Trojaner-Board - 3x Trojan.VUPX.Gen

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - 3x Trojan.VUPX.Gen (https://www.trojaner-board.de/110014-3x-trojan-vupx-gen.html)

3x Trojan.VUPX.Gen

MalwareBytes QuickScan:

Code:

Malwarebytes Anti-Malware 1.60.0.1800

www.malwarebytes.org
 

Datenbank Version: v2012.01.30.03
 

Windows 7 x86 NTFS

Internet Explorer 8.0.7600.16385

Annette :: ANNETTE-PC [Administrator]
 

30.01.2012 20:03:11

mbam-log-2012-01-30 (20-03-11).txt
 

Art des Suchlaufs: Quick-Scan

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 168849

Laufzeit: 16 Minute(n), 35 Sekunde(n)
 

Infizierte Speicherprozesse: 1

C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> 380 -> Löschen bei Neustart.
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Firefox helper (Trojan.VUPX.Gen) -> Daten: C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 2

C:\Users\Annette\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

C:\Users\Annette\AppData\Local\Temp\0.2222913525765341.exe (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Malwarebytes Full-Scan:

Code:

Malwarebytes Anti-Malware 1.60.1.1000

www.malwarebytes.org
 

Datenbank Version: v2012.02.15.03
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Annette :: ANNETTE-PC [Administrator]
 

15.02.2012 18:47:21

mbam-log-2012-02-15 (18-47-21).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 260054

Laufzeit: 1 Stunde(n), 20 Minute(n), 41 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 1

C:\Users\Annette\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\37abc3c2-516bfa30 (Trojan.VUPX.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
 

(Ende)

Defogger:

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 18:50 on 15/02/2012 (Annette)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

Attach:

Code:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter 

Boot Device: \Device\HarddiskVolume2

Install Date: 31.01.2010 09:31:28

System Uptime: 15.02.2012 20:16:06 (0 hours ago)

.

Motherboard: SAMSUNG ELECTRONICS CO., LTD. |  | NC10                       

Processor: Intel(R) Atom(TM) CPU N270   @ 1.60GHz | U2E1 | 1600/mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 67 GiB total, 47,454 GiB free.

D: is FIXED (NTFS) - 67 GiB total, 66,887 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

 Update for Microsoft Office 2007 (KB2508958)

Adobe Flash Player 10 ActiveX

Adobe Reader 9.1 - Deutsch

Alice Greenfingers

AnyPC Client

Atheros Client Installation Program

Compatibility Pack für 2007 Office System

CyberLink YouCam

Dairy Dash

Easy Display Manager

Easy Network Manager

Easy Resolution Manager

Easy SpeedUp Manager

EasyBatteryManager

Farm Frenzy 2

Firebird SQL Server - MAGIX Edition

Game Pack

Go-Go Gourmet

Google Toolbar for Internet Explorer

Google Update Helper

Intel(R) Graphics Media Accelerator Driver

Java Auto Updater

Java(TM) 6 Update 31

Junk Mail filter update

MAGIX Foto Manager 10

MAGIX Online Druck Service

MAGIX Screenshare

Malwarebytes Anti-Malware Version 1.60.1.1000

Marvell Miniport Driver

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Excel MUI (German) 2007

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.3

Microsoft Office OneNote MUI (German) 2007

Microsoft Office PowerPoint MUI (German) 2007

Microsoft Office PowerPoint Viewer 2007 (German)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Italian) 2007

Microsoft Office Proofing (German) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Shared MUI (German) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (German) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Works

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Namuga 1.3M Webcam

OpenOffice.org 3.2

PDFCreator

Picasa 3

Realtek High Definition Audio Driver

Samsung Recovery Solution 4

Samsung Support Center

Samsung Update Plus

Security Update for 2007 Microsoft Office System (KB2288621)

Security Update for 2007 Microsoft Office System (KB2288931)

Security Update for 2007 Microsoft Office System (KB2345043)

Security Update for 2007 Microsoft Office System (KB2553089)

Security Update for 2007 Microsoft Office System (KB2553090)

Security Update for 2007 Microsoft Office System (KB2584063)

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB976321)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB979441)

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB2344993)

Synaptics Pointing Device Driver

Update für Microsoft Office Excel 2007 Help (KB963678)

Update für Microsoft Office Powerpoint 2007 Help (KB963669)

Update für Microsoft Office Word 2007 Help (KB963665)

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition

Update for Microsoft Office 2007 System (KB2539530)

Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition

Update for Microsoft Office OneNote 2007 (KB980729)

User Guide

WIDCOMM Bluetooth Software

Windows Driver Package - Broadcom Bluetooth  (06/15/2009 6.2.0.9000)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800)

Windows Live-Uploadtool

Windows Live Anmelde-Assistent

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live Fotogalerie

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Sync

Windows Live Writer

.

==== End Of File ===========================

DDS:

Code:

.

DDS (Ver_2011-08-26.01) - NTFSx86 

Internet Explorer: 8.0.7601.17514

Run by Annette at 20:46:46 on 2012-02-15

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.329 [GMT 1:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\System32\svchost.exe -k yksvcs

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\taskhost.exe

C:\windows\system32\taskeng.exe

C:\windows\system32\Dwm.exe

C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe

C:\windows\Explorer.EXE

C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe

C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe

C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe

C:\windows\system32\igfxext.exe

C:\windows\system32\igfxsrvc.exe

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\windows\system32\igfxsrvc.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\DllHost.exe

C:\windows\system32\conhost.exe

C:\windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"

mRun: [IgfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\users\annette\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 82.212.62.62 78.42.43.62

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\4416679646028416373756C686F66666 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\44166796468416373756C686F66666 : DhcpNameServer = 85.216.127.130 82.212.63.122 192.168.0.1

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\452716E63777162707B616E616C6 : DhcpNameServer = 217.0.43.97 217.0.43.113

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\7457563747 : DhcpNameServer = 134.2.200.2 134.2.3.191

TCP: Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}\75C414E4 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E} : DhcpNameServer = 82.212.62.62 78.42.43.62

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-11-3 10752]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\common files\magix services\database\bin\FABS.exe [2009-8-27 1253376]

R2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\samsung casual games\gameconsole\OberonGameConsoleService.exe [2010-1-31 44312]

R2 yksvc;Marvell Yukon Service;c:\windows\system32\svchost.exe -k yksvcs [2009-7-14 20992]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-1-31 29472]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-6-15 313856]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\common files\magix services\database\bin\fbserver.exe [2008-8-7 3276800]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-31 54632]

S3 fsssvc;Windows Live Family Safety-Dienst;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]

S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-6-10 139776]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-21 52224]

S3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-11-3 237696]

.

=============== Created Last 30 ================

.

2012-02-15 18:54:09        6557240        ----a-w-        c:\programdata\microsoft\windows defender\definition updates\{d942106d-b9c9-4e49-a3c6-ac0a7666cbae}\mpengine.dll

2012-02-15 18:18:49        442880        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-15 18:12:32        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 18:00:41        --------        d-----w-        c:\users\annette\appdata\local\WindowsUpdate

2012-01-30 19:19:47        --------        d-----w-        c:\windows\system32\SPReview

2012-01-30 19:18:37        --------        d-----w-        c:\windows\system32\EventProviders

2012-01-30 19:08:43        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-01-30 19:02:08        --------        d-----w-        c:\users\annette\appdata\roaming\Malwarebytes

2012-01-30 19:01:58        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-30 19:01:57        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-01-30 19:01:57        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-17 21:08:17        1038848        ----a-w-        c:\windows\system32\lsasrv.dll

2012-01-17 21:08:16        369352        ----a-w-        c:\windows\system32\drivers\cng.sys

2012-01-17 21:08:16        314880        ----a-w-        c:\windows\system32\webio.dll

2012-01-17 21:08:16        224768        ----a-w-        c:\windows\system32\schannel.dll

2012-01-17 21:08:16        134000        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys

2012-01-17 21:08:15        67440        ----a-w-        c:\windows\system32\drivers\ksecdd.sys

2012-01-17 21:08:15        22528        ----a-w-        c:\windows\system32\lsass.exe

2012-01-17 21:08:15        22016        ----a-w-        c:\windows\system32\secur32.dll

2012-01-17 21:08:15        15872        ----a-w-        c:\windows\system32\sspisrv.dll

2012-01-17 21:08:15        100352        ----a-w-        c:\windows\system32\sspicli.dll

.

==================== Find3M  ====================

.

2012-01-30 19:36:50        152576        ----a-w-        c:\windows\system32\msclmd.dll

2012-01-29 04:10:42        237072        ------w-        c:\windows\system32\MpSigStub.exe

2011-12-30 05:27:56        478720        ----a-w-        c:\windows\system32\timedate.cpl

2011-12-16 07:54:22        981504        ----a-w-        c:\windows\system32\wininet.dll

2011-12-16 07:52:58        690688        ----a-w-        c:\windows\system32\msvcrt.dll

2011-12-16 06:09:17        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2011-11-19 14:01:00        67072        ----a-w-        c:\windows\system32\packager.dll

.

============= FINISH: 20:47:58,13 ===============
 
 

{code]

GMER stürzt immer ab bzw. hängt sich auf. :confused:

Hast du auch ne Problembeschreibung? Einfach nur Logs hinknallen ist nicht gerade schön :balla:

Hallo cosinus,

tut mir leid. Es ist der 50 Euro-Absperr-Trojaner, der hier massenweise vertreten ist.

Es sind auch keine weiteren Logs vorhanden von Malwarebytes.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo cosinus,

vielen Dank erstmal. Hier das OTL-Log:

OTL Logfile:

Code:

OTL logfile created on: 2/17/2012 6:21:56 PM - Run 1

OTL by OldTimer - Version 3.2.32.0     Folder = C:\Users\Annette\Desktop

 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1014.43 Mb Total Physical Memory | 360.55 Mb Available Physical Memory | 35.54% Memory free

1.99 Gb Paging File | 1.37 Gb Available in Paging File | 68.58% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 66.97 Gb Total Space | 47.00 Gb Free Space | 70.17% Space Free | Partition Type: NTFS

Drive D: | 66.98 Gb Total Space | 66.89 Gb Free Space | 99.87% Space Free | Partition Type: NTFS

Drive E: | 7.45 Gb Total Space | 7.22 Gb Free Space | 96.90% Space Free | Partition Type: FAT32

 

Computer Name: ANNETTE-PC | User Name: Annette | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Annette\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)

PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files\Samsung\Easy Display Manager\HookDllPS2.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)

SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (yksvc) -- C:\Windows\System32\yk62x86.dll (Marvell)

SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (VMC326) -- C:\Windows\System32\drivers\VMC326.sys (Vimicro Corporation)

DRV - (Serial) -- C:\windows\system32\DRIVERS\serial.sys (Brother Industries Ltd.)

DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

 

 

 

O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 82.212.62.62 78.42.43.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7925994F-5AA6-4AFB-8EBB-BC6EC71A404F}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3AFEA8F-4E74-40AA-B1BE-D3415ABBE74E}: DhcpNameServer = 82.212.62.62 78.42.43.62

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: mcmscsvc - Service

SafeBootMin: MCODS - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: mcmscsvc - Service

SafeBootNet: MCODS - Service

SafeBootNet: Messenger - Service

SafeBootNet: MpfService - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: vsmon - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/02/17 18:00:47 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe

[2012/02/15 21:00:20 | 000,100,864 | ---- | C] (GMER) -- C:\fgdiqfow.sys

[2012/02/15 19:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2012/02/15 19:00:41 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Local\WindowsUpdate

[2012/02/15 18:54:14 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Annette\Desktop\dds.com

[2012/02/15 18:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/02/15 18:47:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java

[2012/01/30 20:19:47 | 000,000,000 | ---D | C] -- C:\windows\System32\SPReview

[2012/01/30 20:18:37 | 000,000,000 | ---D | C] -- C:\windows\System32\EventProviders

[2012/01/30 20:09:51 | 000,000,000 | ---D | C] -- C:\windows\Sun

[2012/01/30 20:02:08 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Malwarebytes

[2012/01/30 20:01:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/01/30 20:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/01/30 20:01:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys

[2012/01/30 20:01:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012/01/21 00:15:04 | 000,000,000 | ---D | C] -- C:\Users\Annette\AppData\Roaming\Mozilla

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/02/17 17:59:11 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/02/17 17:58:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Annette\Desktop\OTL.exe

[2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/02/17 17:52:59 | 000,010,272 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/02/17 17:45:44 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/02/17 17:45:18 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012/02/17 17:45:13 | 797,777,920 | -HS- | M] () -- C:\hiberfil.sys

[2012/02/15 22:07:51 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012/02/15 22:07:51 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012/02/15 22:07:51 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012/02/15 22:07:51 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012/02/15 21:00:20 | 000,100,864 | ---- | M] (GMER) -- C:\fgdiqfow.sys

[2012/02/15 20:17:28 | 000,349,304 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[2012/02/15 18:56:19 | 000,302,592 | ---- | M] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe

[2012/02/15 18:54:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Annette\Desktop\dds.com

[2012/02/15 18:50:42 | 000,000,000 | ---- | M] () -- C:\Users\Annette\defogger_reenable

[2012/02/15 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\Annette\Desktop\Defogger.exe

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012/02/15 18:56:07 | 000,302,592 | ---- | C] () -- C:\Users\Annette\Desktop\rl9t5lf6.exe

[2012/02/15 18:50:42 | 000,000,000 | ---- | C] () -- C:\Users\Annette\defogger_reenable

[2012/02/15 18:50:07 | 000,050,477 | ---- | C] () -- C:\Users\Annette\Desktop\Defogger.exe

[2011/12/24 04:20:11 | 000,000,000 | ---- | C] () -- C:\Users\Annette\AppData\Local\{A6056EA3-3AEF-496F-A7F0-70B645FE866A}

[2011/03/07 17:41:56 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE

[2010/10/30 13:01:43 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll

[2010/01/31 15:24:58 | 000,000,002 | ---- | C] () -- C:\windows\HotFixList.ini

[2010/01/31 09:50:10 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2009/11/03 22:35:06 | 000,654,166 | ---- | C] () -- C:\windows\System32\perfh007.dat

[2009/11/03 22:35:06 | 000,295,922 | ---- | C] () -- C:\windows\System32\perfi007.dat

[2009/11/03 22:35:06 | 000,130,006 | ---- | C] () -- C:\windows\System32\perfc007.dat

[2009/11/03 22:35:06 | 000,038,104 | ---- | C] () -- C:\windows\System32\perfd007.dat

[2009/07/14 05:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat

[2009/07/14 05:33:53 | 000,349,304 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT

[2009/07/14 03:05:48 | 000,616,008 | ---- | C] () -- C:\windows\System32\perfh009.dat

[2009/07/14 03:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat

[2009/07/14 03:05:48 | 000,106,388 | ---- | C] () -- C:\windows\System32\perfc009.dat

[2009/07/14 03:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat

[2009/07/14 03:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT

[2009/07/14 03:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat

[2009/07/14 00:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin

[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll

[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll

[2009/07/13 23:09:19 | 000,982,196 | ---- | C] () -- C:\windows\System32\igkrng500.bin

[2009/07/13 23:09:19 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin

[2009/07/13 23:09:19 | 000,139,824 | ---- | C] () -- C:\windows\System32\igfcg500.bin

[2009/07/13 23:09:19 | 000,097,448 | ---- | C] () -- C:\windows\System32\igfcg500m.bin

[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat

[2007/04/27 10:43:58 | 000,120,200 | ---- | C] () -- C:\windows\System32\DLLDEV32i.dll

 
 ========== LOP Check ==========

 

[2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint

[2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys

[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze

[2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX

[2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org

[2011/11/05 19:29:10 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010/01/31 17:18:07 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Adobe

[2010/11/22 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CheckPoint

[2011/01/19 17:45:35 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\CoSoSys

[2010/01/31 16:34:55 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Google

[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze

[2010/01/31 15:50:41 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Identities

[2010/01/31 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Macromedia

[2011/02/07 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\MAGIX

[2012/01/30 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Malwarebytes

[2010/12/13 21:29:52 | 000,000,000 | --SD | M] -- C:\Users\Annette\AppData\Roaming\Microsoft

[2012/01/21 00:15:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Mozilla

[2010/04/19 12:10:04 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\OpenOffice.org

 
 < %APPDATA%\*.exe /s >

[2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze\uninstall.exe

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009/07/14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009/07/14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011/03/11 06:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011/03/11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009/07/14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 13:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011/03/11 06:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011/03/11 06:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011/03/11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011/03/11 06:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 13:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009/07/14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009/07/14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010/11/20 13:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009/10/28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009/10/28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010/11/20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009/07/14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009/07/14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O3 - HKU\S-1-5-21-1544851840-240737930-1642235046-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

[2012/01/30 20:14:56 | 000,000,000 | ---D | M] -- C:\Users\Annette\AppData\Roaming\Gutscheinmieze

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo cosinus,

hier das Log:

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.

C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

Registry value HKEY_USERS\S-1-5-21-1544851840-240737930-1642235046-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

C:\Users\Annette\AppData\Roaming\Gutscheinmieze folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Annette

->Temp folder emptied: 220150552 bytes

->Temporary Internet Files folder emptied: 254367849 bytes

->Java cache emptied: 41158 bytes

->Flash cache emptied: 35846 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 30720 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 189849737 bytes

RecycleBin emptied: 140834111 bytes

 

Total Files Cleaned = 768.00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.32.0 log created on 02172012_215005
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Code:

22:25:49.0516 2512        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14

22:25:49.0594 2512        ============================================================

22:25:49.0594 2512        Current date / time: 2012/02/17 22:25:49.0594

22:25:49.0594 2512        SystemInfo:

22:25:49.0594 2512        

22:25:49.0594 2512        OS Version: 6.1.7601 ServicePack: 1.0

22:25:49.0594 2512        Product type: Workstation

22:25:49.0594 2512        ComputerName: ANNETTE-PC

22:25:49.0594 2512        UserName: Annette

22:25:49.0594 2512        Windows directory: C:\windows

22:25:49.0594 2512        System windows directory: C:\windows

22:25:49.0594 2512        Processor architecture: Intel x86

22:25:49.0594 2512        Number of processors: 2

22:25:49.0594 2512        Page size: 0x1000

22:25:49.0594 2512        Boot type: Normal boot

22:25:49.0594 2512        ============================================================

22:25:54.0835 2512        Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

22:25:54.0851 2512        Drive \Device\Harddisk1\DR1 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

22:25:54.0851 2512        \Device\Harddisk0\DR0:

22:25:54.0851 2512        MBR used

22:25:54.0851 2512        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1E00800, BlocksNum 0x32000

22:25:54.0851 2512        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1E32800, BlocksNum 0x85F2800

22:25:54.0851 2512        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA425000, BlocksNum 0x85F4000

22:25:54.0851 2512        \Device\Harddisk1\DR1:

22:25:54.0851 2512        MBR used

22:25:54.0851 2512        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x1F80, BlocksNum 0xEEA080

22:25:54.0929 2512        Initialize success

22:25:54.0929 2512        ============================================================

22:26:32.0821 3588        ============================================================

22:26:32.0821 3588        Scan started

22:26:32.0821 3588        Mode: Manual; SigCheck; TDLFS; 

22:26:32.0821 3588        ============================================================

22:26:34.0023 3588        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

22:26:34.0303 3588        1394ohci - ok

22:26:34.0381 3588        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

22:26:34.0475 3588        ACPI - ok

22:26:34.0537 3588        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

22:26:34.0709 3588        AcpiPmi - ok

22:26:34.0771 3588        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

22:26:34.0896 3588        adp94xx - ok

22:26:34.0927 3588        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

22:26:35.0021 3588        adpahci - ok

22:26:35.0037 3588        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

22:26:35.0224 3588        adpu320 - ok

22:26:35.0302 3588        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

22:26:35.0442 3588        AFD - ok

22:26:35.0489 3588        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

22:26:35.0629 3588        agp440 - ok

22:26:35.0661 3588        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

22:26:35.0785 3588        aic78xx - ok

22:26:35.0848 3588        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

22:26:35.0910 3588        aliide - ok

22:26:35.0957 3588        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

22:26:36.0097 3588        amdagp - ok

22:26:36.0144 3588        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

22:26:36.0207 3588        amdide - ok

22:26:36.0253 3588        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

22:26:36.0409 3588        AmdK8 - ok

22:26:36.0425 3588        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

22:26:36.0581 3588        AmdPPM - ok

22:26:36.0628 3588        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

22:26:36.0768 3588        amdsata - ok

22:26:36.0815 3588        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

22:26:37.0111 3588        amdsbs - ok

22:26:37.0143 3588        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

22:26:37.0236 3588        amdxata - ok

22:26:37.0283 3588        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

22:26:37.0611 3588        AppID - ok

22:26:37.0735 3588        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

22:26:37.0891 3588        arc - ok

22:26:37.0923 3588        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

22:26:38.0063 3588        arcsas - ok

22:26:38.0110 3588        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

22:26:38.0344 3588        AsyncMac - ok

22:26:38.0422 3588        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

22:26:38.0469 3588        atapi - ok

22:26:38.0593 3588        athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys

22:26:38.0796 3588        athr - ok

22:26:38.0937 3588        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

22:26:39.0280 3588        b06bdrv - ok

22:26:39.0327 3588        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

22:26:39.0654 3588        b57nd60x - ok

22:26:39.0732 3588        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

22:26:39.0841 3588        Beep - ok

22:26:39.0888 3588        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

22:26:40.0075 3588        blbdrive - ok

22:26:40.0107 3588        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

22:26:40.0341 3588        bowser - ok

22:26:40.0372 3588        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

22:26:40.0528 3588        BrFiltLo - ok

22:26:40.0543 3588        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

22:26:40.0621 3588        BrFiltUp - ok

22:26:40.0668 3588        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

22:26:40.0887 3588        Brserid - ok

22:26:40.0902 3588        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

22:26:41.0089 3588        BrSerWdm - ok

22:26:41.0105 3588        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

22:26:41.0245 3588        BrUsbMdm - ok

22:26:41.0261 3588        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

22:26:41.0370 3588        BrUsbSer - ok

22:26:41.0433 3588        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

22:26:41.0620 3588        BthEnum - ok

22:26:41.0667 3588        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

22:26:41.0854 3588        BTHMODEM - ok

22:26:41.0901 3588        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

22:26:42.0025 3588        BthPan - ok

22:26:42.0119 3588        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

22:26:42.0275 3588        BTHPORT - ok

22:26:42.0337 3588        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

22:26:42.0525 3588        BTHUSB - ok

22:26:42.0587 3588        btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

22:26:42.0868 3588        btwaudio - ok

22:26:42.0930 3588        btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

22:26:43.0102 3588        btwavdt - ok

22:26:43.0164 3588        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

22:26:43.0258 3588        btwl2cap - ok

22:26:43.0289 3588        btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

22:26:43.0367 3588        btwrchid - ok

22:26:43.0414 3588        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

22:26:43.0648 3588        cdfs - ok

22:26:43.0710 3588        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

22:26:43.0819 3588        cdrom - ok

22:26:43.0851 3588        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

22:26:43.0991 3588        circlass - ok

22:26:44.0053 3588        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

22:26:44.0131 3588        CLFS - ok

22:26:44.0241 3588        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

22:26:44.0334 3588        CmBatt - ok

22:26:44.0365 3588        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

22:26:44.0443 3588        cmdide - ok

22:26:44.0490 3588        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

22:26:44.0677 3588        CNG - ok

22:26:44.0724 3588        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

22:26:44.0802 3588        Compbatt - ok

22:26:44.0849 3588        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

22:26:44.0974 3588        CompositeBus - ok

22:26:45.0021 3588        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

22:26:45.0099 3588        crcdisk - ok

22:26:45.0208 3588        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

22:26:45.0457 3588        DfsC - ok

22:26:45.0489 3588        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

22:26:45.0629 3588        discache - ok

22:26:45.0691 3588        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

22:26:45.0832 3588        Disk - ok

22:26:45.0910 3588        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

22:26:45.0988 3588        drmkaud - ok

22:26:46.0050 3588        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

22:26:46.0206 3588        DXGKrnl - ok

22:26:46.0347 3588        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

22:26:46.0643 3588        ebdrv - ok

22:26:46.0705 3588        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

22:26:46.0846 3588        elxstor - ok

22:26:46.0893 3588        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

22:26:46.0971 3588        ErrDev - ok

22:26:47.0033 3588        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

22:26:47.0220 3588        exfat - ok

22:26:47.0298 3588        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

22:26:47.0470 3588        fastfat - ok

22:26:47.0517 3588        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

22:26:47.0641 3588        fdc - ok

22:26:47.0688 3588        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

22:26:47.0844 3588        FileInfo - ok

22:26:47.0875 3588        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

22:26:48.0031 3588        Filetrace - ok

22:26:48.0094 3588        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

22:26:48.0234 3588        flpydisk - ok

22:26:48.0281 3588        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

22:26:48.0437 3588        FltMgr - ok

22:26:48.0484 3588        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

22:26:48.0624 3588        FsDepends - ok

22:26:48.0671 3588        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

22:26:48.0827 3588        fssfltr - ok

22:26:48.0874 3588        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

22:26:48.0952 3588        Fs_Rec - ok

22:26:49.0014 3588        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

22:26:49.0108 3588        fvevol - ok

22:26:49.0155 3588        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

22:26:49.0311 3588        gagp30kx - ok

22:26:49.0389 3588        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

22:26:49.0498 3588        hcw85cir - ok

22:26:49.0576 3588        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

22:26:49.0701 3588        HdAudAddService - ok

22:26:49.0747 3588        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

22:26:49.0857 3588        HDAudBus - ok

22:26:49.0903 3588        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

22:26:50.0013 3588        HidBatt - ok

22:26:50.0028 3588        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

22:26:50.0153 3588        HidBth - ok

22:26:50.0184 3588        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

22:26:50.0325 3588        HidIr - ok

22:26:50.0403 3588        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

22:26:50.0527 3588        HidUsb - ok

22:26:50.0605 3588        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

22:26:50.0746 3588        HpSAMD - ok

22:26:50.0808 3588        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

22:26:50.0980 3588        HTTP - ok

22:26:51.0027 3588        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

22:26:51.0073 3588        hwpolicy - ok

22:26:51.0136 3588        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

22:26:51.0354 3588        i8042prt - ok

22:26:51.0448 3588        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

22:26:51.0604 3588        iaStorV - ok

22:26:51.0838 3588        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys

22:26:52.0290 3588        igfx - ok

22:26:52.0415 3588        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

22:26:52.0540 3588        iirsp - ok

22:26:52.0711 3588        IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys

22:26:53.0023 3588        IntcAzAudAddService - ok

22:26:53.0086 3588        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

22:26:53.0148 3588        intelide - ok

22:26:53.0226 3588        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

22:26:53.0367 3588        intelppm - ok

22:26:53.0413 3588        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

22:26:53.0632 3588        IpFilterDriver - ok

22:26:53.0694 3588        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

22:26:53.0913 3588        IPMIDRV - ok

22:26:53.0944 3588        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

22:26:54.0100 3588        IPNAT - ok

22:26:54.0147 3588        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

22:26:54.0318 3588        IRENUM - ok

22:26:54.0365 3588        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

22:26:54.0490 3588        isapnp - ok

22:26:54.0568 3588        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

22:26:54.0693 3588        iScsiPrt - ok

22:26:54.0755 3588        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

22:26:54.0942 3588        kbdclass - ok

22:26:55.0051 3588        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

22:26:55.0223 3588        kbdhid - ok

22:26:55.0395 3588        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

22:26:55.0582 3588        KSecDD - ok

22:26:55.0816 3588        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

22:26:56.0128 3588        KSecPkg - ok

22:26:56.0299 3588        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

22:26:56.0502 3588        lltdio - ok

22:26:56.0596 3588        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

22:26:56.0767 3588        LSI_FC - ok

22:26:56.0783 3588        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

22:26:56.0939 3588        LSI_SAS - ok

22:26:56.0970 3588        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

22:26:57.0095 3588        LSI_SAS2 - ok

22:26:57.0111 3588        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

22:26:57.0282 3588        LSI_SCSI - ok

22:26:57.0329 3588        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

22:26:57.0579 3588        luafv - ok

22:26:57.0610 3588        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

22:26:57.0703 3588        megasas - ok

22:26:57.0735 3588        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

22:26:57.0844 3588        MegaSR - ok

22:26:57.0875 3588        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

22:26:58.0047 3588        Modem - ok

22:26:58.0093 3588        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

22:26:58.0171 3588        monitor - ok

22:26:58.0218 3588        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

22:26:58.0359 3588        mouclass - ok

22:26:58.0405 3588        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

22:26:58.0530 3588        mouhid - ok

22:26:58.0577 3588        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

22:26:58.0686 3588        mountmgr - ok

22:26:58.0749 3588        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys

22:26:58.0920 3588        MpFilter - ok

22:26:58.0967 3588        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

22:26:59.0201 3588        mpio - ok

22:26:59.0232 3588        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys

22:26:59.0310 3588        MpNWMon - ok

22:26:59.0357 3588        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

22:26:59.0591 3588        mpsdrv - ok

22:26:59.0653 3588        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

22:26:59.0809 3588        MRxDAV - ok

22:26:59.0872 3588        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

22:26:59.0997 3588        mrxsmb - ok

22:27:00.0059 3588        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

22:27:00.0199 3588        mrxsmb10 - ok

22:27:00.0246 3588        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

22:27:00.0465 3588        mrxsmb20 - ok

22:27:00.0511 3588        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

22:27:00.0589 3588        msahci - ok

22:27:00.0636 3588        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

22:27:00.0745 3588        msdsm - ok

22:27:00.0808 3588        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

22:27:00.0964 3588        Msfs - ok

22:27:00.0995 3588        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

22:27:01.0104 3588        mshidkmdf - ok

22:27:01.0135 3588        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

22:27:01.0213 3588        msisadrv - ok

22:27:01.0245 3588        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

22:27:01.0385 3588        MSKSSRV - ok

22:27:01.0432 3588        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

22:27:01.0541 3588        MSPCLOCK - ok

22:27:01.0557 3588        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

22:27:01.0650 3588        MSPQM - ok

22:27:01.0697 3588        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

22:27:01.0962 3588        MsRPC - ok

22:27:02.0025 3588        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

22:27:02.0087 3588        mssmbios - ok

22:27:02.0118 3588        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

22:27:02.0227 3588        MSTEE - ok

22:27:02.0243 3588        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

22:27:02.0337 3588        MTConfig - ok

22:27:02.0368 3588        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

22:27:02.0508 3588        Mup - ok

22:27:02.0571 3588        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

22:27:02.0773 3588        NativeWifiP - ok

22:27:02.0836 3588        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

22:27:02.0976 3588        NDIS - ok

22:27:03.0007 3588        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

22:27:03.0148 3588        NdisCap - ok

22:27:03.0179 3588        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

22:27:03.0351 3588        NdisTapi - ok

22:27:03.0429 3588        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

22:27:03.0616 3588        Ndisuio - ok

22:27:03.0663 3588        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

22:27:03.0787 3588        NdisWan - ok

22:27:03.0834 3588        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

22:27:04.0037 3588        NDProxy - ok

22:27:04.0084 3588        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

22:27:04.0271 3588        NetBIOS - ok

22:27:04.0333 3588        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

22:27:04.0489 3588        NetBT - ok

22:27:04.0567 3588        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

22:27:04.0692 3588        nfrd960 - ok

22:27:04.0739 3588        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys

22:27:04.0817 3588        NisDrv - ok

22:27:04.0879 3588        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

22:27:05.0051 3588        Npfs - ok

22:27:05.0098 3588        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

22:27:05.0207 3588        nsiproxy - ok

22:27:05.0285 3588        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

22:27:06.0159 3588        Ntfs - ok

22:27:06.0315 3588        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

22:27:06.0455 3588        Null - ok

22:27:06.0517 3588        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

22:27:06.0783 3588        nvraid - ok

22:27:06.0829 3588        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

22:27:07.0063 3588        nvstor - ok

22:27:07.0126 3588        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

22:27:07.0251 3588        nv_agp - ok

22:27:07.0375 3588        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

22:27:07.0531 3588        ohci1394 - ok

22:27:07.0641 3588        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

22:27:07.0859 3588        Parport - ok

22:27:07.0906 3588        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

22:27:08.0077 3588        partmgr - ok

22:27:08.0124 3588        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

22:27:08.0202 3588        Parvdm - ok

22:27:08.0265 3588        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

22:27:08.0389 3588        pci - ok

22:27:08.0436 3588        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

22:27:08.0530 3588        pciide - ok

22:27:08.0577 3588        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

22:27:08.0701 3588        pcmcia - ok

22:27:08.0764 3588        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

22:27:08.0904 3588        pcw - ok

22:27:09.0045 3588        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

22:27:09.0247 3588        PEAUTH - ok

22:27:09.0403 3588        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

22:27:09.0653 3588        PptpMiniport - ok

22:27:09.0700 3588        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

22:27:09.0856 3588        Processor - ok

22:27:09.0934 3588        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

22:27:10.0121 3588        Psched - ok

22:27:10.0199 3588        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

22:27:10.0417 3588        ql2300 - ok

22:27:10.0433 3588        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

22:27:10.0667 3588        ql40xx - ok

22:27:10.0714 3588        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

22:27:10.0854 3588        QWAVEdrv - ok

22:27:10.0885 3588        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

22:27:11.0057 3588        RasAcd - ok

22:27:11.0119 3588        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

22:27:11.0338 3588        RasAgileVpn - ok

22:27:11.0416 3588        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

22:27:11.0665 3588        Rasl2tp - ok

22:27:11.0712 3588        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

22:27:11.0868 3588        RasPppoe - ok

22:27:11.0899 3588        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

22:27:12.0149 3588        RasSstp - ok

22:27:12.0211 3588        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

22:27:12.0399 3588        rdbss - ok

22:27:12.0430 3588        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

22:27:12.0555 3588        rdpbus - ok

22:27:12.0601 3588        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

22:27:12.0711 3588        RDPCDD - ok

22:27:12.0757 3588        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

22:27:12.0851 3588        RDPENCDD - ok

22:27:12.0913 3588        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

22:27:12.0991 3588        RDPREFMP - ok

22:27:13.0054 3588        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

22:27:13.0366 3588        RDPWD - ok

22:27:13.0444 3588        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

22:27:13.0771 3588        rdyboost - ok

22:27:13.0849 3588        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

22:27:13.0990 3588        RFCOMM - ok

22:27:14.0083 3588        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

22:27:14.0333 3588        rspndr - ok

22:27:14.0380 3588        RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

22:27:14.0614 3588        RTL8167 - ok

22:27:14.0676 3588        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

22:27:14.0785 3588        SABI - ok

22:27:14.0863 3588        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

22:27:15.0082 3588        sbp2port - ok

22:27:15.0144 3588        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

22:27:15.0285 3588        scfilter - ok

22:27:15.0363 3588        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

22:27:15.0519 3588        secdrv - ok

22:27:15.0597 3588        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

22:27:15.0706 3588        Serenum - ok

22:27:15.0737 3588        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

22:27:16.0049 3588        Serial - ok

22:27:16.0158 3588        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

22:27:16.0267 3588        sermouse - ok

22:27:16.0345 3588        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

22:27:16.0439 3588        sffdisk - ok

22:27:16.0470 3588        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

22:27:16.0548 3588        sffp_mmc - ok

22:27:16.0579 3588        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

22:27:16.0673 3588        sffp_sd - ok

22:27:16.0689 3588        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

22:27:16.0798 3588        sfloppy - ok

22:27:16.0860 3588        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

22:27:17.0001 3588        sisagp - ok

22:27:17.0047 3588        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

22:27:17.0141 3588        SiSRaid2 - ok

22:27:17.0157 3588        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

22:27:17.0297 3588        SiSRaid4 - ok

22:27:17.0328 3588        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

22:27:17.0578 3588        Smb - ok

22:27:17.0625 3588        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

22:27:17.0718 3588        spldr - ok

22:27:17.0812 3588        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

22:27:17.0983 3588        srv - ok

22:27:18.0030 3588        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

22:27:18.0202 3588        srv2 - ok

22:27:18.0249 3588        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

22:27:18.0373 3588        srvnet - ok

22:27:18.0436 3588        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

22:27:18.0514 3588        stexstor - ok

22:27:18.0561 3588        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

22:27:18.0639 3588        swenum - ok

22:27:18.0717 3588        SynTP           (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys

22:27:18.0826 3588        SynTP - ok

22:27:18.0982 3588        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

22:27:19.0216 3588        Tcpip - ok

22:27:19.0356 3588        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

22:27:19.0481 3588        TCPIP6 - ok

22:27:19.0543 3588        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

22:27:19.0715 3588        tcpipreg - ok

22:27:19.0762 3588        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

22:27:19.0902 3588        TDPIPE - ok

22:27:19.0933 3588        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

22:27:20.0074 3588        TDTCP - ok

22:27:20.0121 3588        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

22:27:20.0370 3588        tdx - ok

22:27:20.0417 3588        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

22:27:20.0573 3588        TermDD - ok

22:27:20.0698 3588        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

22:27:20.0869 3588        tssecsrv - ok

22:27:20.0932 3588        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

22:27:21.0119 3588        TsUsbFlt - ok

22:27:21.0181 3588        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

22:27:21.0322 3588        tunnel - ok

22:27:21.0369 3588        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

22:27:21.0509 3588        uagp35 - ok

22:27:21.0571 3588        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

22:27:21.0727 3588        udfs - ok

22:27:21.0805 3588        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

22:27:21.0961 3588        uliagpkx - ok

22:27:22.0008 3588        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

22:27:22.0164 3588        umbus - ok

22:27:22.0227 3588        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

22:27:22.0289 3588        UmPass - ok

22:27:22.0336 3588        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

22:27:22.0523 3588        usbccgp - ok

22:27:22.0570 3588        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

22:27:22.0679 3588        usbcir - ok

22:27:22.0741 3588        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

22:27:22.0882 3588        usbehci - ok

22:27:22.0929 3588        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

22:27:23.0069 3588        usbhub - ok

22:27:23.0100 3588        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

22:27:23.0209 3588        usbohci - ok

22:27:23.0256 3588        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

22:27:23.0365 3588        usbprint - ok

22:27:23.0412 3588        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

22:27:23.0662 3588        USBSTOR - ok

22:27:23.0709 3588        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

22:27:23.0802 3588        usbuhci - ok

22:27:23.0880 3588        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

22:27:24.0005 3588        usbvideo - ok

22:27:24.0083 3588        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

22:27:24.0177 3588        vdrvroot - ok

22:27:24.0223 3588        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

22:27:24.0348 3588        vga - ok

22:27:24.0395 3588        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

22:27:24.0535 3588        VgaSave - ok

22:27:24.0598 3588        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

22:27:24.0691 3588        vhdmp - ok

22:27:24.0754 3588        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

22:27:24.0894 3588        viaagp - ok

22:27:24.0925 3588        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

22:27:25.0081 3588        ViaC7 - ok

22:27:25.0113 3588        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

22:27:25.0191 3588        viaide - ok

22:27:25.0269 3588        VMC326          (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys

22:27:25.0518 3588        VMC326 - ok

22:27:25.0565 3588        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

22:27:25.0705 3588        volmgr - ok

22:27:25.0768 3588        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

22:27:25.0830 3588        volmgrx - ok

22:27:25.0893 3588        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

22:27:26.0002 3588        volsnap - ok

22:27:26.0049 3588        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

22:27:26.0298 3588        vsmraid - ok

22:27:26.0329 3588        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

22:27:26.0454 3588        vwifibus - ok

22:27:26.0501 3588        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

22:27:26.0673 3588        vwififlt - ok

22:27:26.0719 3588        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

22:27:26.0829 3588        WacomPen - ok

22:27:26.0891 3588        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

22:27:27.0141 3588        WANARP - ok

22:27:27.0156 3588        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

22:27:27.0312 3588        Wanarpv6 - ok

22:27:27.0375 3588        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

22:27:27.0453 3588        Wd - ok

22:27:27.0531 3588        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

22:27:27.0655 3588        Wdf01000 - ok

22:27:27.0765 3588        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

22:27:27.0874 3588        WfpLwf - ok

22:27:27.0921 3588        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

22:27:27.0999 3588        WIMMount - ok

22:27:28.0139 3588        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

22:27:28.0233 3588        WmiAcpi - ok

22:27:28.0373 3588        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

22:27:28.0513 3588        ws2ifsl - ok

22:27:28.0607 3588        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

22:27:28.0857 3588        WudfPf - ok

22:27:28.0903 3588        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

22:27:29.0059 3588        WUDFRd - ok

22:27:29.0153 3588        yukonw7         (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys

22:27:29.0262 3588        yukonw7 - ok

22:27:29.0356 3588        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

22:27:29.0933 3588        \Device\Harddisk0\DR0 - ok

22:27:29.0949 3588        MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1

22:27:34.0207 3588        \Device\Harddisk1\DR1 - ok

22:27:34.0223 3588        Boot (0x1200)   (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0

22:27:34.0223 3588        \Device\Harddisk0\DR0\Partition0 - ok

22:27:34.0285 3588        Boot (0x1200)   (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1

22:27:34.0285 3588        \Device\Harddisk0\DR0\Partition1 - ok

22:27:34.0317 3588        Boot (0x1200)   (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2

22:27:34.0317 3588        \Device\Harddisk0\DR0\Partition2 - ok

22:27:34.0332 3588        Boot (0x1200)   (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0

22:27:34.0332 3588        \Device\Harddisk1\DR1\Partition0 - ok

22:27:34.0348 3588        ============================================================

22:27:34.0348 3588        Scan finished

22:27:34.0348 3588        ============================================================

22:27:34.0379 1676        Detected object count: 0

22:27:34.0379 1676        Actual detected object count: 0

22:33:30.0247 0880        ============================================================

22:33:30.0247 0880        Scan started

22:33:30.0247 0880        Mode: Manual; SigCheck; TDLFS; 

22:33:30.0247 0880        ============================================================

22:33:30.0730 0880        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\windows\system32\drivers\1394ohci.sys

22:33:30.0824 0880        1394ohci - ok

22:33:30.0886 0880        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

22:33:30.0964 0880        ACPI - ok

22:33:31.0042 0880        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

22:33:31.0120 0880        AcpiPmi - ok

22:33:31.0198 0880        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

22:33:31.0276 0880        adp94xx - ok

22:33:31.0308 0880        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

22:33:31.0370 0880        adpahci - ok

22:33:31.0417 0880        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

22:33:31.0510 0880        adpu320 - ok

22:33:31.0573 0880        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

22:33:31.0666 0880        AFD - ok

22:33:31.0713 0880        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

22:33:31.0791 0880        agp440 - ok

22:33:31.0822 0880        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

22:33:31.0900 0880        aic78xx - ok

22:33:31.0932 0880        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

22:33:31.0978 0880        aliide - ok

22:33:32.0025 0880        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

22:33:32.0103 0880        amdagp - ok

22:33:32.0134 0880        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

22:33:32.0197 0880        amdide - ok

22:33:32.0212 0880        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

22:33:32.0306 0880        AmdK8 - ok

22:33:32.0322 0880        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

22:33:32.0415 0880        AmdPPM - ok

22:33:32.0462 0880        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

22:33:32.0540 0880        amdsata - ok

22:33:32.0587 0880        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

22:33:32.0743 0880        amdsbs - ok

22:33:32.0758 0880        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

22:33:32.0821 0880        amdxata - ok

22:33:32.0868 0880        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

22:33:33.0008 0880        AppID - ok

22:33:33.0039 0880        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

22:33:33.0117 0880        arc - ok

22:33:33.0133 0880        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

22:33:33.0242 0880        arcsas - ok

22:33:33.0273 0880        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

22:33:33.0382 0880        AsyncMac - ok

22:33:33.0414 0880        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

22:33:33.0476 0880        atapi - ok

22:33:33.0538 0880        athr            (ac4adac154563ab41cc79b0257bc685a) C:\windows\system32\DRIVERS\athr.sys

22:33:33.0648 0880        athr - ok

22:33:33.0710 0880        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

22:33:33.0866 0880        b06bdrv - ok

22:33:33.0897 0880        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

22:33:34.0069 0880        b57nd60x - ok

22:33:34.0116 0880        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

22:33:34.0194 0880        Beep - ok

22:33:34.0240 0880        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

22:33:34.0350 0880        blbdrive - ok

22:33:34.0396 0880        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

22:33:34.0506 0880        bowser - ok

22:33:34.0521 0880        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

22:33:34.0599 0880        BrFiltLo - ok

22:33:34.0615 0880        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

22:33:34.0662 0880        BrFiltUp - ok

22:33:34.0708 0880        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

22:33:34.0818 0880        Brserid - ok

22:33:34.0849 0880        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

22:33:34.0942 0880        BrSerWdm - ok

22:33:34.0974 0880        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

22:33:35.0036 0880        BrUsbMdm - ok

22:33:35.0052 0880        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

22:33:35.0130 0880        BrUsbSer - ok

22:33:35.0161 0880        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

22:33:35.0254 0880        BthEnum - ok

22:33:35.0270 0880        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

22:33:35.0379 0880        BTHMODEM - ok

22:33:35.0426 0880        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

22:33:35.0488 0880        BthPan - ok

22:33:35.0535 0880        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

22:33:35.0629 0880        BTHPORT - ok

22:33:35.0660 0880        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

22:33:35.0769 0880        BTHUSB - ok

22:33:35.0816 0880        btwaudio        (d57d29132efe13a83133d9bd449e0cf1) C:\windows\system32\drivers\btwaudio.sys

22:33:35.0925 0880        btwaudio - ok

22:33:35.0972 0880        btwavdt         (d282c14a69357d0e1bafaecc2ca98c3a) C:\windows\system32\DRIVERS\btwavdt.sys

22:33:36.0066 0880        btwavdt - ok

22:33:36.0112 0880        btwl2cap        (aafd7cb76ba61fbb08e302da208c974a) C:\windows\system32\DRIVERS\btwl2cap.sys

22:33:36.0159 0880        btwl2cap - ok

22:33:36.0268 0880        btwrchid        (02eb4d2b05967df2d32f29c84ab1fb17) C:\windows\system32\DRIVERS\btwrchid.sys

22:33:36.0346 0880        btwrchid - ok

22:33:36.0393 0880        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

22:33:36.0534 0880        cdfs - ok

22:33:36.0580 0880        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\drivers\cdrom.sys

22:33:36.0643 0880        cdrom - ok

22:33:36.0674 0880        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

22:33:36.0768 0880        circlass - ok

22:33:36.0814 0880        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

22:33:36.0908 0880        CLFS - ok

22:33:36.0955 0880        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

22:33:37.0002 0880        CmBatt - ok

22:33:37.0048 0880        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

22:33:37.0095 0880        cmdide - ok

22:33:37.0142 0880        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

22:33:37.0236 0880        CNG - ok

22:33:37.0267 0880        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

22:33:37.0329 0880        Compbatt - ok

22:33:37.0360 0880        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

22:33:37.0454 0880        CompositeBus - ok

22:33:37.0485 0880        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

22:33:37.0548 0880        crcdisk - ok

22:33:37.0641 0880        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

22:33:37.0782 0880        DfsC - ok

22:33:37.0828 0880        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

22:33:37.0938 0880        discache - ok

22:33:37.0969 0880        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

22:33:38.0062 0880        Disk - ok

22:33:38.0125 0880        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

22:33:38.0156 0880        drmkaud - ok

22:33:38.0218 0880        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

22:33:38.0343 0880        DXGKrnl - ok

22:33:38.0484 0880        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

22:33:38.0624 0880        ebdrv - ok

22:33:38.0671 0880        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

22:33:38.0780 0880        elxstor - ok

22:33:38.0811 0880        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

22:33:38.0858 0880        ErrDev - ok

22:33:38.0905 0880        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

22:33:39.0030 0880        exfat - ok

22:33:39.0061 0880        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

22:33:39.0170 0880        fastfat - ok

22:33:39.0201 0880        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

22:33:39.0279 0880        fdc - ok

22:33:39.0326 0880        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

22:33:39.0420 0880        FileInfo - ok

22:33:39.0451 0880        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

22:33:39.0560 0880        Filetrace - ok

22:33:39.0591 0880        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

22:33:39.0669 0880        flpydisk - ok

22:33:39.0701 0880        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

22:33:39.0779 0880        FltMgr - ok

22:33:39.0825 0880        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

22:33:39.0903 0880        FsDepends - ok

22:33:39.0935 0880        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

22:33:40.0028 0880        fssfltr - ok

22:33:40.0075 0880        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\windows\system32\drivers\Fs_Rec.sys

22:33:40.0122 0880        Fs_Rec - ok

22:33:40.0184 0880        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

22:33:40.0293 0880        fvevol - ok

22:33:40.0325 0880        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

22:33:40.0403 0880        gagp30kx - ok

22:33:40.0465 0880        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

22:33:40.0543 0880        hcw85cir - ok

22:33:40.0590 0880        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

22:33:40.0668 0880        HdAudAddService - ok

22:33:40.0699 0880        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

22:33:40.0761 0880        HDAudBus - ok

22:33:40.0808 0880        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

22:33:40.0871 0880        HidBatt - ok

22:33:40.0902 0880        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

22:33:40.0980 0880        HidBth - ok

22:33:41.0011 0880        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

22:33:41.0089 0880        HidIr - ok

22:33:41.0151 0880        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\windows\system32\drivers\hidusb.sys

22:33:41.0229 0880        HidUsb - ok

22:33:41.0292 0880        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

22:33:41.0370 0880        HpSAMD - ok

22:33:41.0510 0880        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

22:33:41.0666 0880        HTTP - ok

22:33:41.0713 0880        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

22:33:41.0760 0880        hwpolicy - ok

22:33:41.0791 0880        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

22:33:41.0916 0880        i8042prt - ok

22:33:41.0978 0880        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

22:33:42.0072 0880        iaStorV - ok

22:33:42.0259 0880        igfx            (9467514ea189475a6e7fdc5d7bde9d3f) C:\windows\system32\DRIVERS\igdkmd32.sys

22:33:42.0571 0880        igfx - ok

22:33:42.0680 0880        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

22:33:42.0758 0880        iirsp - ok

22:33:42.0899 0880        IntcAzAudAddService (6927a442beed2b68a3d35cae7a951913) C:\windows\system32\drivers\RTKVHDA.sys

22:33:43.0148 0880        IntcAzAudAddService - ok

22:33:43.0179 0880        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

22:33:43.0226 0880        intelide - ok

22:33:43.0257 0880        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

22:33:43.0351 0880        intelppm - ok

22:33:43.0382 0880        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

22:33:43.0523 0880        IpFilterDriver - ok

22:33:43.0585 0880        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

22:33:43.0694 0880        IPMIDRV - ok

22:33:43.0725 0880        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

22:33:43.0835 0880        IPNAT - ok

22:33:43.0881 0880        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

22:33:43.0944 0880        IRENUM - ok

22:33:43.0975 0880        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

22:33:44.0053 0880        isapnp - ok

22:33:44.0115 0880        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

22:33:44.0178 0880        iScsiPrt - ok

22:33:44.0209 0880        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

22:33:44.0303 0880        kbdclass - ok

22:33:44.0334 0880        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

22:33:44.0427 0880        kbdhid - ok

22:33:44.0474 0880        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

22:33:44.0568 0880        KSecDD - ok

22:33:44.0630 0880        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

22:33:44.0755 0880        KSecPkg - ok

22:33:44.0833 0880        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

22:33:44.0973 0880        lltdio - ok

22:33:45.0036 0880        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

22:33:45.0129 0880        LSI_FC - ok

22:33:45.0161 0880        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

22:33:45.0254 0880        LSI_SAS - ok

22:33:45.0270 0880        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

22:33:45.0348 0880        LSI_SAS2 - ok

22:33:45.0379 0880        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

22:33:45.0473 0880        LSI_SCSI - ok

22:33:45.0504 0880        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

22:33:45.0660 0880        luafv - ok

22:33:45.0691 0880        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

22:33:45.0753 0880        megasas - ok

22:33:45.0785 0880        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

22:33:45.0847 0880        MegaSR - ok

22:33:45.0894 0880        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

22:33:46.0003 0880        Modem - ok

22:33:46.0019 0880        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

22:33:46.0112 0880        monitor - ok

22:33:46.0143 0880        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

22:33:46.0221 0880        mouclass - ok

22:33:46.0253 0880        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

22:33:46.0331 0880        mouhid - ok

22:33:46.0393 0880        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

22:33:46.0502 0880        mountmgr - ok

22:33:46.0596 0880        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\windows\system32\DRIVERS\MpFilter.sys

22:33:46.0705 0880        MpFilter - ok

22:33:46.0752 0880        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

22:33:46.0877 0880        mpio - ok

22:33:46.0923 0880        MpNWMon         (2c3489660d4a8d514c123c3f0d67df46) C:\windows\system32\DRIVERS\MpNWMon.sys

22:33:47.0001 0880        MpNWMon - ok

22:33:47.0033 0880        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

22:33:47.0157 0880        mpsdrv - ok

22:33:47.0220 0880        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

22:33:47.0313 0880        MRxDAV - ok

22:33:47.0345 0880        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

22:33:47.0407 0880        mrxsmb - ok

22:33:47.0454 0880        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

22:33:47.0547 0880        mrxsmb10 - ok

22:33:47.0579 0880        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

22:33:47.0703 0880        mrxsmb20 - ok

22:33:47.0750 0880        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

22:33:47.0797 0880        msahci - ok

22:33:47.0844 0880        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

22:33:47.0906 0880        msdsm - ok

22:33:47.0984 0880        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

22:33:48.0093 0880        Msfs - ok

22:33:48.0125 0880        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

22:33:48.0203 0880        mshidkmdf - ok

22:33:48.0234 0880        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

22:33:48.0281 0880        msisadrv - ok

22:33:48.0312 0880        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

22:33:48.0421 0880        MSKSSRV - ok

22:33:48.0452 0880        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

22:33:48.0530 0880        MSPCLOCK - ok

22:33:48.0546 0880        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

22:33:48.0624 0880        MSPQM - ok

22:33:48.0655 0880        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

22:33:48.0811 0880        MsRPC - ok

22:33:48.0858 0880        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

22:33:48.0936 0880        mssmbios - ok

22:33:48.0967 0880        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

22:33:49.0029 0880        MSTEE - ok

22:33:49.0061 0880        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

22:33:49.0123 0880        MTConfig - ok

22:33:49.0154 0880        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

22:33:49.0248 0880        Mup - ok

22:33:49.0295 0880        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

22:33:49.0373 0880        NativeWifiP - ok

22:33:49.0435 0880        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

22:33:49.0560 0880        NDIS - ok

22:33:49.0591 0880        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

22:33:49.0700 0880        NdisCap - ok

22:33:49.0731 0880        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

22:33:49.0841 0880        NdisTapi - ok

22:33:49.0887 0880        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

22:33:50.0028 0880        Ndisuio - ok

22:33:50.0075 0880        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

22:33:50.0184 0880        NdisWan - ok

22:33:50.0231 0880        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

22:33:50.0355 0880        NDProxy - ok

22:33:50.0402 0880        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

22:33:50.0527 0880        NetBIOS - ok

22:33:50.0574 0880        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

22:33:50.0730 0880        NetBT - ok

22:33:50.0808 0880        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

22:33:50.0886 0880        nfrd960 - ok

22:33:50.0917 0880        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\windows\system32\DRIVERS\NisDrvWFP.sys

22:33:51.0011 0880        NisDrv - ok

22:33:51.0057 0880        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

22:33:51.0182 0880        Npfs - ok

22:33:51.0213 0880        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

22:33:51.0323 0880        nsiproxy - ok

22:33:51.0401 0880        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

22:33:51.0837 0880        Ntfs - ok

22:33:51.0869 0880        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

22:33:51.0947 0880        Null - ok

22:33:51.0978 0880        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

22:33:52.0103 0880        nvraid - ok

22:33:52.0149 0880        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

22:33:52.0274 0880        nvstor - ok

22:33:52.0305 0880        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

22:33:52.0383 0880        nv_agp - ok

22:33:52.0446 0880        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

22:33:52.0539 0880        ohci1394 - ok

22:33:52.0602 0880        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

22:33:52.0711 0880        Parport - ok

22:33:52.0758 0880        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\windows\system32\drivers\partmgr.sys

22:33:52.0851 0880        partmgr - ok

22:33:52.0883 0880        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

22:33:52.0945 0880        Parvdm - ok

22:33:52.0992 0880        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

22:33:53.0054 0880        pci - ok

22:33:53.0085 0880        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

22:33:53.0132 0880        pciide - ok

22:33:53.0163 0880        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

22:33:53.0241 0880        pcmcia - ok

22:33:53.0273 0880        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

22:33:53.0351 0880        pcw - ok

22:33:53.0397 0880        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

22:33:53.0538 0880        PEAUTH - ok

22:33:53.0663 0880        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

22:33:53.0819 0880        PptpMiniport - ok

22:33:53.0850 0880        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

22:33:53.0943 0880        Processor - ok

22:33:54.0006 0880        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

22:33:54.0162 0880        Psched - ok

22:33:54.0224 0880        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

22:33:54.0396 0880        ql2300 - ok

22:33:54.0411 0880        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

22:33:54.0536 0880        ql40xx - ok

22:33:54.0567 0880        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

22:33:54.0661 0880        QWAVEdrv - ok

22:33:54.0677 0880        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

22:33:54.0801 0880        RasAcd - ok

22:33:54.0848 0880        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

22:33:54.0973 0880        RasAgileVpn - ok

22:33:55.0004 0880        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

22:33:55.0160 0880        Rasl2tp - ok

22:33:55.0191 0880        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

22:33:55.0301 0880        RasPppoe - ok

22:33:55.0347 0880        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

22:33:55.0488 0880        RasSstp - ok

22:33:55.0550 0880        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

22:33:55.0659 0880        rdbss - ok

22:33:55.0691 0880        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

22:33:55.0769 0880        rdpbus - ok

22:33:55.0815 0880        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

22:33:55.0878 0880        RDPCDD - ok

22:33:55.0925 0880        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

22:33:56.0003 0880        RDPENCDD - ok

22:33:56.0034 0880        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

22:33:56.0112 0880        RDPREFMP - ok

22:33:56.0143 0880        RDPWD           (288b06960d78428ff89e811632684e20) C:\windows\system32\drivers\RDPWD.sys

22:33:56.0330 0880        RDPWD - ok

22:33:56.0377 0880        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

22:33:56.0549 0880        rdyboost - ok

22:33:56.0611 0880        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

22:33:56.0689 0880        RFCOMM - ok

22:33:56.0751 0880        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

22:33:56.0892 0880        rspndr - ok

22:33:56.0923 0880        RTL8167         (7dfd48e24479b68b258d8770121155a0) C:\windows\system32\DRIVERS\Rt86win7.sys

22:33:57.0048 0880        RTL8167 - ok

22:33:57.0095 0880        SABI            (6e5fbb7cbaec47038b945d5e9b144a64) C:\windows\system32\Drivers\SABI.sys

22:33:57.0141 0880        SABI - ok

22:33:57.0204 0880        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

22:33:57.0313 0880        sbp2port - ok

22:33:57.0375 0880        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

22:33:57.0469 0880        scfilter - ok

22:33:57.0531 0880        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

22:33:57.0641 0880        secdrv - ok

22:33:57.0687 0880        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

22:33:57.0750 0880        Serenum - ok

22:33:57.0765 0880        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

22:33:57.0953 0880        Serial - ok

22:33:57.0999 0880        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

22:33:58.0062 0880        sermouse - ok

22:33:58.0124 0880        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

22:33:58.0187 0880        sffdisk - ok

22:33:58.0218 0880        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

22:33:58.0265 0880        sffp_mmc - ok

22:33:58.0311 0880        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\windows\system32\drivers\sffp_sd.sys

22:33:58.0374 0880        sffp_sd - ok

22:33:58.0405 0880        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

22:33:58.0467 0880        sfloppy - ok

22:33:58.0530 0880        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

22:33:58.0608 0880        sisagp - ok

22:33:58.0639 0880        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

22:33:58.0701 0880        SiSRaid2 - ok

22:33:58.0717 0880        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

22:33:58.0811 0880        SiSRaid4 - ok

22:33:58.0826 0880        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

22:33:58.0998 0880        Smb - ok

22:33:59.0060 0880        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

22:33:59.0123 0880        spldr - ok

22:33:59.0201 0880        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

22:33:59.0294 0880        srv - ok

22:33:59.0325 0880        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

22:33:59.0403 0880        srv2 - ok

22:33:59.0435 0880        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

22:33:59.0513 0880        srvnet - ok

22:33:59.0559 0880        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

22:33:59.0622 0880        stexstor - ok

22:33:59.0653 0880        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

22:33:59.0715 0880        swenum - ok

22:33:59.0778 0880        SynTP           (d690c810ae7af5844267e24128c44280) C:\windows\system32\DRIVERS\SynTP.sys

22:33:59.0856 0880        SynTP - ok

22:33:59.0981 0880        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\drivers\tcpip.sys

22:34:00.0137 0880        Tcpip - ok

22:34:00.0215 0880        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\windows\system32\DRIVERS\tcpip.sys

22:34:00.0339 0880        TCPIP6 - ok

22:34:00.0386 0880        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

22:34:00.0495 0880        tcpipreg - ok

22:34:00.0573 0880        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

22:34:00.0667 0880        TDPIPE - ok

22:34:00.0683 0880        TDTCP           (2c10395baa4847f83042813c515cc289) C:\windows\system32\drivers\tdtcp.sys

22:34:00.0792 0880        TDTCP - ok

22:34:00.0854 0880        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

22:34:00.0995 0880        tdx - ok

22:34:01.0041 0880        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

22:34:01.0135 0880        TermDD - ok

22:34:01.0229 0880        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

22:34:01.0353 0880        tssecsrv - ok

22:34:01.0400 0880        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

22:34:01.0478 0880        TsUsbFlt - ok

22:34:01.0541 0880        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

22:34:01.0634 0880        tunnel - ok

22:34:01.0681 0880        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

22:34:01.0775 0880        uagp35 - ok

22:34:01.0837 0880        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

22:34:01.0931 0880        udfs - ok

22:34:02.0009 0880        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

22:34:02.0102 0880        uliagpkx - ok

22:34:02.0149 0880        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

22:34:02.0227 0880        umbus - ok

22:34:02.0258 0880        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

22:34:02.0289 0880        UmPass - ok

22:34:02.0336 0880        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

22:34:02.0445 0880        usbccgp - ok

22:34:02.0492 0880        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

22:34:02.0555 0880        usbcir - ok

22:34:02.0586 0880        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

22:34:02.0679 0880        usbehci - ok

22:34:02.0726 0880        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

22:34:02.0804 0880        usbhub - ok

22:34:02.0835 0880        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\windows\system32\drivers\usbohci.sys

22:34:02.0898 0880        usbohci - ok

22:34:02.0929 0880        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

22:34:03.0007 0880        usbprint - ok

22:34:03.0023 0880        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

22:34:03.0147 0880        USBSTOR - ok

22:34:03.0179 0880        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

22:34:03.0241 0880        usbuhci - ok

22:34:03.0288 0880        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

22:34:03.0350 0880        usbvideo - ok

22:34:03.0413 0880        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

22:34:03.0491 0880        vdrvroot - ok

22:34:03.0537 0880        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

22:34:03.0615 0880        vga - ok

22:34:03.0647 0880        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

22:34:03.0756 0880        VgaSave - ok

22:34:03.0787 0880        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

22:34:03.0865 0880        vhdmp - ok

22:34:03.0896 0880        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

22:34:03.0974 0880        viaagp - ok

22:34:04.0021 0880        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

22:34:04.0099 0880        ViaC7 - ok

22:34:04.0130 0880        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

22:34:04.0177 0880        viaide - ok

22:34:04.0224 0880        VMC326          (88c52f322117f60b7a0c89d683e30f6a) C:\windows\system32\Drivers\VMC326.sys

22:34:04.0333 0880        VMC326 - ok

22:34:04.0380 0880        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

22:34:04.0458 0880        volmgr - ok

22:34:04.0505 0880        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

22:34:04.0567 0880        volmgrx - ok

22:34:04.0629 0880        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

22:34:04.0692 0880        volsnap - ok

22:34:04.0739 0880        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

22:34:04.0879 0880        vsmraid - ok

22:34:04.0926 0880        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

22:34:04.0988 0880        vwifibus - ok

22:34:05.0019 0880        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

22:34:05.0129 0880        vwififlt - ok

22:34:05.0160 0880        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

22:34:05.0238 0880        WacomPen - ok

22:34:05.0285 0880        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

22:34:05.0441 0880        WANARP - ok

22:34:05.0456 0880        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

22:34:05.0612 0880        Wanarpv6 - ok

22:34:05.0675 0880        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

22:34:05.0737 0880        Wd - ok

22:34:05.0768 0880        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

22:34:05.0862 0880        Wdf01000 - ok

22:34:05.0955 0880        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

22:34:06.0049 0880        WfpLwf - ok

22:34:06.0080 0880        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

22:34:06.0143 0880        WIMMount - ok

22:34:06.0267 0880        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

22:34:06.0330 0880        WmiAcpi - ok

22:34:06.0408 0880        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

22:34:06.0501 0880        ws2ifsl - ok

22:34:06.0595 0880        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

22:34:06.0751 0880        WudfPf - ok

22:34:06.0782 0880        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

22:34:06.0876 0880        WUDFRd - ok

22:34:06.0969 0880        yukonw7         (3eb1576f77b60a6c79dd7742b67219b8) C:\windows\system32\DRIVERS\yk62x86.sys

22:34:07.0047 0880        yukonw7 - ok

22:34:07.0125 0880        MBR (0x1B8)     (2e5debb2116b3417023e0d6562d7ed07) \Device\Harddisk0\DR0

22:34:07.0765 0880        \Device\Harddisk0\DR0 - ok

22:34:07.0781 0880        MBR (0x1B8)     (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1

22:34:09.0434 0880        \Device\Harddisk1\DR1 - ok

22:34:09.0450 0880        Boot (0x1200)   (4514f73394a99a7ab09d92f7387ea430) \Device\Harddisk0\DR0\Partition0

22:34:09.0450 0880        \Device\Harddisk0\DR0\Partition0 - ok

22:34:09.0512 0880        Boot (0x1200)   (c2bf52a91e71ff9c50f7436166096d58) \Device\Harddisk0\DR0\Partition1

22:34:09.0512 0880        \Device\Harddisk0\DR0\Partition1 - ok

22:34:09.0543 0880        Boot (0x1200)   (f19a65343c8c5bebbb1b7edf381d4ad4) \Device\Harddisk0\DR0\Partition2

22:34:09.0543 0880        \Device\Harddisk0\DR0\Partition2 - ok

22:34:09.0559 0880        Boot (0x1200)   (77b80bdf0364ba00f0f0d77de2fdd870) \Device\Harddisk1\DR1\Partition0

22:34:09.0559 0880        \Device\Harddisk1\DR1\Partition0 - ok

22:34:09.0559 0880        ============================================================

22:34:09.0559 0880        Scan finished

22:34:09.0559 0880        ============================================================

22:34:09.0590 2440        Detected object count: 0

22:34:09.0590 2440        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo cosinus,

hier das Log:

Combofix Logfile:

Code:

ComboFix 12-02-19.02 - Annette 19.02.2012  18:33:03.1.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.218 [GMT 1:00]

ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-19 bis 2012-02-19  ))))))))))))))))))))))))))))))

.

.

2012-02-19 17:45 . 2012-02-19 17:46        --------        d-----w-        c:\users\Annette\AppData\Local\temp

2012-02-19 17:45 . 2012-02-19 17:45        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-19 17:28 . 2012-02-19 17:28        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys

2012-02-17 21:25 . 2012-02-17 21:25        98992        ----a-w-        c:\windows\system32\drivers\90963350.sys

2012-02-17 20:50 . 2012-02-17 20:50        --------        d-----w-        C:\_OTL

2012-02-17 18:24 . 2012-02-17 18:24        --------        d-----w-        c:\windows\system32\wbem\en-US

2012-02-17 18:14 . 2012-02-09 12:17        713784        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll

2012-02-17 18:12 . 2012-01-17 03:39        6557240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll

2012-02-17 18:07 . 2012-02-17 18:07        --------        d-----w-        c:\program files\Microsoft Security Client

2012-02-17 18:01 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll

2012-02-15 20:00 . 2012-02-15 20:00        100864        ----a-w-        C:\fgdiqfow.sys

2012-02-15 18:39 . 2012-02-15 18:39        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-02-15 18:18 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-15 18:17 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 18:17 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-15 18:12 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 18:00 . 2012-02-15 18:00        --------        d-----w-        c:\users\Annette\AppData\Local\WindowsUpdate

2012-02-15 17:49 . 2012-02-15 17:49        --------        d-----w-        c:\program files\Common Files\Java

2012-02-15 17:47 . 2012-02-15 17:47        --------        d-----w-        c:\program files\Java

2012-01-30 19:19 . 2012-01-30 19:19        --------        d-----w-        c:\windows\system32\SPReview

2012-01-30 19:18 . 2012-01-30 19:18        --------        d-----w-        c:\windows\system32\EventProviders

2012-01-30 19:09 . 2012-01-30 19:09        --------        d-----w-        c:\windows\Sun

2012-01-30 19:08 . 2012-02-15 17:47        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-01-30 19:02 . 2012-01-30 19:02        --------        d-----w-        c:\users\Annette\AppData\Roaming\Malwarebytes

2012-01-30 19:01 . 2012-01-30 19:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-30 19:01 . 2012-02-15 17:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-30 19:01 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 19:07 . 2011-06-11 15:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 12:44 . 2010-11-22 12:57        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-30 19:36 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-11-25 09:38 . 2011-11-25 09:38        158056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]

S1 MpKslf3ea59bb;MpKslf3ea59bb;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslf3ea59bb.sys [2012-02-19 29904]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSLF3EA59BB

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

yksvcs        REG_MULTI_SZ           yksvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]

.

2012-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 82.212.62.62 78.42.43.62

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

SafeBoot-mcmscsvc

SafeBoot-MCODS

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FotoManager10Deluxe.8.alb"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-02-19  18:52:38

ComboFix-quarantined-files.txt  2012-02-19 17:52

.

Vor Suchlauf: 7 Verzeichnis(se), 48.020.451.328 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 47.660.769.280 Bytes frei

.

- - End Of File - - 87B385C7F538C8E161B2E94A87158584

--- --- ---

Liebe Grüße

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Filelook::

c:\windows\system32\drivers\90963350.sys

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo cosinus,

hier das Log:

Combofix Logfile:

Code:

ComboFix 12-02-19.02 - Annette 19.02.2012  19:46:41.2.2 - x86

Microsoft Windows 7 Starter   6.1.7601.1.1252.49.1031.18.1014.316 [GMT 1:00]

ausgeführt von:: c:\users\Annette\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Annette\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-01-19 bis 2012-02-19  ))))))))))))))))))))))))))))))

.

.

2012-02-19 19:00 . 2012-02-19 19:00        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-02-19 18:43 . 2012-02-19 18:43        29904        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys

2012-02-19 17:52 . 2012-02-19 19:00        --------        d-----w-        c:\users\Annette\AppData\Local\temp

2012-02-17 21:25 . 2012-02-17 21:25        98992        ----a-w-        c:\windows\system32\drivers\90963350.sys

2012-02-17 20:50 . 2012-02-17 20:50        --------        d-----w-        C:\_OTL

2012-02-17 18:24 . 2012-02-17 18:24        --------        d-----w-        c:\windows\system32\wbem\en-US

2012-02-17 18:14 . 2012-02-09 12:17        713784        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{02D94540-E7CA-4F44-B7EE-98F2758E6AD9}\gapaengine.dll

2012-02-17 18:12 . 2012-01-17 03:39        6557240        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\mpengine.dll

2012-02-17 18:07 . 2012-02-17 18:07        --------        d-----w-        c:\program files\Microsoft Security Client

2012-02-17 18:01 . 2012-01-06 04:19        6557240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{039E90EA-C5F8-4F1C-863F-F6710DDBC904}\mpengine.dll

2012-02-15 20:00 . 2012-02-15 20:00        100864        ----a-w-        C:\fgdiqfow.sys

2012-02-15 18:39 . 2012-02-15 18:39        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help

2012-02-15 18:18 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\system32\ntshrui.dll

2012-02-15 18:17 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\system32\msvcrt.dll

2012-02-15 18:17 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\system32\timedate.cpl

2012-02-15 18:12 . 2012-01-14 03:35        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-02-15 18:00 . 2012-02-15 18:00        --------        d-----w-        c:\users\Annette\AppData\Local\WindowsUpdate

2012-02-15 17:49 . 2012-02-15 17:49        --------        d-----w-        c:\program files\Common Files\Java

2012-02-15 17:47 . 2012-02-15 17:47        --------        d-----w-        c:\program files\Java

2012-01-30 19:19 . 2012-01-30 19:19        --------        d-----w-        c:\windows\system32\SPReview

2012-01-30 19:18 . 2012-01-30 19:18        --------        d-----w-        c:\windows\system32\EventProviders

2012-01-30 19:09 . 2012-01-30 19:09        --------        d-----w-        c:\windows\Sun

2012-01-30 19:08 . 2012-02-15 17:47        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-01-30 19:02 . 2012-01-30 19:02        --------        d-----w-        c:\users\Annette\AppData\Roaming\Malwarebytes

2012-01-30 19:01 . 2012-01-30 19:01        --------        d-----w-        c:\programdata\Malwarebytes

2012-01-30 19:01 . 2012-02-15 17:45        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2012-01-30 19:01 . 2011-12-10 14:24        20464        ----a-w-        c:\windows\system32\drivers\mbam.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-02-17 19:07 . 2011-06-11 15:54        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-01-31 12:44 . 2010-11-22 12:57        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-01-30 19:36 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll

2011-11-25 09:38 . 2011-11-25 09:38        158056        ----a-w-        c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10139.bin

.

.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

--- c:\windows\system32\drivers\90963350.sys ---

Company: Kaspersky Lab, GERT

File Description: Kaspersky Lab Mini Driver

File Version: 2.7.1.0 built by: WinDDK

Product Name: Kaspersky Lab Mini Driver

Copyright: Copyright (c) Kaspersky Lab, GERT

Original Filename: klmd.sys

File size: 98992

Created time: 2012-02-17 21:25

Modified time: 2012-02-17 21:25

MD5: 58169FFB207940D4D84B4E85DB02CC1E

SHA1: DFB45534DC9AD266F0C5ECD2DBC4AFB3BA564BC5

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-25 7719456]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-11 1557800]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

.

c:\users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\Drivers\VMC326.sys [2009-08-10 237696]

S1 MpKslcf3b93dd;MpKslcf3b93dd;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKslcf3b93dd.sys [2012-02-19 29904]

S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]

S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-06-15 313856]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - MPKSLCF3B93DD

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc

yksvcs        REG_MULTI_SZ           yksvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]

.

2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 16:51]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 82.212.62.62 78.42.43.62

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FotoManager10Deluxe.8.alb"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

.

- - - - - - - > 'Explorer.exe'(1028)

c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll

.

Zeit der Fertigstellung: 2012-02-19  20:07:01

ComboFix-quarantined-files.txt  2012-02-19 19:07

ComboFix2.txt  2012-02-19 17:52

.

Vor Suchlauf: 10 Verzeichnis(se), 47.706.501.120 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 47.290.368.000 Bytes frei

.

- - End Of File - - A6327BFB7E9C001A6B870466E3B00B05

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Hallo cosinus,

hier deine Scans:

GMER:

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-02-19 21:17:03

Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVT-22ZCT0 rev.11.01A11

Running: sp8si1jh.exe; Driver: C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys
 
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntoskrnl.exe!ZwSaveKey + 13CD                                                                    81C549A9 1 Byte  [06]

.text           ntoskrnl.exe!KiDispatchInterrupt + 5A2                                                           81C744E2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

PAGE            spsys.sys!?SPRevision@@3PADA + 4F90                                                              A4B15000 282 Bytes  [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 50AB                                                              A4B1511B 7 Bytes  CALL A4B232D6 \SystemRoot\system32\drivers\spsys.sys (security processor/Microsoft Corporation)

PAGE            spsys.sys!?SPRevision@@3PADA + 50B3                                                              A4B15123 629 Bytes  [05, B1, A4, FE, 05, 34, 05, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 5329                                                              A4B15399 101 Bytes  [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE            spsys.sys!?SPRevision@@3PADA + 538F                                                              A4B153FF 148 Bytes  [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE            ...                                                                                              
 

---- Devices - GMER 1.0.15 ----
 

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\BTHUSB \Device\00000071                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
 

Device          \Driver\ACPI_HAL \Device\0000004b                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\0000006f                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

---- Threads - GMER 1.0.15 ----
 

Thread          System [4:1584]                                                                                  A4B22F2E
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002269ea6b84                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cd60786                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00242cf91a3e                      

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fe91bf                      

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002269ea6b84 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cd60786 (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00242cf91a3e (not active ControlSet)  

Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fe91bf (not active ControlSet)  

Reg             HKLM\SOFTWARE\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                      C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_8024402c_66c66075855619cc1111e0dd9c4f3189cbbd9c6_089a143b
 

---- EOF - GMER 1.0.15 ----

--- --- ---

OSAM:

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 21:26:00 on 19.02.2012
 

OS: Windows 7 Starter Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"aswMBR" (aswMBR) - ? - C:\Users\Annette\AppData\Local\Temp\aswMBR.sys  (Hidden registry entry, rootkit activity | File not found)

"catchme" (catchme) - ? - C:\Users\Annette\AppData\Local\Temp\catchme.sys  (File not found)

"fgdiqfow" (fgdiqfow) - ? - C:\Users\Annette\AppData\Local\Temp\fgdiqfow.sys  (Hidden registry entry, rootkit activity | File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys

"MpKsl0cff5102" (MpKsl0cff5102) - "Microsoft Corporation" - C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{09A47860-11B0-4DA5-AFA5-26D86198A780} "EPP" - "Microsoft Corporation" - C:\PROGRA~1\MI8079~1\shellext.dll

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll

{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)

"desktop.ini" - ? - C:\Users\Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"OpenOffice.org 3.2.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"Bluetooth.lnk" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe  (Shortcut exists | File exists)

-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----

"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"MSC" - "Microsoft Corporation" - "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
 

[Print Monitors]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----

"PDFCreator" - ? - C:\windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)

"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\windows\system32\msonpmon.dll
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

"Oberon Media Game Console service" (OberonGameConsoleService) - ? - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe

"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

aswMBR:

Code:

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software

Run date: 2012-02-19 22:03:09

-----------------------------

22:03:09.877    OS Version: Windows 6.1.7601 Service Pack 1

22:03:09.877    Number of processors: 2 586 0x1C02

22:03:09.877    ComputerName: ANNETTE-PC  UserName: Annette

22:03:10.438    Initialize success

22:04:07.987    AVAST engine defs: 12021901

22:04:13.307    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0

22:04:13.307    Disk 0 Vendor: WDC_WD1600BEVT-22ZCT0 11.01A11 Size: 152627MB BusType: 3

22:04:13.588    Disk 0 MBR read successfully

22:04:13.603    Disk 0 MBR scan

22:04:13.712    Disk 0 unknown MBR code

22:04:13.790    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048

22:04:13.978    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328

22:04:14.134    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        68581 MB offset 31664128

22:04:14.305    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        68584 MB offset 172118016

22:04:14.570    Disk 0 scanning sectors +312578048

22:04:15.163    Disk 0 scanning C:\windows\system32\drivers

22:05:44.817    Service scanning

22:06:09.808    Service MpKsl0cff5102 C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5248B83A-0A94-4511-ACEB-73BE861BF58E}\MpKsl0cff5102.sys **LOCKED** 32

22:06:10.479    Service MpNWMon C:\windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32

22:06:41.024    Modules scanning

22:08:13.500    Disk 0 trace - called modules:

22:08:13.578    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys 

22:08:13.594    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84411a00]

22:08:13.610    3 CLASSPNP.SYS[8767259e] -> nt!IofCallDriver -> [0x83f9c408]

22:08:13.641    5 ACPI.sys[86e253d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x83fa5030]

22:08:14.343    AVAST engine scan C:\windows

22:08:52.001    AVAST engine scan C:\windows\system32

22:19:11.166    AVAST engine scan C:\windows\system32\drivers

22:19:46.891    AVAST engine scan C:\Users\Annette

22:24:36.115    AVAST engine scan C:\ProgramData

22:25:33.445    Scan finished successfully

22:27:37.122    Disk 0 MBR has been saved successfully to "E:\MBR.dat"

22:27:37.325    The log file has been saved successfully to "E:\aswMBR.txt"

Liebe Grüße