603FBB6D3AC9BDCEB298C7FE1FB59A9236CB46729B2 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:54:32.0265 0x0dd8 NdisTapi - ok
08:54:32.0296 0x0dd8 [ F927A4434C5028758A842943EF1A3849, B1AA3AF150C05307461774925901789456B0CCCD03A5E71ADA4AB58455962BEE ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:54:32.0500 0x0dd8 Ndisuio - ok
08:54:32.0531 0x0dd8 [ EDC1531A49C80614B2CFDA43CA8659AB, 494042F790F33721328B4451E79842E21919681CC421A4F9633EC4D383E06097 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:54:32.0984 0x0dd8 NdisWan - ok
08:54:33.0000 0x0dd8 [ 9282BD12DFB069D3889EB3FCC1000A9B, 09A46F1712BD9165068D8E153585FE3E6E5CBF4F1DDEC142115555D3A91AEC09 ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
08:54:33.0109 0x0dd8 NDProxy - ok
08:54:33.0156 0x0dd8 [ 5D81CF9A2F1A3A756B66CF684911CDF0, 7989C36607CAEA17AFA2C1C9904145CA0714A54B9F712D9D4C1AB140D0B2CC0C ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
08:54:33.0375 0x0dd8 NetBIOS - ok
08:54:33.0421 0x0dd8 [ 74B2B2F5BEA5E9A3DC021D685551BD3D, 7932B71F98B4122BE88F576BF6D745A757AE378A48924B7F4358837B75640A82 ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
08:54:33.0843 0x0dd8 NetBT - ok
08:54:33.0906 0x0dd8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDE C:\WINDOWS\system32\netdde.exe
08:54:34.0203 0x0dd8 NetDDE - ok
08:54:34.0218 0x0dd8 [ 8ACE4251BFFD09CE75679FE940E996CC, 81969521B5EAEA09ECA63058BE9697BB69AF2596339CA9DF0CFEDC031DCFDC7E ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
08:54:34.0546 0x0dd8 NetDDEdsdm - ok
08:54:34.0593 0x0dd8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] Netlogon C:\WINDOWS\system32\lsass.exe
08:54:34.0937 0x0dd8 Netlogon - ok
08:54:34.0984 0x0dd8 [ E6D88F1F6745BF00B57E7855A2AB696C, 12A5EDD853600FF5EBF91E127077745AE1E61E66DBC1D4D4306570F171AF4A39 ] Netman C:\WINDOWS\System32\netman.dll
08:54:35.0187 0x0dd8 Netman - ok
08:54:35.0218 0x0dd8 [ D34612C5D02D026535B3095D620626AE, 1BBCCCBF49EB8807240A77DCB43C25C21682073CC5356594E2C4F53EF36BF657 ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:54:35.0265 0x0dd8 NetTcpPortSharing - ok
08:54:35.0312 0x0dd8 [ F1B67B6B0751AE0E6E964B02821206A3, 3D5A7593ABDEE2047C5738671C85DC8B95A4ECF58D5D7B04EEE13A689839A540 ] Nla C:\WINDOWS\System32\mswsock.dll
08:54:35.0390 0x0dd8 Nla - ok
08:54:35.0453 0x0dd8 [ 3182D64AE053D6FB034F44B6DEF8034A, 4ADFC76965BA2A5F488E71789A4E4EA702A74AF42725F72130D1CA919406CF19 ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
08:54:35.0640 0x0dd8 Npfs - ok
08:54:35.0671 0x0dd8 [ 78A08DD6A8D65E697C18E1DB01C5CDCA, E0E6F3ED05068E32F1D5C2D2B38CDEF4536B8656DB6756C66CF6B40B60C8F3DA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
08:54:36.0171 0x0dd8 Ntfs - ok
08:54:36.0265 0x0dd8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
08:54:36.0609 0x0dd8 NtLmSsp - ok
08:54:36.0640 0x0dd8 [ 56AF4064996FA5BAC9C449B1514B4770, 154602EFEC22728503D4ABA025DF711B0F2CFC983F5E3BF25F2A4BCD1AE250EC ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
08:54:36.0921 0x0dd8 NtmsSvc - ok
08:54:36.0953 0x0dd8 [ 73C1E1F395918BC2C6DD67AF7591A3AD, B21133A75253EC15E2DFF66D3B480AB1A7E1A2360476C810E7AA55D0F0EB08D4 ] Null C:\WINDOWS\system32\drivers\Null.sys
08:54:37.0125 0x0dd8 Null - ok
08:54:37.0156 0x0dd8 [ B305F3FAD35083837EF46A0BBCE2FC57, 9D0E0E666D652D0FC9EAB97280A5D67AAF61D6B21929DF7CF8ED72A367720464 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:54:37.0359 0x0dd8 NwlnkFlt - ok
08:54:37.0359 0x0dd8 [ C99B3415198D1AAB7227F2C88FD664B9, DD8DA4B5E804F134AB9233859544C025062902DFC3E8FB8A09A67337A4E73F55 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:54:37.0578 0x0dd8 NwlnkFwd - ok
08:54:37.0640 0x0dd8 [ F84785660305B9B903FB3BCA8BA29837, BDBDE61076800415D98759077E9E039C80B55DBE68E31F8BF44A909C6C3D3276 ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
08:54:38.0125 0x0dd8 Parport - ok
08:54:38.0140 0x0dd8 [ BEB3BA25197665D82EC7065B724171C6, 7E71C13BA30CD95CEE8A9CC85E6F48A01F30EDEAADEE69D80AE828BF97E5A5CA ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
08:54:38.0421 0x0dd8 PartMgr - ok
08:54:38.0484 0x0dd8 [ C2BF987829099A3EAA2CA6A0A90ECB4F, 1DF21EA8E43875CFEECD869407429F82FB449707CFB845718499468E699BAAAA ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
08:54:38.0781 0x0dd8 ParVdm - ok
08:54:38.0812 0x0dd8 [ 387E8DEDC343AA2D1EFBC30580273ACD, 5F3E642BDB759777E570ED5B22AC7E93CDCD362708F281657AD7BAB44EDEC802 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
08:54:39.0125 0x0dd8 PCI - ok
08:54:39.0140 0x0dd8 PCIDump - ok
08:54:39.0171 0x0dd8 [ 59BA86D9A61CBCF4DF8E598C331F5B82, 822D11C5CE77BFD7B2F25350CCBF92B0B9388EEA6D86ED220B768C720976D839 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
08:54:39.0453 0x0dd8 PCIIde - ok
08:54:39.0500 0x0dd8 [ A2A966B77D61847D61A3051DF87C8C97, 6CED7CA26DC62B0AAFC83A2E07336DAD25954491201BB8E06103971F3F0B8B51 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
08:54:39.0984 0x0dd8 Pcmcia - ok
08:54:40.0000 0x0dd8 PDCOMP - ok
08:54:40.0015 0x0dd8 PDFRAME - ok
08:54:40.0015 0x0dd8 PDRELI - ok
08:54:40.0031 0x0dd8 PDRFRAME - ok
08:54:40.0046 0x0dd8 perc2 - ok
08:54:40.0078 0x0dd8 perc2hib - ok
08:54:40.0171 0x0dd8 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] PlugPlay C:\WINDOWS\system32\services.exe
08:54:40.0203 0x0dd8 PlugPlay - ok
08:54:40.0218 0x0dd8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
08:54:40.0406 0x0dd8 PolicyAgent - ok
08:54:40.0453 0x0dd8 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99, C5F0C8C66A3AF7E7BB04CEDE4AC5306F8387AB384A2107DC5BE413AAE968EFF1 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:54:40.0671 0x0dd8 PptpMiniport - ok
08:54:40.0671 0x0dd8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
08:54:40.0875 0x0dd8 ProtectedStorage - ok
08:54:40.0890 0x0dd8 [ 09298EC810B07E5D582CB3A3F9255424, 35473A1BE25AC289474090EB0806AC6B3035DC33D1F3DF97A14BF1E361AC6AC3 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
08:54:41.0281 0x0dd8 PSched - ok
08:54:41.0328 0x0dd8 [ 80D317BD1C3DBC5D4FE7B1678C60CADD, DA76804B55D0CAB3DDD01EFC06673764AE4860693375C658B6063FB14AF7F12C ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:54:41.0687 0x0dd8 Ptilink - ok
08:54:41.0703 0x0dd8 ql1080 - ok
08:54:41.0703 0x0dd8 Ql10wnt - ok
08:54:41.0718 0x0dd8 ql12160 - ok
08:54:41.0734 0x0dd8 ql1240 - ok
08:54:41.0734 0x0dd8 ql1280 - ok
08:54:41.0765 0x0dd8 [ FE0D99D6F31E4FAD8159F690D68DED9C, 998685622ABE631984B7E4DBF91AB3594B1F574378D75EB9F6265F4650470692 ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:54:41.0953 0x0dd8 RasAcd - ok
08:54:42.0000 0x0dd8 [ F5BA6CACCDB66C8F048E867563203246, AFEAD8FC02313F7EBC8F9F39E7ED2868852B480BE3902FA7BD0AFD81492AB243 ] RasAuto C:\WINDOWS\System32\rasauto.dll
08:54:42.0218 0x0dd8 RasAuto - ok
08:54:42.0234 0x0dd8 [ 11B4A627BC9614B885C4969BFA5FF8A6, EAE0A412A2B0F68919C32A96B3A08CC1A06585E4998819F5C9051745F63FF5AD ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:54:42.0437 0x0dd8 Rasl2tp - ok
08:54:42.0453 0x0dd8 [ F9A7B66EA345726EDB5862A46B1ECCD5, 5D35429D394D36A1692A7E219BA1A85CD8096FEAE0F90BFE036A63118FEDBF57 ] RasMan C:\WINDOWS\System32\rasmans.dll
08:54:42.0671 0x0dd8 RasMan - ok
08:54:42.0687 0x0dd8 [ 5BC962F2654137C9909C3D4603587DEE, A5CE5653D0105240F5E86CFAAB89E7917D42D939E2F27A5A7D6979289CA651B8 ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:54:43.0156 0x0dd8 RasPppoe - ok
08:54:43.0156 0x0dd8 [ FDBB1D60066FCFBB7452FD8F9829B242, 10A2DACF944BD000032EBA8C095CB3D879CC55B28C377ADF6E52E508E47444DB ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
08:54:43.0453 0x0dd8 Raspti - ok
08:54:43.0500 0x0dd8 [ 7AD224AD1A1437FE28D89CF22B17780A, 6645235CA27D671954E3557FA37082881C3D7D47492C71264CD8CB8D108EC801 ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:54:43.0843 0x0dd8 Rdbss - ok
08:54:43.0859 0x0dd8 [ 4912D5B403614CE99C28420F75353332, 975341ECD660209987B5E5171B8315E032439E408CBE8A5986E67AF767F373BB ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:54:44.0093 0x0dd8 RDPCDD - ok
08:54:44.0171 0x0dd8 [ FC105DD312ED64EB66BFF111E8EC6EAC, 1B29D928DDD43A1929D5A788648536603EA60AF6D4EC9BF0B20AD7F71BD88ACB ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
08:54:44.0250 0x0dd8 RDPWD - ok
08:54:44.0281 0x0dd8 [ 263AF18AF0F3DB99F574C95F284CCEC9, 2BFA9952E97EFEB386FC56EC2C125080CD12DAC078DBE43C395CB4D9F22165D3 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
08:54:44.0687 0x0dd8 RDSessMgr - ok
08:54:44.0750 0x0dd8 [ ED761D453856F795A7FE056E42C36365, EF026585B33415D8FCE94A9F27D7A4396C7C35C88E06A4CF0FEA702401E8597A ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
08:54:45.0078 0x0dd8 redbook - ok
08:54:45.0125 0x0dd8 [ 0E97EC96D6942CEEC2D188CC2EB69A01, D4253B4420BEF19451A55AB91E4834482181A31A31134F6E2AFE05C8E20C81A5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
08:54:45.0328 0x0dd8 RemoteAccess - ok
08:54:45.0343 0x0dd8 [ 2A02E21867497DF20B8FC95631395169, D89E2D17ED4E1C727847C0E92D2DF68AEB70BF0B956BD2FE024ED70A961759D2 ] RpcLocator C:\WINDOWS\system32\locator.exe
08:54:45.0578 0x0dd8 RpcLocator - ok
08:54:45.0640 0x0dd8 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B, ECFBACE3CBF2384948EA1C445BDA3955EB4F44A9874286E6537C67DC1283E5B0 ] RpcSs C:\WINDOWS\system32\rpcss.dll
08:54:45.0703 0x0dd8 RpcSs - ok
08:54:45.0734 0x0dd8 [ 4BDD71B4B521521499DFD14735C4F398, 7B1498D3C67E56D05B58B7DA319ECB0117C37963AABB0E59B42831C087469DA1 ] RSVP C:\WINDOWS\system32\rsvp.exe
08:54:45.0968 0x0dd8 RSVP - ok
08:54:45.0984 0x0dd8 [ AFB8261B56CBA0D86AEB6DF682AF9785, 104D96F1F19DD4CE492064ACC9634406A019EAE20B42D03198E400E661897127 ] SamSs C:\WINDOWS\system32\lsass.exe
08:54:46.0281 0x0dd8 SamSs - ok
08:54:46.0312 0x0dd8 [ DCEC079FAD95D36C8DD5CB6D779DFE32, F8546552D939A225853A0CE4913701A93738DF02C999D16E141E9A828814BBC6 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
08:54:46.0734 0x0dd8 SCardSvr - ok
08:54:46.0781 0x0dd8 [ A050194A44D7FA8D7186ED2F4E8367AE, BCDF56D5A2F9E202DC67E7FE4BCC617BCC0BDFF2D221A621020068B17B2855BB ] Schedule C:\WINDOWS\system32\schedsvc.dll
08:54:46.0984 0x0dd8 Schedule - ok
08:54:47.0015 0x0dd8 [ 90A3935D05B494A5A39D37E71F09A677, F72733A69BC6E1A2BB91D7632FF3463C12563F60FDCC00A2CDD67FF20D479952 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:54:47.0187 0x0dd8 Secdrv - ok
08:54:47.0250 0x0dd8 [ BEE4CFD1D48C23B44CF4B974B0B79B2B, DF3B02D713F8A4602BE75F004074D5DF79AFF2D58FF37110B2A6AC29F680758B ] seclogon C:\WINDOWS\System32\seclogon.dll
08:54:47.0421 0x0dd8 seclogon - ok
08:54:47.0468 0x0dd8 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3, 95D83F054A6610328D56E56CD948A6618C590231853E56FC20E7557DB61384A4 ] SENS C:\WINDOWS\system32\sens.dll
08:54:47.0656 0x0dd8 SENS - ok
08:54:47.0687 0x0dd8 [ 0F29512CCD6BEAD730039FB4BD2C85CE, 4F98AE390D1B14A755700DD6CEFB9CF921F0404AF2145D2D7E5F52394F87C6A5 ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
08:54:48.0078 0x0dd8 serenum - ok
08:54:48.0093 0x0dd8 [ CF24EB4F0412C82BCD1F4F35A025E31D, B74CB094126F5C23F601C34D53B2DF5BE3E5918230AC9DCFCFFA8E66B3A0FA25 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
08:54:48.0453 0x0dd8 Serial - ok
08:54:48.0515 0x0dd8 [ 8E6B8C671615D126FDC553D1E2DE5562, CEEC0067514555D5CA489F50E3D7562FCA8DB8E952C3C878604C9277FC77959F ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
08:54:48.0921 0x0dd8 Sfloppy - ok
08:54:48.0984 0x0dd8 [ CAD058D5F8B889A87CA3EB3CF624DCEF, A7CDCF44261D1F4D820927253EA8EBB63714B7BAFF8B08DE073507D9A7EEA5BB ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
08:54:49.0250 0x0dd8 SharedAccess - ok
08:54:49.0281 0x0dd8 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
08:54:49.0328 0x0dd8 ShellHWDetection - ok
08:54:49.0328 0x0dd8 Simbad - ok
08:54:49.0359 0x0dd8 Sparrow - ok
08:54:49.0406 0x0dd8 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F, DD17733CBB370FCA08F0296704D7CBEACA3C8F76D0ABE4761C3B1FFDF7481D9E ] splitter C:\WINDOWS\system32\drivers\splitter.sys
08:54:49.0703 0x0dd8 splitter - ok
08:54:49.0750 0x0dd8 [ 60784F891563FB1B767F70117FC2428F, E0B07F08E60FFBAD36C2E58180F4B2A16DCA47716044CBE0213DF7B74D742F1F ] Spooler C:\WINDOWS\system32\spoolsv.exe
08:54:49.0828 0x0dd8 Spooler - ok
08:54:49.0875 0x0dd8 [ 50FA898F8C032796D3B1B9951BB5A90F, 1C86273EC19EB96D6DB9CE6670C00683B77C99C42CC2F7E75BC50872B93446B1 ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
08:54:50.0140 0x0dd8 sr - ok
08:54:50.0187 0x0dd8 [ FE77A85495065F3AD59C5C65B6C54182, EB4BAF992F961B2FD5D24BFCB6BCB2142BC32933139A818835FEAB190E4283BB ] srservice C:\WINDOWS\system32\srsvc.dll
08:54:50.0296 0x0dd8 srservice - ok
08:54:50.0328 0x0dd8 [ 47DDFC2F003F7F9F0592C6874962A2E7, 17C643BD4EB09B5666FE41817DC785BE04A6E491CE79E8E5A702CDBD98E1BDD7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
08:54:50.0437 0x0dd8 Srv - ok
08:54:50.0500 0x0dd8 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500, 2971D7D45D6942D310D47DBD19B9680D2D29527E79B86133C72217FD29259465 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
08:54:50.0609 0x0dd8 SSDPSRV - ok
08:54:50.0750 0x0dd8 [ BC2C5985611C5356B24AEB370953DED9, 15CBAB8166827DC098E2B16AB6F49A1441A4CB52AF3588F0AD964CAB596DFE10 ] stisvc C:\WINDOWS\system32\wiaservc.dll
08:54:51.0093 0x0dd8 stisvc - ok
08:54:51.0125 0x0dd8 [ 3941D127AEF12E93ADDF6FE6EE027E0F, EA1F0E32E1C5E90FA4AAC421DEBBE086512340758D3217A6334E886BCE638B51 ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
08:54:51.0546 0x0dd8 swenum - ok
08:54:51.0593 0x0dd8 [ 8CE882BCC6CF8A62F2B2323D95CB3D01, B408550A581F3DA222355964AFA4E976AD8471F0AA37573C42C4948AE5A23A3B ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
08:54:51.0906 0x0dd8 swmidi - ok
08:54:51.0968 0x0dd8 SwPrv - ok
08:54:51.0984 0x0dd8 symc810 - ok
08:54:51.0984 0x0dd8 symc8xx - ok
08:54:52.0000 0x0dd8 sym_hi - ok
08:54:52.0015 0x0dd8 sym_u3 - ok
08:54:52.0031 0x0dd8 [ 8B83F3ED0F1688B4958F77CD6D2BF290, 546D3602183702B4F53E84413CFA2C933D64C8540378E54A8DCD148F3F36A2DA ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
08:54:52.0218 0x0dd8 sysaudio - ok
08:54:52.0250 0x0dd8 [ 2903FFFA2523926D6219428040DCE6B9, 4F13181931B0499F6C3F08138054DBCD1F84CB9806999A9172B80DE79D446F62 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
08:54:52.0468 0x0dd8 SysmonLog - ok
08:54:52.0515 0x0dd8 [ 05903CAC4B98908D55EA5774775B382E, AC3666CBD894D737874A5998DC7F46A0A51A7B23B1835FC735B9AD503A2191CC ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
08:54:52.0734 0x0dd8 TapiSrv - ok
08:54:52.0796 0x0dd8 [ 9AEFA14BD6B182D61E3119FA5F436D3D, EA29E49434585409272E7901AF89771FE9D6E911A7DC44AB3C7020CFF8A44552 ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:54:52.0906 0x0dd8 Tcpip - ok
08:54:52.0968 0x0dd8 [ 6471A66807F5E104E4885F5B67349397, F35CBFFB8BB235CCE30EF94A5273333900DD49FD506BF9D55D99A320B8A53A5A ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
08:54:53.0406 0x0dd8 TDPIPE - ok
08:54:53.0421 0x0dd8 [ C56B6D0402371CF3700EB322EF3AAF61, 7743FA4C734BCE38EFB1CA69BC17364D8421E2CD172F856F7E38E7AE1EE93F2F ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
08:54:53.0812 0x0dd8 TDTCP - ok
08:54:53.0843 0x0dd8 [ 88155247177638048422893737429D9E, B6D4E8691917946332C2208D01F8C8281978C1AD1E9951C5D99DF0D49AC34B3B ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
08:54:54.0203 0x0dd8 TermDD - ok
08:54:54.0250 0x0dd8 [ B7DE02C863D8F5A005A7BF375375A6A4, 6DE05A7B28CA5A78D58536347FC47F15883EEDBEF487CEA0117CC280FC582DCC ] TermService C:\WINDOWS\System32\termsrv.dll
08:54:54.0453 0x0dd8 TermService - ok
08:54:54.0531 0x0dd8 [ 2DB7D303C36DDD055215052F118E8E75, BE6E7BBE12A7A4EDF1F1C2935350603970C7426BBCA7A1A6644BB8999123AF17 ] Themes C:\WINDOWS\System32\shsvcs.dll
08:54:54.0593 0x0dd8 Themes - ok
08:54:54.0609 0x0dd8 TosIde - ok
08:54:54.0656 0x0dd8 [ 626504572B175867F30F3215C04B3E2F, 47E87CE9BC666D5CB5953C5D497DC00A7CC28F8EC0A064B3E47700279C5C4B91 ] TrkWks C:\WINDOWS\system32\trkwks.dll
08:54:55.0000 0x0dd8 TrkWks - ok
08:54:55.0062 0x0dd8 [ 5787B80C2E3C5E2F56C2A233D91FA2C9, 3774905CF77954DFCECDA5BCC7CDE3D0ED72712BFAAD85ADAE5246306447E46C ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
08:54:55.0359 0x0dd8 Udfs - ok
08:54:55.0375 0x0dd8 ultra - ok
08:54:55.0421 0x0dd8 [ 402DDC88356B1BAC0EE3DD1580C76A31, 32A686595710336A6BFD54C03F552AE39439611662F84EF5D24193AE5665C6F3 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
08:54:55.0750 0x0dd8 Update - ok
08:54:55.0781 0x0dd8 [ 1DFD8975D8C89214B98D9387C1125B49, 0B6B268487C8E45E9B86BF4A0A9DB669E0E45D600DE3C82B63F9986CA9E01082 ] upnphost C:\WINDOWS\System32\upnphost.dll
08:54:55.0953 0x0dd8 upnphost - ok
08:54:55.0953 0x0dd8 [ 9B11E6118958E63E1FEF129466E2BDA7, 97168BCE3F4A9BB9E6500F05E34851FB957B219C598944FADC28AC0011C0503B ] UPS C:\WINDOWS\System32\ups.exe
08:54:56.0171 0x0dd8 UPS - ok
08:54:56.0218 0x0dd8 [ 173F317CE0DB8E21322E71B7E60A27E8, 7042441BA63AE38AE9D7BE0BC5CA7404FC9EE5BB3F084604A68F01E82769652A ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:54:56.0656 0x0dd8 usbccgp - ok
08:54:56.0703 0x0dd8 [ 65DCF09D0E37D4C6B11B5B0B76D470A7, 90EBA8BAF45932B453D905EDF2BDDDF3A432BFD50B9F7DF58CDEAE98D11C2E2F ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:54:56.0968 0x0dd8 usbehci - ok
08:54:57.0015 0x0dd8 [ 1AB3CDDE553B6E064D2E754EFE20285C, A99C4528C4227B1E96847614745AAFACD3C5F1BDFE435214DBF78740FFB300FE ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:54:57.0250 0x0dd8 usbhub - ok
08:54:57.0265 0x0dd8 [ A717C8721046828520C9EDF31288FC00, 1530BBE832EDBB0974AD89D723A03FF7A0094B368992D73C2C3E62A181DF1E0A ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:54:57.0500 0x0dd8 usbprint - ok
08:54:57.0531 0x0dd8 [ A32426D9B14A089EAA1D922E0C5801A9, ED1DC52EE45F8EAD3AEC4B1F817BB25634141CF48295494C5947DCE6CF7A9817 ] usbstor C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:54:57.0718 0x0dd8 usbstor - ok
08:54:57.0750 0x0dd8 [ 26496F9DEE2D787FC3E61AD54821FFE6, 8BE7FF647470B9A951CBB478FAF83D657A15CC78037F42348A6B738F21D523DA ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:54:58.0078 0x0dd8 usbuhci - ok
08:54:58.0343 0x0dd8 [ 50676F61C6A44A3B25FB29A18A7CBA95, 5F780D01286699B68A1CEDB4098D28396CD5C53C68331BF3325020136C70FB17 ] uvnc_service C:\Programme\UltraVNC\WinVNC.exe
08:54:58.0625 0x0dd8 uvnc_service - ok
08:54:58.0656 0x0dd8 [ 0D3A8FAFCEACD8B7625CD549757A7DF1, B9CFDEFCD66AA139F3DC2F967B184669532922563AD5A71769BABDC4370D065E ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
08:54:58.0984 0x0dd8 VgaSave - ok
08:54:59.0000 0x0dd8 ViaIde - ok
08:54:59.0031 0x0dd8 [ A5A712F4E880874A477AF790B5186E1D, FE885ED04C3EAFC379787F836738A2769E43D07CF52DD917D90C38E001957A5E ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
08:54:59.0421 0x0dd8 VolSnap - ok
08:54:59.0484 0x0dd8 [ 68F106273BE29E7B7EF8266977268E78, 1488AB7A654EBC94C73E1D494067189ACB95BC233980110CAC4C0297CDC4115A ] VSS C:\WINDOWS\System32\vssvc.exe
08:54:59.0781 0x0dd8 VSS - ok
08:54:59.0843 0x0dd8 [ 7B353059E665F8B7AD2BBEAEF597CF45, 84A4311F18A4B8DCB364741DEA7D18E2363F19564B2EF25214965DC729527068 ] W32Time C:\WINDOWS\system32\w32time.dll
08:55:00.0250 0x0dd8 W32Time - ok
08:55:00.0281 0x0dd8 [ E20B95BAEDB550F32DD489265C1DA1F6, 5589B2067E6C9FBA290D8C5EADDC198EBAF39C50C3CD7D2BC5CDA7CBFBC445E5 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:55:00.0453 0x0dd8 Wanarp - ok
08:55:00.0468 0x0dd8 WDICA - ok
08:55:00.0500 0x0dd8 [ 6768ACF64B18196494413695F0C3A00F, 3A8F8586F1D997D19A8478345338D2AECD785AEABDB61531DD3F92003D3230A5 ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
08:55:00.0687 0x0dd8 wdmaud - ok
08:55:00.0703 0x0dd8 [ 81727C9873E3905A2FFC1EBD07265002, 6AC2383A1DCBB7FA3DB90FBB874C8E1819F5B7492717FF41E303EFC7BF72F93E ] WebClient C:\WINDOWS\System32\webclnt.dll
08:55:00.0906 0x0dd8 WebClient - ok
08:55:01.0062 0x0dd8 [ 6F3F3973D97714CC5F906A19FE883729, 7817118BE94D0F6FAE0F9CE48AD70FFE0AEF886CCE09C666768FAB61047F992F ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
08:55:01.0312 0x0dd8 winmgmt - ok
08:55:01.0406 0x0dd8 [ 6E18978B749F0696A774DE3F2CB142DD, 4BBE31A78F6CF474A4CFDBB7C365DE058247F8BFA21F7E563111E84D8937BC26 ] WmdmPmSN C:\WINDOWS\system32\mspmsnsv.dll
08:55:01.0875 0x0dd8 WmdmPmSN - ok
08:55:01.0921 0x0dd8 [ 93908111BA57A6E60EC2FA2DE202105C, F395F25F18D15C6B9FEDB45FD31E10295FFE5517E2BC86ACAC11904EA0664BE2 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:55:02.0187 0x0dd8 WmiApSrv - ok
08:55:02.0281 0x0dd8 [ DCF3E3EDF5109EE8BC02FE6E1F045795, 4B8E14B1CFB095982D34DAEC336114F5039D7793080FB787DC95A63B6B945DD0 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:55:02.0359 0x0dd8 WPFFontCache_v0400 - ok
08:55:02.0453 0x0dd8 [ 300B3E84FAF1A5C1F791C159BA28035D, 0194856BDF94C1F274AF70AD558290ACDACDDEA331BD66FEB8E167ABD1E36786 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
08:55:02.0656 0x0dd8 wscsvc - ok
08:55:02.0687 0x0dd8 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085, A1DB8909FA73337DB613D01824945485186654364A4DF129B8CB913CF87D1D2E ] wuauserv C:\WINDOWS\system32\wuauserv.dll
08:55:02.0890 0x0dd8 wuauserv - ok
08:55:02.0968 0x0dd8 [ C4F109C005F6725162D2D12CA751E4A7, AC996B44338328BDD4442FE48406F286A64526F0EC77BE00A19FA7FDB0407CFE ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
08:55:03.0375 0x0dd8 WZCSVC - ok
08:55:03.0406 0x0dd8 [ 0ADA34871A2E1CD2CAAFED1237A47750, 45BEF8649078BD74C1A347B5F2D3A1958E5A7DCD6C6BA8A2E0CAD277A929C64E ] xmlprov C:\WINDOWS\System32\xmlprov.dll
08:55:03.0812 0x0dd8 xmlprov - ok
08:55:03.0875 0x0dd8 [ 7EEF6C3A38F954EF8AA41D5E3B431A63, 90EEC2A5D8112C8B0DC07225A4124632E4969693AB756AB9FC01E479353E8B4C ] xTouch C:\WINDOWS\system32\DRIVERS\xtouch.sys
08:55:04.0015 0x0dd8 xTouch - ok
08:55:04.0015 0x0dd8 ================ Scan global ===============================
08:55:04.0062 0x0dd8 [ 2C60091CA5F67C3032EAB3B30390C27F, 9E205C8E67F4B61FCFA2A82AA1968D522C3B6410D7075BE813F7F1564D61632E ] C:\WINDOWS\system32\basesrv.dll
08:55:04.0125 0x0dd8 [ A28CE25B59C90E12743001A1F2AE3613, 5653B7ABE06ECB7B34B6E4989EDD897C766BF9563A2197CBE949D02D8EE7D600 ] C:\WINDOWS\system32\winsrv.dll
08:55:04.0171 0x0dd8 [ A28CE25B59C90E12743001A1F2AE3613, 5653B7ABE06ECB7B34B6E4989EDD897C766BF9563A2197CBE949D02D8EE7D600 ] C:\WINDOWS\system32\winsrv.dll
08:55:04.0218 0x0dd8 [ A3EDBE9053889FB24AB22492472B39DC, 6F2ED6E04BDE2FCA2A8BF9BD2D1D6923DE6EAECB46F582B6C0BD1CF364D65C9E ] C:\WINDOWS\system32\services.exe
08:55:04.0218 0x0dd8 [ Global ] - ok
08:55:04.0218 0x0dd8 ================ Scan MBR ==================================
08:55:04.0250 0x0dd8 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk0\DR0
08:55:04.0640 0x0dd8 \Device\Harddisk0\DR0 - ok
08:55:04.0656 0x0dd8 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR4
08:55:04.0734 0x0dd8 \Device\Harddisk1\DR4 - ok
08:55:04.0734 0x0dd8 ================ Scan VBR ==================================
08:55:04.0750 0x0dd8 [ 969F5C8444305004B7685706192DC00C ] \Device\Harddisk0\DR0\Partition1
08:55:04.0750 0x0dd8 \Device\Harddisk0\DR0\Partition1 - ok
08:55:04.0765 0x0dd8 [ AA4A9D77069E1FE10BEF69816688EFEE ] \Device\Harddisk1\DR4\Partition1
08:55:04.0765 0x0dd8 \Device\Harddisk1\DR4\Partition1 - ok
08:55:04.0765 0x0dd8 ================ Scan generic autorun ======================
08:55:06.0312 0x0dd8 [ 23ABD87C7F383ABF0B9F2E8A8D89A84B, 923968DFD02576B5623805F62F06130F9461782484EEEBA92C335E6735460AAE ] C:\WINDOWS\RTHDCPL.EXE
08:55:08.0703 0x0dd8 RTHDCPL - ok
08:55:08.0906 0x0dd8 [ 18BC32BB8A8D5A85CDAFAD5A4ECC4C73, 1F24774151BB2B161AEE3B68DC10B935FD870A911EA8393C7BB35E34E28C57FD ] C:\WINDOWS\mod32\bpk.exe
08:55:09.0156 0x0dd8 bpk - detected UnsignedFile.Multi.Generic ( 1 )
08:55:09.0156 0x0dd8 bpk ( UnsignedFile.Multi.Generic ) - warning
08:55:09.0203 0x0dd8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
08:55:09.0453 0x0dd8 CTFMON.EXE - ok
08:55:09.0453 0x0dd8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\CTFMON.EXE
08:55:09.0640 0x0dd8 CTFMON.EXE - ok
08:55:09.0640 0x0dd8 [ 01B4E6E990B6C5EA8856D96C7FD044B2, 2266296FD3C8E0DFA657F21406EE4E494477870DFAF7C65BEBCB6FBA8CADC7C6 ] C:\WINDOWS\system32\ctfmon.exe
08:55:09.0828 0x0dd8 ctfmon.exe - ok
08:55:09.0906 0x0dd8 AV detected via SS1: Kaspersky Anti-Virus, 15.0.2.361, enabled, outofdate
08:55:09.0906 0x0dd8 FW detected via SS1: Kaspersky Anti-Virus, 15.0.2.361, disabled
08:55:09.0906 0x0dd8 Win FW state via NFM: enabled
08:55:09.0906 0x0dd8 ============================================================
08:55:09.0906 0x0dd8 Scan finished
08:55:09.0906 0x0dd8 ============================================================
08:55:09.0937 0x0dd0 Detected object count: 2
08:55:09.0937 0x0dd0 Actual detected object count: 2
08:55:21.0437 0x0dd0 hwinterface ( UnsignedFile.Multi.Generic ) - skipped by user
08:55:21.0437 0x0dd0 hwinterface ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:55:21.0437 0x0dd0 bpk ( UnsignedFile.Multi.Generic ) - skipped by user
08:55:21.0437 0x0dd0 bpk ( UnsignedFile.Multi.Generic ) - User select action: Skip
08:57:45.0375 0x0d90 Deinitialize success
mbar log Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ulmer-Kemo :: SYSTEM-V0475 [administrator]
23.04.2015 09:25:40
mbar-log-2015-04-23 (09-25-40).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 273138
Time elapsed: 14 minute(s), 7 second(s)
Memory Processes Detected: 1
C:\WINDOWS\mod32\bpk.exe (Spyware.Keylogger) -> 828 -> Delete on reboot. [39048bb21c6084b29987fe0ba8586f91]
Memory Modules Detected: 6
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkwb.dll (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
Registry Keys Detected: 8
HKLM\SOFTWARE\CLASSES\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\CLASSES\TYPELIB\{1E1B286C-88FF-11D3-8D96-D7ACAC95951A} (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\CLASSES\INTERFACE\{1E1B2878-88FF-11D3-8D96-D7ACAC95951A} (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\CLASSES\PK.IE.1 (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\CLASSES\PK.IE (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKU\S-1-5-21-1844237615-448539723-299502267-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
HKLM\SOFTWARE\CLASSES\CLSID\{1E1B2879-88FF-11D3-8D96-D7ACAC95951A}\INPROCSERVER32 (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
Registry Values Detected: 1
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|bpk (Spyware.Keylogger) -> Data: C:\WINDOWS\mod32\bpk.exe -> Delete on reboot. [39048bb21c6084b29987fe0ba8586f91]
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 9
C:\WINDOWS\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [cb7292ab6319e45273ec40ed7e8444bc]
C:\WINDOWS\mod32\bpkwb.dll (Monitor.PerfKeylogger) -> Delete on reboot. [44f9f845aad2d2641f98cf43788d8b75]
C:\WINDOWS\mod32\bpk.exe (Spyware.Keylogger) -> Delete on reboot. [39048bb21c6084b29987fe0ba8586f91]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\bpk.exe (Spyware.Keylogger) -> Delete on reboot. [9ca19f9ebcc040f61a0659b0b44cf709]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\bpkhk.dll (Monitor.Perflogger) -> Delete on reboot. [231aaf8e2b518caa2837210cc53d5ca4]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\bpki.dll (Keylogger.PerfectKeylogger) -> Delete on reboot. [9e9f3c010d6f60d69d86dc51b052629e]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\bpkr.exe (Monitor.Perflogger) -> Delete on reboot. [c37a58e5255754e2332157bada2b09f7]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\bpkwb.dll (Monitor.PerfKeylogger) -> Delete on reboot. [d86557e649338caa9c1b2ae8dd28c63a]
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp\Temporäres Verzeichnis 1 für mod32[1].zip\mod32\inst.bin (Trojan.Logger) -> Delete on reboot. [c479bf7e6814d95d7a6add06a163748c]
Physical Sectors Detected: 0
(No malicious items detected)
(end)
mbar log nach bereinigung Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.09.1.1004
www.malwarebytes.org
Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Ulmer-Kemo :: SYSTEM-V0475 [administrator]
23.04.2015 09:47:34
mbar-log-2015-04-23 (09-47-34).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 273049
Time elapsed: 8 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
Physical Sectors Detected: 0
(No malicious items detected)
(end)
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 (ATTENTION: ====> FRST version is 50 days old and could be outdated)
Ran by Ulmer-Kemo (administrator) on SYSTEM-V0475 on 23-04-2015 10:04:57
Running from C:\Support\Wiesender
Loaded Profiles: Ulmer-Kemo (Available profiles: Ulmer-Kemo)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(UltraVNC) C:\Programme\UltraVNC\winvnc.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(UltraVNC) C:\Programme\UltraVNC\winvnc.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Ulmer-Kemo GmbH) C:\kasse_win\winkasse.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
HKU\S-1-5-21-1844237615-448539723-299502267-1004\...\MountPoints2: {38207741-b11b-11e0-96e5-806d6172696f} - D:\autorun.exe
Startup: C:\Dokumente und Einstellungen\Ulmer-Kemo\Startmenü\Programme\Autostart\winkasse.lnk
ShortcutTarget: winkasse.lnk -> C:\kasse_win\winkasse.exe (Ulmer-Kemo GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ulmer-kemo.de/
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\..\Interfaces\{1D441218-89C8-4ED8-8F35-4786A8243580}: [NameServer] 8.8.8.8
FireFox:
========
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-15]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-18]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.2; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
R2 uvnc_service; C:\Programme\UltraVNC\WinVNC.exe [1590216 2009-12-07] (UltraVNC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2009-10-20] (Intel Corporation)
S3 EGXFilter; C:\WINDOWS\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2996 2011-07-18] (Buzz) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [46280 2015-03-27] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [689864 2015-03-27] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [120024 2015-04-23] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 xTouch; C:\WINDOWS\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S4 IntelIde; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 09:25 - 2015-04-23 09:56 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-04-23 09:25 - 2015-04-23 09:25 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-04-23 09:24 - 2015-04-23 09:47 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 08:59 - 2015-04-23 09:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar
2015-04-23 08:59 - 2015-04-23 09:44 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 08:52 - 2015-04-23 08:50 - 16502728 _____ (Malwarebytes Corp.) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar-1.09.1.1004.exe
2015-04-23 08:52 - 2015-04-23 08:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\tdsskiller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-23 10:05 - 2015-03-06 09:59 - 00000000 ____D () C:\FRST
2015-04-23 10:05 - 2011-07-18 10:31 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Temp
2015-04-23 09:44 - 2011-07-18 10:03 - 01346749 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-23 09:42 - 2015-02-18 16:29 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2015-04-23 09:42 - 2011-07-18 10:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-23 09:41 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-04-23 09:41 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-448539723-299502267-1004-0.dat
2015-04-23 09:41 - 2013-02-16 08:14 - 00000000 ____D () C:\WINDOWS\mod32
2015-04-23 09:41 - 2011-07-18 10:31 - 00030276 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-23 09:40 - 2011-07-18 10:31 - 00000190 ___SH () C:\Dokumente und Einstellungen\Ulmer-Kemo\ntuser.ini
2015-04-23 09:40 - 2011-07-18 10:31 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo
2015-04-23 08:51 - 2012-08-14 09:59 - 00189968 _____ () C:\WINDOWS\setupapi.log
2015-04-23 08:51 - 2012-08-14 09:47 - 00000625 _____ () C:\WINDOWS\setupact.log
2015-04-23 08:47 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-16 17:23 - 2011-07-18 12:53 - 00000000 ____D () C:\kasse_win
2015-04-16 17:22 - 2013-09-06 05:55 - 00000052 _____ () C:\Kasse_Winmf.log
2015-04-03 18:53 - 2011-07-18 10:53 - 01148246 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-27 16:38 - 2015-02-18 16:28 - 00689864 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klif.sys
2015-03-27 16:38 - 2014-08-19 13:31 - 00046280 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kldisk.sys
==================== Files in the root of some directories =======
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Anwendungsdaten\setup.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- Geändert von feiste (23.04.2015 um 09:16 Uhr) |
|
24.04.2015, 07:38
| #8 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.04.2015, 09:03
| #9 |
| | Kaspersky Rescue Disc Log AuswertungCode:
ATTFilter ComboFix 15-04-19.01 - Ulmer-Kemo 24.04.2015 9:21.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.499 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Ulmer-Kemo\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Anti-Virus *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Ulmer-Kemo\Anwendungsdaten\NET Framework
c:\dokumente und einstellungen\Ulmer-Kemo\Anwendungsdaten\NET Framework\nt01.dat
c:\dokumente und einstellungen\Ulmer-Kemo\Anwendungsdaten\NET Framework\nt02.dat
c:\dokumente und einstellungen\Ulmer-Kemo\Anwendungsdaten\NET Framework\nthome.dat
c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_UVNC_SERVICE
-------\Legacy_WINDOWS_MEDIA_HELP
-------\Service_uvnc_service
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-03-24 bis 2015-04-24 ))))))))))))))))))))))))))))))
.
.
2015-04-23 07:25 . 2015-04-23 07:25 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-04-23 07:25 . 2015-04-24 06:53 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-04-23 07:24 . 2015-04-23 07:47 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-23 06:59 . 2015-04-23 07:44 120024 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-23 10:07 . 2013-02-16 06:06 4161092 ----a-w- c:\windows\matanii.zip
2015-03-27 14:38 . 2014-08-19 11:31 46280 ----a-w- c:\windows\system32\drivers\kldisk.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\Ulmer-Kemo\Startmenü\Programme\Autostart\
winkasse.lnk - c:\kasse_win\winkasse.exe [2011-7-18 3163140]
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^LaunchTouchMon.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\LaunchTouchMon.lnk
backup=c:\windows\pss\LaunchTouchMon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Message.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Message.lnk
backup=c:\windows\pss\Message.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClearTKHandle]
2008-11-12 02:47 102400 ------r- c:\programme\eGalaxTouch\ClearTKHandle.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-03-26 18:27 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-03-26 18:27 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-03-26 18:27 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-04-30 15:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\UltraVNC\\winvnc.exe"=
"c:\\Programme\\UltraVNC\\vncviewer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1466:TCP"= 1466:TCP:Abruf
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800
.
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\drivers\cm_km_w.sys [14.01.2013 21:10 189136]
R1 klhk;klhk;c:\windows\system32\drivers\klhk.sys [18.02.2015 16:28 35016]
R1 klpd;klpd;c:\windows\system32\drivers\klpd.sys [12.04.2013 15:34 14432]
R1 kltdf;kltdf;c:\windows\system32\drivers\kltdf.sys [06.11.2014 18:36 68808]
R1 kltdi;kltdi;c:\windows\system32\drivers\kltdi.sys [09.10.2014 13:31 46152]
R1 kneps;kneps;c:\windows\system32\drivers\kneps.sys [10.11.2014 18:48 148296]
R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [23.12.2014 18:50 193400]
R2 kldisk;kldisk;c:\windows\system32\drivers\kldisk.sys [19.08.2014 13:31 46280]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [18.07.2011 11:07 241880]
R3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\drivers\klflt.sys [18.02.2015 16:28 116936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [19.04.2013 11:44 36448]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\drivers\klkbdflt.sys [30.10.2014 05:22 25288]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [08.08.2013 17:11 24672]
R3 xTouch;xTouch;c:\windows\system32\drivers\xtouch.sys [18.07.2011 10:59 125952]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [18.07.2011 11:49 1691480]
S3 EGXFilter;EGXFilter;c:\windows\system32\drivers\EGXFilter.sys [18.07.2011 10:59 140800]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.ulmer-kemo.de/
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
TCP: DhcpNameServer = 10.105.2.11
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} - c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
BHO-{93BC2EA7-2F17-4729-948A-D2E03FFB2412} - c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
BHO-{AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} - c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\IEExt\ie_plugin.dll
AddRemove-{5AB6DDE7-B1A7-4E8C-8811-5457852DBBEF} - c:\programme\InstallShield Installation Information\{5AB6DDE7-B1A7-4E8C-8811-5457852DBBEF}\setup.exe
AddRemove-{680DED1F-770C-4826-B22F-2375A34D2739} - c:\programme\InstallShield Installation Information\{680DED1F-770C-4826-B22F-2375A34D2739}\setup.exe
AddRemove-{C6A750AE-6029-4435-9A8D-06507AA46798} - c:\programme\InstallShield Installation Information\{C6A750AE-6029-4435-9A8D-06507AA46798}\setup.exe
AddRemove-{F1014FF9-FFA2-44E9-B1DD-13EA24933FC3} - c:\programme\InstallShield Installation Information\{F1014FF9-FFA2-44E9-B1DD-13EA24933FC3}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2015-04-24 09:35
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(5032)
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\wscntfy.exe
c:\programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-04-24 09:41:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2015-04-24 07:41
.
Vor Suchlauf: 11 Verzeichnis(se), 140.578.168.832 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 140.500.733.952 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 2A590261245E00B31D65C6B4766F388D
72B8CE41AF0DE751C946802B3ED844B4
|
|
24.04.2015, 15:38
| #10 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.04.2015, 14:06
| #11 |
| | Kaspersky Rescue Disc Log AuswertungCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.04.2015 Suchlauf-Zeit: 17:10:02 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.04.24.03 Rootkit Datenbank: v2015.04.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows XP Service Pack 3 CPU: x86 Dateisystem: NTFS Benutzer: Ulmer-Kemo Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 286071 Verstrichene Zeit: 8 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 0 (Keine schädliche Elemente gefunden) Registrierungswerte: 0 (Keine schädliche Elemente gefunden) Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 0 (Keine schädliche Elemente gefunden) Dateien: 1 Trojan.Clicker, C:\WINDOWS\matanii.zip, In Quarantäne, [c79ca5cb1278c96da35b0391e41e847c], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter # AdwCleaner v4.202 - Logfile created 24/04/2015 at 17:30:05
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Ulmer-Kemo - SYSTEM-V0475
# Running from : C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\AdwCleaner_4.202.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
*************************
AdwCleaner[R0].txt - [747 bytes] - [24/04/2015 17:23:13]
AdwCleaner[R1].txt - [805 bytes] - [24/04/2015 17:28:40]
AdwCleaner[S0].txt - [731 bytes] - [24/04/2015 17:30:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [789 bytes] ##########
JRT hat leider nicht funktioniert. - Creating a registry Backup - Checking Startup kommt noch und dann schließt sich das Fenster 1min später. Ein Logfile wird keines gespeichert bzw. geöffnet. Vielen Dank und VG Dominik FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 (ATTENTION: ====> FRST version is 55 days old and could be outdated)
Ran by Ulmer-Kemo (administrator) on SYSTEM-V0475 on 28-04-2015 15:04:28
Running from C:\Support\Wiesender
Loaded Profiles: Ulmer-Kemo (Available profiles: Ulmer-Kemo)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Ulmer-Kemo GmbH) C:\kasse_win\winkasse.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
Startup: C:\Dokumente und Einstellungen\Ulmer-Kemo\Startmenü\Programme\Autostart\winkasse.lnk
ShortcutTarget: winkasse.lnk -> C:\kasse_win\winkasse.exe (Ulmer-Kemo GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-299502267-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ulmer-kemo.de/
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.105.2.11
FireFox:
========
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-15]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Modul zum Sperren von gefährlichen Webseiten - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-18]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtuelle Tastatur - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.2; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2009-10-20] (Intel Corporation)
S3 EGXFilter; C:\WINDOWS\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2996 2011-07-18] (Buzz) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [46280 2015-03-27] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [689864 2015-03-27] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 xTouch; C:\WINDOWS\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-24 17:52 - 2015-04-24 17:52 - 00000000 ____D () C:\RegBackup
2015-04-24 17:23 - 2015-04-24 17:30 - 00000000 ____D () C:\AdwCleaner
2015-04-24 17:22 - 2015-04-24 17:22 - 00001270 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbam.txt
2015-04-24 17:08 - 2015-04-24 17:08 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-24 17:08 - 2015-04-24 17:08 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware
2015-04-24 17:08 - 2015-04-24 17:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
2015-04-24 17:08 - 2015-04-24 17:05 - 02685461 _____ (Thisisu) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\JRT.exe
2015-04-24 17:08 - 2015-04-24 17:05 - 02224640 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\AdwCleaner_4.202.exe
2015-04-24 17:08 - 2015-04-24 17:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-24 17:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-24 09:41 - 2015-04-28 15:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\temp
2015-04-24 09:41 - 2015-04-24 09:41 - 00009249 _____ () C:\ComboFix.txt
2015-04-24 09:41 - 2015-04-24 09:41 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-04-24 09:41 - 2015-04-24 09:41 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-04-24 09:32 - 2015-04-24 09:32 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-04-24 09:04 - 2015-04-24 09:04 - 00000000 _RSHD () C:\cmdcons
2015-04-24 09:04 - 2011-07-18 16:04 - 00000211 _____ () C:\Boot.bak
2015-04-24 09:04 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-04-24 09:03 - 2015-04-24 09:03 - 00000056 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\ipconf.txt
2015-04-24 08:59 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-04-24 08:59 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-04-24 08:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-04-24 08:58 - 2015-04-24 09:41 - 00000000 ____D () C:\Qoobox
2015-04-24 08:58 - 2015-04-24 09:39 - 00000000 ____D () C:\WINDOWS\erdnt
2015-04-24 08:55 - 2015-04-24 08:54 - 05619466 ____R (Swearware) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\ComboFix.exe
2015-04-23 09:25 - 2015-04-24 17:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-04-23 09:25 - 2015-04-24 08:53 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-04-23 09:24 - 2015-04-24 17:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 08:59 - 2015-04-23 09:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar
2015-04-23 08:59 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 08:52 - 2015-04-23 08:50 - 16502728 _____ (Malwarebytes Corp.) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar-1.09.1.1004.exe
2015-04-23 08:52 - 2015-04-23 08:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\tdsskiller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-28 15:04 - 2015-03-06 09:59 - 00000000 ____D () C:\FRST
2015-04-28 14:06 - 2011-07-18 10:08 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-04-28 13:42 - 2011-07-18 10:03 - 01454788 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-28 13:41 - 2015-02-18 16:29 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2015-04-28 13:41 - 2011-07-18 10:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-28 13:41 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-24 18:08 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-04-24 18:08 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-448539723-299502267-1004-0.dat
2015-04-24 18:08 - 2011-07-18 10:31 - 00031140 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-24 18:08 - 2011-07-18 10:31 - 00000190 ___SH () C:\Dokumente und Einstellungen\Ulmer-Kemo\ntuser.ini
2015-04-24 17:08 - 2011-07-18 10:53 - 00000000 ___RD () C:\Programme
2015-04-24 17:08 - 2011-07-18 10:53 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-04-24 09:35 - 2008-04-14 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-24 09:33 - 2011-07-18 11:51 - 16777216 _____ () C:\WINDOWS\system32\config\software.bak
2015-04-24 09:33 - 2011-07-18 11:51 - 05505024 _____ () C:\WINDOWS\system32\config\system.bak
2015-04-24 09:33 - 2011-07-18 11:51 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-04-24 09:33 - 2011-07-18 10:52 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-04-24 09:33 - 2011-07-18 10:52 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-04-24 09:04 - 2011-07-18 11:51 - 00000327 __RSH () C:\boot.ini
2015-04-24 09:03 - 2012-08-14 09:59 - 00190946 _____ () C:\WINDOWS\setupapi.log
2015-04-24 08:58 - 2011-07-18 10:53 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Dokumente
2015-04-24 08:56 - 2015-02-18 16:47 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-23 09:41 - 2013-02-16 08:14 - 00000000 ____D () C:\WINDOWS\mod32
2015-04-23 09:40 - 2011-07-18 10:31 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo
2015-04-23 08:51 - 2012-08-14 09:47 - 00000625 _____ () C:\WINDOWS\setupact.log
2015-04-16 17:23 - 2011-07-18 12:53 - 00000000 ____D () C:\kasse_win
2015-04-16 17:22 - 2013-09-06 05:55 - 00000052 _____ () C:\Kasse_Winmf.log
2015-04-03 18:53 - 2011-07-18 10:53 - 01148246 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Anwendungsdaten\setup.txt
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- --- |
|
29.04.2015, 07:49
| #12 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-299502267-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.04.2015, 10:04
| #13 |
| | Kaspersky Rescue Disc Log Auswertung Hi, alles erledigt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-03-2015
Ran by Ulmer-Kemo at 2015-04-29 10:06:39 Run:1
Running from C:\Support\Wiesender
Loaded Profiles: Ulmer-Kemo (Available profiles: Ulmer-Kemo)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1844237615-448539723-299502267-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
Emptytemp:
*****************
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1844237615-448539723-299502267-1004\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
EmptyTemp: => Removed 9.7 MB temporary data.
The system needed a reboot.
==== End of Fixlog 10:06:43 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ea282af281cb3244bb288df859a5fbf6
# engine=23612
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-29 08:28:08
# local_time=2015-04-29 10:28:08 (+0100, Westeuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode_1='Kaspersky Anti-Virus'
# compatibility_mode=1303 16777213 100 100 1215 57871318 0 0
# scanned=11491
# found=0
# cleaned=0
# scan_time=396
Code:
ATTFilter Results of screen317's Security Check version 1.00
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
ESET Online Scanner v3
Kaspersky Anti-Virus
`````````Anti-malware/Other Utilities Check:`````````
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Anti-Virus 15.0.2 avp.exe
Kaspersky Lab Kaspersky Anti-Virus 15.0.2 avpui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C::
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-04-2015
Ran by Ulmer-Kemo (administrator) on SYSTEM-V0475 on 29-04-2015 10:54:36
Running from C:\Support\Wiesender
Loaded Profiles: Ulmer-Kemo (Available profiles: Ulmer-Kemo)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Kaspersky Lab ZAO) C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avpui.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [19523616 2010-04-30] (Realtek Semiconductor Corp.)
Startup: C:\Dokumente und Einstellungen\Ulmer-Kemo\Startmenü\Programme\Autostart\winkasse.lnk [2011-07-18]
ShortcutTarget: winkasse.lnk -> C:\kasse_win\winkasse.exe (Ulmer-Kemo GmbH)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ulmer-kemo.de/
HKU\S-1-5-21-1844237615-448539723-299502267-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL [2002-05-24] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2009-03-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.105.2.11
FireFox:
========
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-18] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-18] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-02-15]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\content_blocker@kaspersky.com [2015-02-18]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-02-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.2; C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 15.0.2\avp.exe [193400 2014-12-23] (Kaspersky Lab ZAO)
S2 MBAMService; C:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative)
R0 cm_km_w; C:\WINDOWS\System32\DRIVERS\cm_km_w.sys [189136 2013-01-14] (Kaspersky Lab UK Ltd)
R3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [241880 2009-10-20] (Intel Corporation)
S3 EGXFilter; C:\WINDOWS\System32\drivers\egxfilter.sys [140800 2009-07-06] ()
S3 FTDIBUS; C:\WINDOWS\System32\drivers\ftdibus.sys [63464 2013-02-13] (FTDI Ltd.)
R1 hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2996 2011-07-18] (Buzz) [File not signed]
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [143968 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\WINDOWS\System32\DRIVERS\kldisk.sys [46280 2015-03-27] (Kaspersky Lab ZAO)
R3 klflt; C:\WINDOWS\System32\DRIVERS\klflt.sys [116936 2014-11-28] (Kaspersky Lab ZAO)
R1 klhk; C:\WINDOWS\System32\DRIVERS\klhk.sys [35016 2014-10-22] (Kaspersky Lab ZAO)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [689864 2015-03-27] (Kaspersky Lab ZAO)
R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [36448 2013-04-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [25288 2014-10-30] (Kaspersky Lab ZAO)
R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdf; C:\WINDOWS\System32\DRIVERS\kltdf.sys [68808 2014-11-06] (Kaspersky Lab ZAO)
R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [46152 2014-10-09] (Kaspersky Lab ZAO)
R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [148296 2014-11-10] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.)
R3 xTouch; C:\WINDOWS\System32\DRIVERS\xtouch.sys [125952 2009-07-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S4 IntelIde; No ImagePath
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
U5 sertouch; C:\Windows\System32\Drivers\sertouch.sys [128512 2009-07-06] ()
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-29 10:15 - 2015-04-29 10:15 - 00000000 ____D () C:\Programme\ESET
2015-04-29 10:03 - 2015-04-29 09:44 - 02347384 _____ (ESET) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\esetsmartinstaller_deu.exe
2015-04-29 10:03 - 2015-04-29 09:44 - 00852616 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\SecurityCheck.exe
2015-04-24 17:52 - 2015-04-24 17:52 - 00000000 ____D () C:\RegBackup
2015-04-24 17:23 - 2015-04-24 17:30 - 00000000 ____D () C:\AdwCleaner
2015-04-24 17:22 - 2015-04-24 17:22 - 00001270 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbam.txt
2015-04-24 17:08 - 2015-04-24 17:08 - 00000749 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
2015-04-24 17:08 - 2015-04-24 17:08 - 00000000 ____D () C:\Programme\ Malwarebytes Anti-Malware
2015-04-24 17:08 - 2015-04-24 17:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ Malwarebytes Anti-Malware
2015-04-24 17:08 - 2015-04-24 17:05 - 02685461 _____ (Thisisu) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\JRT.exe
2015-04-24 17:08 - 2015-04-24 17:05 - 02224640 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\AdwCleaner_4.202.exe
2015-04-24 17:08 - 2015-04-24 17:03 - 21546080 _____ (Malwarebytes Corporation ) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbam-setup-2.1.6.1022.exe
2015-04-24 17:08 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-24 09:41 - 2015-04-29 10:54 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\temp
2015-04-24 09:41 - 2015-04-24 09:41 - 00009249 _____ () C:\ComboFix.txt
2015-04-24 09:41 - 2015-04-24 09:41 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-04-24 09:41 - 2015-04-24 09:41 - 00000000 ____D () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\temp
2015-04-24 09:32 - 2015-04-24 09:32 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2015-04-24 09:32 - 2015-04-24 09:32 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2015-04-24 09:04 - 2015-04-24 09:04 - 00000000 _RSHD () C:\cmdcons
2015-04-24 09:04 - 2011-07-18 16:04 - 00000211 _____ () C:\Boot.bak
2015-04-24 09:04 - 2004-08-03 23:00 - 00262448 __RSH () C:\cmldr
2015-04-24 09:03 - 2015-04-24 09:03 - 00000056 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\ipconf.txt
2015-04-24 08:59 - 2011-06-26 08:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2015-04-24 08:59 - 2010-11-07 19:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2015-04-24 08:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2015-04-24 08:59 - 2000-08-31 02:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2015-04-24 08:58 - 2015-04-24 09:41 - 00000000 ____D () C:\Qoobox
2015-04-24 08:58 - 2015-04-24 09:39 - 00000000 ____D () C:\WINDOWS\erdnt
2015-04-24 08:55 - 2015-04-24 08:54 - 05619466 ____R (Swearware) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\ComboFix.exe
2015-04-23 09:25 - 2015-04-24 17:08 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-04-23 09:25 - 2015-04-24 08:53 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes' Anti-Malware (portable)
2015-04-23 09:24 - 2015-04-24 17:09 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-23 08:59 - 2015-04-23 09:56 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar
2015-04-23 08:59 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-23 08:52 - 2015-04-23 08:50 - 16502728 _____ (Malwarebytes Corp.) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\mbar-1.09.1.1004.exe
2015-04-23 08:52 - 2015-04-23 08:50 - 04197016 _____ (Kaspersky Lab ZAO) C:\Dokumente und Einstellungen\Ulmer-Kemo\Desktop\tdsskiller.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-29 10:54 - 2015-03-06 09:59 - 00000000 ____D () C:\FRST
2015-04-29 10:21 - 2011-07-18 10:03 - 01508407 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-29 10:15 - 2011-07-18 10:53 - 00000000 ___RD () C:\Programme
2015-04-29 10:10 - 2011-07-18 10:31 - 00000000 __SHD () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Verlauf
2015-04-29 10:08 - 2015-02-18 16:29 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
2015-04-29 10:07 - 2011-07-18 10:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-29 10:07 - 2011-07-18 10:31 - 00000000 __SHD () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Verlauf
2015-04-29 10:06 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-04-29 10:06 - 2015-02-18 17:33 - 00080138 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1844237615-448539723-299502267-1004-0.dat
2015-04-29 10:06 - 2011-07-18 10:53 - 00000000 ___SD () C:\Dokumente und Einstellungen\Default User\Lokale Einstellungen\Verlauf
2015-04-29 10:06 - 2011-07-18 10:31 - 00031572 _____ () C:\WINDOWS\SchedLgU.Txt
2015-04-29 10:06 - 2011-07-18 10:31 - 00000190 ___SH () C:\Dokumente und Einstellungen\Ulmer-Kemo\ntuser.ini
2015-04-29 10:06 - 2011-07-18 10:08 - 00000000 ___HD () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Verlauf
2015-04-29 09:46 - 2012-08-14 09:59 - 00204583 _____ () C:\WINDOWS\setupapi.log
2015-04-29 09:46 - 2012-08-14 09:47 - 00000741 _____ () C:\WINDOWS\setupact.log
2015-04-28 14:06 - 2011-07-18 10:08 - 00000000 __SHD () C:\Dokumente und Einstellungen\NetworkService
2015-04-28 13:41 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-24 17:08 - 2011-07-18 10:53 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-04-24 09:35 - 2008-04-14 14:00 - 00000227 _____ () C:\WINDOWS\system.ini
2015-04-24 09:33 - 2011-07-18 11:51 - 16777216 _____ () C:\WINDOWS\system32\config\software.bak
2015-04-24 09:33 - 2011-07-18 11:51 - 05505024 _____ () C:\WINDOWS\system32\config\system.bak
2015-04-24 09:33 - 2011-07-18 11:51 - 00262144 _____ () C:\WINDOWS\system32\config\default.bak
2015-04-24 09:33 - 2011-07-18 10:52 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2015-04-24 09:33 - 2011-07-18 10:52 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2015-04-24 09:04 - 2011-07-18 11:51 - 00000327 __RSH () C:\boot.ini
2015-04-24 08:58 - 2011-07-18 10:53 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Dokumente
2015-04-24 08:56 - 2015-02-18 16:47 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-04-23 09:41 - 2013-02-16 08:14 - 00000000 ____D () C:\WINDOWS\mod32
2015-04-23 09:40 - 2011-07-18 10:31 - 00000000 ____D () C:\Dokumente und Einstellungen\Ulmer-Kemo
2015-04-16 17:23 - 2011-07-18 12:53 - 00000000 ____D () C:\kasse_win
2015-04-16 17:22 - 2013-09-06 05:55 - 00000052 _____ () C:\Kasse_Winmf.log
2015-04-03 18:53 - 2011-07-18 10:53 - 01148246 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
==================== Files in the root of some directories =======
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Dokumente und Einstellungen\Ulmer-Kemo\Lokale Einstellungen\Anwendungsdaten\setup.txt
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Danke und VG |
|
30.04.2015, 07:07
| #14 |
| /// the machine /// TB-Ausbilder | Kaspersky Rescue Disc Log Auswertung Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
30.04.2015, 07:29
| #15 |
| | Kaspersky Rescue Disc Log Auswertung Ich glaube nicht! Sollte nun alles weg sein? Vielen Dank nochmal!!! |
|
| Themen zu Kaspersky Rescue Disc Log Auswertung |
| anhang, auswertung, desinfiziert, gefunde, gestern, kaspersky, kaspersky rescue, konnte, laufe, laufen, log, nachfrage, objekte, rechner, rescue, schei, troja, trojaner |
WARNUNG an die MITLESER: 
Linear-Darstellung
