Trojaner-Board
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Ist mein PC Sauber? (https://www.trojaner-board.de/111376-pc-sauber.html)

RoXii 17.03.2012 16:30
hi

ich habe grade OTL.exe geöffnet und er hat mir ein neues log gegeben, ich poste es hier.


Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Folder C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:430C6D84 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Robin
->Temp folder emptied: 279888 bytes
->Temporary Internet Files folder emptied: 3804050 bytes
->Java cache emptied: 3695964 bytes
->Google Chrome cache emptied: 89830686 bytes
->Flash cache emptied: 1636 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 531320 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028605 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 128,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.1 log created on 03172012_102736

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
File move failed. C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_0 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_1 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\data_3 moved successfully.
C:\Users\Robin\AppData\Local\Google\Chrome\User Data\Default\Cache\index moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000338ADDEF9BC8219C7E2 not found!

Registry entries deleted on Reboot...


Mfg Roxii

RoXii 17.03.2012 20:12
Sorry für doppel post
aber ich hab es nochmal gemacht,
ich hoffe das es jetzt richtig ist der logg


Code:
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3752288333-708083476-1710006870-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31736BAB-7BFB-43A9-BA0D-82651305DB62}\ not found.
Registry key HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Folder C:\Users\Robin\AppData\Roaming\mozilla\Firefox\Profiles\sz5n2qep.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\ not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\askcom.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin-1.xml not found.
File C:\Users\Robin\AppData\Roaming\Mozilla\Firefox\Profiles\sz5n2qep.default\searchplugins\icqplugin.xml not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File move failed. G:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6447ef70-6442-11e1-8801-bcaec58adf4a}\ not found.
File move failed. G:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a662fb88-643e-11e1-8643-806e6f6e6963}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
Unable to delete ADS C:\ProgramData\TEMP:DFC5A2B2 .
Unable to delete ADS C:\ProgramData\TEMP:430C6D84 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Robin
->Temp folder emptied: 1638806 bytes
->Temporary Internet Files folder emptied: 1314333 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 10002309 bytes
->Flash cache emptied: 470 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 12,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.37.1 log created on 03172012_200809

Files\Folders moved on Reboot...
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
File\Folder G:\autorun.inf not found!
File\Folder G:\Setup.exe not found!
File\Folder C:\Users\Robin\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 19.03.2012 15:29
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

RoXii 19.03.2012 16:47
Code:
16:03:01.0247 1424        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
16:03:01.0547 1424        ============================================================
16:03:01.0547 1424        Current date / time: 2012/03/19 16:03:01.0547
16:03:01.0547 1424        SystemInfo:
16:03:01.0547 1424       
16:03:01.0547 1424        OS Version: 6.1.7601 ServicePack: 1.0
16:03:01.0547 1424        Product type: Workstation
16:03:01.0547 1424        ComputerName: ROBIN-PC
16:03:01.0548 1424        UserName: Robin
16:03:01.0548 1424        Windows directory: C:\Windows
16:03:01.0548 1424        System windows directory: C:\Windows
16:03:01.0548 1424        Running under WOW64
16:03:01.0548 1424        Processor architecture: Intel x64
16:03:01.0548 1424        Number of processors: 4
16:03:01.0548 1424        Page size: 0x1000
16:03:01.0548 1424        Boot type: Normal boot
16:03:01.0548 1424        ============================================================
16:03:02.0786 1424        Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:03:02.0825 1424        \Device\Harddisk0\DR0:
16:03:02.0853 1424        MBR used
16:03:02.0853 1424        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1800800, BlocksNum 0x32000
16:03:02.0853 1424        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x1B19A800
16:03:02.0853 1424        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1C9CD000, BlocksNum 0xD4E6000
16:03:02.0938 1424        Initialize success
16:03:02.0938 1424        ============================================================
16:04:09.0584 2804        ============================================================
16:04:09.0584 2804        Scan started
16:04:09.0584 2804        Mode: Manual; SigCheck; TDLFS;
16:04:09.0584 2804        ============================================================
16:04:09.0818 2804        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:04:09.0928 2804        1394ohci - ok
16:04:10.0021 2804        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:04:10.0037 2804        ACPI - ok
16:04:10.0115 2804        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:04:10.0208 2804        AcpiPmi - ok
16:04:10.0333 2804        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:04:10.0380 2804        adp94xx - ok
16:04:10.0411 2804        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:04:10.0427 2804        adpahci - ok
16:04:10.0442 2804        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:04:10.0458 2804        adpu320 - ok
16:04:10.0583 2804        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:04:10.0630 2804        AFD - ok
16:04:10.0692 2804        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:04:10.0708 2804        agp440 - ok
16:04:10.0754 2804        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:04:10.0786 2804        aliide - ok
16:04:10.0801 2804        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:04:10.0801 2804        amdide - ok
16:04:10.0895 2804        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:04:10.0973 2804        AmdK8 - ok
16:04:11.0051 2804        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:04:11.0098 2804        AmdPPM - ok
16:04:11.0160 2804        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:04:11.0176 2804        amdsata - ok
16:04:11.0222 2804        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:04:11.0254 2804        amdsbs - ok
16:04:11.0316 2804        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:04:11.0347 2804        amdxata - ok
16:04:11.0394 2804        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:04:11.0581 2804        AppID - ok
16:04:11.0675 2804        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:04:11.0690 2804        arc - ok
16:04:11.0753 2804        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:04:11.0784 2804        arcsas - ok
16:04:11.0815 2804        aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\Windows\system32\drivers\aswFsBlk.sys
16:04:11.0862 2804        aswFsBlk - ok
16:04:11.0940 2804        aswMonFlt      (21c9835d0e5ad2ff0f16134bcb32cc71) C:\Windows\system32\drivers\aswMonFlt.sys
16:04:11.0956 2804        aswMonFlt - ok
16:04:11.0987 2804        aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\Windows\System32\Drivers\aswrdr2.sys
16:04:11.0987 2804        aswRdr - ok
16:04:12.0034 2804        aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\Windows\system32\drivers\aswSnx.sys
16:04:12.0049 2804        aswSnx - ok
16:04:12.0065 2804        aswSP          (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\Windows\system32\drivers\aswSP.sys
16:04:12.0080 2804        aswSP - ok
16:04:12.0112 2804        aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\Windows\system32\drivers\aswTdi.sys
16:04:12.0112 2804        aswTdi - ok
16:04:12.0143 2804        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:04:12.0299 2804        AsyncMac - ok
16:04:12.0330 2804        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:04:12.0330 2804        atapi - ok
16:04:12.0392 2804        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:04:12.0470 2804        b06bdrv - ok
16:04:12.0548 2804        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:04:12.0611 2804        b57nd60a - ok
16:04:12.0704 2804        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:04:12.0782 2804        Beep - ok
16:04:12.0860 2804        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:04:12.0907 2804        blbdrive - ok
16:04:13.0001 2804        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:04:13.0079 2804        bowser - ok
16:04:13.0141 2804        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:04:13.0235 2804        BrFiltLo - ok
16:04:13.0266 2804        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:04:13.0266 2804        BrFiltUp - ok
16:04:13.0297 2804        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:04:13.0328 2804        Brserid - ok
16:04:13.0344 2804        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:04:13.0360 2804        BrSerWdm - ok
16:04:13.0406 2804        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:04:13.0453 2804        BrUsbMdm - ok
16:04:13.0516 2804        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:04:13.0547 2804        BrUsbSer - ok
16:04:13.0594 2804        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:04:13.0640 2804        BTHMODEM - ok
16:04:13.0734 2804        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:04:13.0828 2804        cdfs - ok
16:04:13.0937 2804        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
16:04:13.0999 2804        cdrom - ok
16:04:14.0108 2804        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:04:14.0155 2804        circlass - ok
16:04:14.0202 2804        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:04:14.0249 2804        CLFS - ok
16:04:14.0342 2804        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:04:14.0389 2804        CmBatt - ok
16:04:14.0436 2804        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:04:14.0452 2804        cmdide - ok
16:04:14.0545 2804        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:04:14.0576 2804        CNG - ok
16:04:14.0608 2804        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:04:14.0623 2804        Compbatt - ok
16:04:14.0732 2804        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:04:14.0795 2804        CompositeBus - ok
16:04:14.0888 2804        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:04:14.0920 2804        crcdisk - ok
16:04:15.0044 2804        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:04:15.0091 2804        DfsC - ok
16:04:15.0185 2804        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:04:15.0247 2804        discache - ok
16:04:15.0341 2804        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:04:15.0372 2804        Disk - ok
16:04:15.0466 2804        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:04:15.0497 2804        drmkaud - ok
16:04:15.0544 2804        dtsoftbus01    (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:04:15.0544 2804        dtsoftbus01 - ok
16:04:15.0606 2804        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:04:15.0637 2804        DXGKrnl - ok
16:04:15.0762 2804        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:04:15.0871 2804        ebdrv - ok
16:04:15.0980 2804        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:04:16.0012 2804        elxstor - ok
16:04:16.0027 2804        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:04:16.0058 2804        ErrDev - ok
16:04:16.0090 2804        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:04:16.0121 2804        exfat - ok
16:04:16.0152 2804        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:04:16.0214 2804        fastfat - ok
16:04:16.0308 2804        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:04:16.0339 2804        fdc - ok
16:04:16.0386 2804        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:04:16.0402 2804        FileInfo - ok
16:04:16.0433 2804        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:04:16.0511 2804        Filetrace - ok
16:04:16.0620 2804        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:04:16.0651 2804        flpydisk - ok
16:04:16.0729 2804        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:04:16.0760 2804        FltMgr - ok
16:04:16.0854 2804        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:04:16.0885 2804        FsDepends - ok
16:04:16.0901 2804        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:04:16.0901 2804        Fs_Rec - ok
16:04:16.0948 2804        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:04:16.0979 2804        fvevol - ok
16:04:17.0010 2804        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:04:17.0010 2804        gagp30kx - ok
16:04:17.0026 2804        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:04:17.0057 2804        hcw85cir - ok
16:04:17.0135 2804        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:04:17.0197 2804        HdAudAddService - ok
16:04:17.0291 2804        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:04:17.0338 2804        HDAudBus - ok
16:04:17.0400 2804        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:04:17.0447 2804        HidBatt - ok
16:04:17.0462 2804        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:04:17.0494 2804        HidBth - ok
16:04:17.0525 2804        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:04:17.0572 2804        HidIr - ok
16:04:17.0618 2804        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
16:04:17.0650 2804        HidUsb - ok
16:04:17.0696 2804        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:04:17.0712 2804        HpSAMD - ok
16:04:17.0759 2804        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:04:17.0852 2804        HTTP - ok
16:04:17.0930 2804        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:04:17.0946 2804        hwpolicy - ok
16:04:18.0008 2804        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:04:18.0040 2804        i8042prt - ok
16:04:18.0102 2804        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:04:18.0149 2804        iaStorV - ok
16:04:18.0211 2804        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:04:18.0242 2804        iirsp - ok
16:04:18.0274 2804        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:04:18.0274 2804        intelide - ok
16:04:18.0352 2804        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:04:18.0383 2804        intelppm - ok
16:04:18.0430 2804        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:04:18.0492 2804        IpFilterDriver - ok
16:04:18.0586 2804        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:04:18.0632 2804        IPMIDRV - ok
16:04:18.0726 2804        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:04:18.0788 2804        IPNAT - ok
16:04:18.0820 2804        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:04:18.0866 2804        IRENUM - ok
16:04:18.0882 2804        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:04:18.0898 2804        isapnp - ok
16:04:18.0991 2804        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:04:19.0038 2804        iScsiPrt - ok
16:04:19.0085 2804        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:04:19.0116 2804        kbdclass - ok
16:04:19.0147 2804        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
16:04:19.0163 2804        kbdhid - ok
16:04:19.0194 2804        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:04:19.0210 2804        KSecDD - ok
16:04:19.0241 2804        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:04:19.0241 2804        KSecPkg - ok
16:04:19.0272 2804        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:04:19.0303 2804        ksthunk - ok
16:04:19.0397 2804        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:04:19.0444 2804        lltdio - ok
16:04:19.0522 2804        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:04:19.0553 2804        LSI_FC - ok
16:04:19.0584 2804        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:04:19.0615 2804        LSI_SAS - ok
16:04:19.0631 2804        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:04:19.0646 2804        LSI_SAS2 - ok
16:04:19.0693 2804        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:04:19.0724 2804        LSI_SCSI - ok
16:04:19.0756 2804        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:04:19.0802 2804        luafv - ok
16:04:19.0912 2804        LVRS64          (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
16:04:19.0958 2804        LVRS64 - ok
16:04:20.0099 2804        LVUVC64        (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
16:04:20.0255 2804        LVUVC64 - ok
16:04:20.0364 2804        ManyCam        (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
16:04:20.0395 2804        ManyCam - ok
16:04:20.0442 2804        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
16:04:20.0473 2804        MBAMProtector - ok
16:04:20.0504 2804        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:04:20.0504 2804        megasas - ok
16:04:20.0536 2804        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:04:20.0536 2804        MegaSR - ok
16:04:20.0567 2804        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:04:20.0614 2804        Modem - ok
16:04:20.0707 2804        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:04:20.0754 2804        monitor - ok
16:04:20.0801 2804        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
16:04:20.0832 2804        mouclass - ok
16:04:20.0863 2804        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:04:20.0894 2804        mouhid - ok
16:04:20.0926 2804        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:04:20.0957 2804        mountmgr - ok
16:04:21.0019 2804        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:04:21.0066 2804        mpio - ok
16:04:21.0144 2804        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:04:21.0222 2804        mpsdrv - ok
16:04:21.0284 2804        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:04:21.0331 2804        MRxDAV - ok
16:04:21.0425 2804        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:04:21.0487 2804        mrxsmb - ok
16:04:21.0534 2804        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:04:21.0596 2804        mrxsmb10 - ok
16:04:21.0674 2804        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:04:21.0706 2804        mrxsmb20 - ok
16:04:21.0737 2804        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:04:21.0752 2804        msahci - ok
16:04:21.0815 2804        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:04:21.0846 2804        msdsm - ok
16:04:21.0877 2804        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:04:21.0908 2804        Msfs - ok
16:04:21.0924 2804        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:04:21.0955 2804        mshidkmdf - ok
16:04:22.0018 2804        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:04:22.0049 2804        msisadrv - ok
16:04:22.0111 2804        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:04:22.0189 2804        MSKSSRV - ok
16:04:22.0252 2804        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:04:22.0298 2804        MSPCLOCK - ok
16:04:22.0298 2804        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:04:22.0376 2804        MSPQM - ok
16:04:22.0486 2804        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:04:22.0517 2804        MsRPC - ok
16:04:22.0532 2804        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:04:22.0548 2804        mssmbios - ok
16:04:22.0564 2804        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:04:22.0626 2804        MSTEE - ok
16:04:22.0688 2804        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:04:22.0751 2804        MTConfig - ok
16:04:22.0844 2804        MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
16:04:22.0860 2804        MTsensor - ok
16:04:22.0907 2804        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:04:22.0922 2804        Mup - ok
16:04:23.0000 2804        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:04:23.0078 2804        NativeWifiP - ok
16:04:23.0188 2804        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:04:23.0234 2804        NDIS - ok
16:04:23.0266 2804        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:04:23.0312 2804        NdisCap - ok
16:04:23.0390 2804        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:04:23.0453 2804        NdisTapi - ok
16:04:23.0562 2804        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:04:23.0640 2804        Ndisuio - ok
16:04:23.0734 2804        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:04:23.0796 2804        NdisWan - ok
16:04:23.0858 2804        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:04:23.0936 2804        NDProxy - ok
16:04:24.0046 2804        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:04:24.0092 2804        NetBIOS - ok
16:04:24.0186 2804        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:04:24.0248 2804        NetBT - ok
16:04:24.0342 2804        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:04:24.0373 2804        nfrd960 - ok
16:04:24.0389 2804        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:04:24.0436 2804        Npfs - ok
16:04:24.0514 2804        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:04:24.0576 2804        nsiproxy - ok
16:04:24.0638 2804        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:04:24.0716 2804        Ntfs - ok
16:04:24.0763 2804        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:04:24.0826 2804        Null - ok
16:04:24.0919 2804        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
16:04:24.0935 2804        nusb3xhc - ok
16:04:25.0013 2804        NVHDA          (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
16:04:25.0044 2804        NVHDA - ok
16:04:25.0340 2804        nvlddmkm        (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
16:04:25.0465 2804        nvlddmkm - ok
16:04:25.0574 2804        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:04:25.0606 2804        nvraid - ok
16:04:25.0637 2804        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:04:25.0652 2804        nvstor - ok
16:04:25.0762 2804        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:04:25.0808 2804        ohci1394 - ok
16:04:25.0840 2804        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:04:25.0855 2804        Parport - ok
16:04:25.0871 2804        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
16:04:25.0886 2804        partmgr - ok
16:04:25.0933 2804        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:04:25.0933 2804        pci - ok
16:04:25.0964 2804        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:04:25.0964 2804        pciide - ok
16:04:25.0996 2804        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:04:26.0011 2804        pcmcia - ok
16:04:26.0027 2804        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:04:26.0042 2804        pcw - ok
16:04:26.0058 2804        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:04:26.0120 2804        PEAUTH - ok
16:04:26.0198 2804        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:04:26.0261 2804        PptpMiniport - ok
16:04:26.0308 2804        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:04:26.0354 2804        Processor - ok
16:04:26.0448 2804        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:04:26.0526 2804        Psched - ok
16:04:26.0651 2804        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:04:26.0713 2804        ql2300 - ok
16:04:26.0713 2804        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:04:26.0729 2804        ql40xx - ok
16:04:26.0729 2804        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:04:26.0760 2804        QWAVEdrv - ok
16:04:26.0776 2804        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:04:26.0791 2804        RasAcd - ok
16:04:26.0869 2804        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:04:26.0916 2804        RasAgileVpn - ok
16:04:26.0947 2804        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:04:27.0010 2804        Rasl2tp - ok
16:04:27.0134 2804        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:04:27.0212 2804        RasPppoe - ok
16:04:27.0306 2804        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:04:27.0384 2804        RasSstp - ok
16:04:27.0446 2804        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:04:27.0556 2804        rdbss - ok
16:04:27.0602 2804        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:04:27.0649 2804        rdpbus - ok
16:04:27.0680 2804        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:04:27.0743 2804        RDPCDD - ok
16:04:27.0821 2804        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:04:27.0899 2804        RDPENCDD - ok
16:04:27.0946 2804        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:04:27.0977 2804        RDPREFMP - ok
16:04:28.0024 2804        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:04:28.0070 2804        RDPWD - ok
16:04:28.0133 2804        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:04:28.0164 2804        rdyboost - ok
16:04:28.0273 2804        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:04:28.0336 2804        rspndr - ok
16:04:28.0445 2804        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
16:04:28.0460 2804        RTL8167 - ok
16:04:28.0492 2804        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:04:28.0507 2804        sbp2port - ok
16:04:28.0585 2804        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:04:28.0632 2804        scfilter - ok
16:04:28.0694 2804        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:04:28.0757 2804        secdrv - ok
16:04:28.0850 2804        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:04:28.0882 2804        Serenum - ok
16:04:28.0897 2804        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:04:28.0928 2804        Serial - ok
16:04:29.0006 2804        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:04:29.0084 2804        sermouse - ok
16:04:29.0131 2804        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:04:29.0178 2804        sffdisk - ok
16:04:29.0194 2804        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:04:29.0209 2804        sffp_mmc - ok
16:04:29.0256 2804        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:04:29.0303 2804        sffp_sd - ok
16:04:29.0318 2804        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:04:29.0365 2804        sfloppy - ok
16:04:29.0459 2804        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:04:29.0490 2804        SiSRaid2 - ok
16:04:29.0490 2804        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:04:29.0506 2804        SiSRaid4 - ok
16:04:29.0615 2804        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:04:29.0677 2804        Smb - ok
16:04:29.0740 2804        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:04:29.0755 2804        spldr - ok
16:04:29.0802 2804        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:04:29.0880 2804        srv - ok
16:04:29.0989 2804        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:04:30.0036 2804        srv2 - ok
16:04:30.0098 2804        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:04:30.0130 2804        srvnet - ok
16:04:30.0208 2804        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:04:30.0239 2804        stexstor - ok
16:04:30.0286 2804        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:04:30.0317 2804        swenum - ok
16:04:30.0410 2804        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
16:04:30.0488 2804        Tcpip - ok
16:04:30.0582 2804        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
16:04:30.0613 2804        TCPIP6 - ok
16:04:30.0660 2804        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:04:30.0723 2804        tcpipreg - ok
16:04:30.0785 2804        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:04:30.0816 2804        TDPIPE - ok
16:04:30.0863 2804        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:04:30.0910 2804        TDTCP - ok
16:04:30.0972 2804        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:04:31.0019 2804        tdx - ok
16:04:31.0050 2804        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:04:31.0066 2804        TermDD - ok
16:04:31.0113 2804        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:04:31.0175 2804        tssecsrv - ok
16:04:31.0269 2804        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:04:31.0315 2804        TsUsbFlt - ok
16:04:31.0393 2804        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:04:31.0456 2804        tunnel - ok
16:04:31.0487 2804        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:04:31.0518 2804        uagp35 - ok
16:04:31.0549 2804        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:04:31.0596 2804        udfs - ok
16:04:31.0643 2804        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:04:31.0659 2804        uliagpkx - ok
16:04:31.0799 2804        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:04:31.0830 2804        umbus - ok
16:04:31.0846 2804        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:04:31.0877 2804        UmPass - ok
16:04:31.0986 2804        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:04:32.0033 2804        usbaudio - ok
16:04:32.0049 2804        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:04:32.0095 2804        usbccgp - ok
16:04:32.0205 2804        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:04:32.0251 2804        usbcir - ok
16:04:32.0283 2804        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
16:04:32.0314 2804        usbehci - ok
16:04:32.0361 2804        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:04:32.0407 2804        usbhub - ok
16:04:32.0454 2804        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
16:04:32.0501 2804        usbohci - ok
16:04:32.0579 2804        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:04:32.0626 2804        usbprint - ok
16:04:32.0657 2804        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:04:32.0673 2804        USBSTOR - ok
16:04:32.0719 2804        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:04:32.0766 2804        usbuhci - ok
16:04:32.0829 2804        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:04:32.0860 2804        vdrvroot - ok
16:04:32.0922 2804        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:04:32.0953 2804        vga - ok
16:04:32.0985 2804        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:04:33.0047 2804        VgaSave - ok
16:04:33.0063 2804        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:04:33.0078 2804        vhdmp - ok
16:04:33.0094 2804        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:04:33.0109 2804        viaide - ok
16:04:33.0125 2804        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:04:33.0125 2804        volmgr - ok
16:04:33.0156 2804        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:04:33.0172 2804        volmgrx - ok
16:04:33.0187 2804        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:04:33.0219 2804        volsnap - ok
16:04:33.0312 2804        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:04:33.0343 2804        vsmraid - ok
16:04:33.0359 2804        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
16:04:33.0390 2804        vwifibus - ok
16:04:33.0437 2804        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:04:33.0468 2804        WacomPen - ok
16:04:33.0531 2804        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:33.0577 2804        WANARP - ok
16:04:33.0593 2804        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:04:33.0609 2804        Wanarpv6 - ok
16:04:33.0671 2804        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:04:33.0702 2804        Wd - ok
16:04:33.0718 2804        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:04:33.0749 2804        Wdf01000 - ok
16:04:33.0796 2804        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:04:33.0827 2804        WfpLwf - ok
16:04:33.0843 2804        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:04:33.0843 2804        WIMMount - ok
16:04:33.0967 2804        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:04:33.0999 2804        WmiAcpi - ok
16:04:34.0030 2804        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:04:34.0061 2804        ws2ifsl - ok
16:04:34.0108 2804        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:04:34.0123 2804        WudfPf - ok
16:04:34.0155 2804        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:04:34.0217 2804        WUDFRd - ok
16:04:34.0233 2804        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:04:34.0389 2804        \Device\Harddisk0\DR0 - ok
16:04:34.0389 2804        Boot (0x1200)  (7b05a0c8d90e988eb4136b3e23d9e93e) \Device\Harddisk0\DR0\Partition0
16:04:34.0404 2804        \Device\Harddisk0\DR0\Partition0 - ok
16:04:34.0435 2804        Boot (0x1200)  (b554268e4eca51bf36d05f9f16170c41) \Device\Harddisk0\DR0\Partition1
16:04:34.0435 2804        \Device\Harddisk0\DR0\Partition1 - ok
16:04:34.0467 2804        Boot (0x1200)  (2ccdf725c11161936deb7a8a74877aba) \Device\Harddisk0\DR0\Partition2
16:04:34.0467 2804        \Device\Harddisk0\DR0\Partition2 - ok
16:04:34.0467 2804        ============================================================
16:04:34.0467 2804        Scan finished
16:04:34.0467 2804        ============================================================
16:04:34.0498 2004        Detected object count: 0
16:04:34.0498 2004        Actual detected object count: 0

cosinus 19.03.2012 17:02
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

RoXii 19.03.2012 18:25
hi habe den scan gemacht
und keine maus oder tastatur verwendet.

Code:
ComboFix 12-03-18.04 - Robin 19.03.2012  18:10:06.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4095.2895 [GMT 1:00]
ausgeführt von:: c:\users\Robin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-19 bis 2012-03-19  ))))))))))))))))))))))))))))))
.
.
2012-03-19 17:13 . 2012-03-19 17:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-19 16:12 . 2012-03-19 16:13        --------        d-----w-        c:\program files\Core Temp
2012-03-17 09:31 . 2012-03-17 09:31        --------        d-----w-        c:\program files (x86)\7-Zip
2012-03-17 09:27 . 2012-03-17 09:27        --------        d-----w-        C:\_OTL
2012-03-16 09:44 . 2012-02-20 00:05        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{93CA4E39-1C82-4176-B393-38F33324CD83}\mpengine.dll
2012-03-15 02:47 . 2012-03-15 02:47        --------        d-----w-        c:\program files (x86)\Common Files\logishrd
2012-03-15 02:47 . 2012-03-15 02:47        --------        d-----w-        c:\program files\Common Files\logishrd
2012-03-14 20:17 . 2012-03-14 20:17        --------        d-----w-        c:\program files (x86)\ESET
2012-03-14 20:16 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 20:16 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 20:16 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 19:10 . 2012-03-14 19:10        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-14 19:10 . 2012-03-14 19:10        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-14 19:10 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-14 19:08 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 19:08 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 19:08 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 19:07 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 19:07 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 19:07 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 19:07 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 19:07 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 19:07 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 19:07 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-14 02:14 . 2010-06-02 03:55        77656        ----a-w-        c:\windows\system32\XAPOFX1_5.dll
2012-03-14 02:14 . 2010-06-02 03:55        74072        ----a-w-        c:\windows\SysWow64\XAPOFX1_5.dll
2012-03-14 02:14 . 2010-06-02 03:55        527192        ----a-w-        c:\windows\SysWow64\XAudio2_7.dll
2012-03-14 02:14 . 2010-06-02 03:55        518488        ----a-w-        c:\windows\system32\XAudio2_7.dll
2012-03-14 02:14 . 2010-06-02 03:55        239960        ----a-w-        c:\windows\SysWow64\xactengine3_7.dll
2012-03-14 02:14 . 2010-06-02 03:55        176984        ----a-w-        c:\windows\system32\xactengine3_7.dll
2012-03-14 02:14 . 2010-05-26 10:41        2526056        ----a-w-        c:\windows\system32\D3DCompiler_43.dll
2012-03-14 02:14 . 2010-05-26 10:41        2106216        ----a-w-        c:\windows\SysWow64\D3DCompiler_43.dll
2012-03-14 01:42 . 2012-03-14 01:42        22360        ----a-w-        c:\windows\SysWow64\X3DAudio1_7.dll
2012-03-14 01:29 . 2012-03-14 01:36        --------        d-----w-        C:\The Elder Scrolls V- Skyrim
2012-03-14 01:16 . 2012-03-14 01:27        --------        d-----w-        c:\program files (x86)\The Elder Scrolls V- Skyrim
2012-03-14 01:02 . 2012-03-14 01:03        --------        d-----w-        c:\program files (x86)\Common Files\Steam
2012-03-13 20:34 . 2012-03-15 11:05        --------        d-----w-        c:\users\UpdatusUser
2012-03-13 20:33 . 2012-02-29 21:00        3089728        ----a-w-        c:\windows\system32\nvsvc64.dll
2012-03-13 20:33 . 2012-02-29 21:00        6074176        ----a-w-        c:\windows\system32\nvcpl.dll
2012-03-13 20:33 . 2012-02-29 20:59        889664        ----a-w-        c:\windows\system32\nvvsvc.exe
2012-03-13 20:33 . 2012-02-29 20:59        63296        ----a-w-        c:\windows\system32\nvshext.dll
2012-03-13 20:33 . 2012-02-29 20:59        2561856        ----a-w-        c:\windows\system32\nvsvcr.dll
2012-03-13 20:33 . 2012-02-29 20:59        118080        ----a-w-        c:\windows\system32\nvmctray.dll
2012-03-13 20:33 . 2012-02-29 20:59        2515790        ----a-w-        c:\windows\system32\nvcoproc.bin
2012-03-13 20:33 . 2012-03-13 20:33        --------        d-----w-        c:\programdata\NVIDIA Corporation
2012-03-13 20:23 . 2012-03-13 20:33        --------        d-----w-        C:\NVIDIA
2012-03-13 19:59 . 2012-03-13 20:18        --------        d-----w-        c:\program files (x86)\Driver Cleaner Pro
2012-03-13 10:14 . 2012-01-09 12:43        606208        ----a-w-        c:\windows\SysWow64\xvidcore.dll
2012-03-13 10:14 . 2012-01-09 12:43        139264        ----a-w-        c:\windows\SysWow64\xvid.ax
2012-03-13 10:14 . 2006-07-17 23:00        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2012-03-13 10:14 . 2004-04-05 09:31        499712        ----a-w-        c:\windows\SysWow64\msvcp71.dll
2012-03-13 10:14 . 2012-03-13 10:14        --------        d-----w-        c:\program files (x86)\Moyea
2012-03-13 05:09 . 2012-03-13 05:09        --------        d-----w-        c:\program files\GIMP-2.0
2012-03-08 13:49 . 2012-03-08 13:49        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-03-08 13:49 . 2012-03-08 13:49        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-03-07 16:46 . 2012-03-07 16:46        --------        d-----w-        c:\program files (x86)\Common Files\Skype
2012-03-07 16:46 . 2012-03-07 16:46        --------        d-----r-        c:\program files (x86)\Skype
2012-03-07 16:46 . 2012-03-07 16:46        --------        d-----w-        c:\programdata\Skype
2012-03-07 14:28 . 2012-01-03 07:03        810496        ----a-w-        c:\windows\system32\xvidcore.dll
2012-03-07 14:28 . 2012-01-03 07:03        80896        ----a-w-        c:\windows\system32\ff_vfw.dll
2012-03-07 14:28 . 2012-01-03 07:03        183808        ----a-w-        c:\windows\system32\xvidvfw.dll
2012-03-07 14:28 . 2012-01-03 07:03        389120        ----a-w-        c:\windows\SysWow64\actskn43.ocx
2012-03-07 14:28 . 2012-01-03 07:03        389120        ----a-w-        c:\windows\system32\actskn43.ocx
2012-03-07 14:28 . 2012-03-07 14:28        --------        d-----w-        c:\program files (x86)\SplitCam
2012-03-07 14:06 . 2012-03-07 14:20        --------        d-----w-        c:\programdata\WebcamMax
2012-03-07 14:01 . 2012-03-07 19:20        --------        d-----w-        c:\program files (x86)\7.1.0.0
2012-03-07 13:09 . 2004-03-08 23:00        152848        ----a-w-        c:\windows\SysWow64\COMDLG32.OCX
2012-03-07 13:09 . 2004-03-08 22:00        132880        ----a-w-        c:\windows\SysWow64\MSINET.OCX
2012-03-07 13:09 . 2004-03-08 22:00        1081616        ----a-w-        c:\windows\SysWow64\MSCOMCTL.OCX
2012-03-07 13:09 . 2012-03-07 13:09        --------        d-----w-        c:\program files (x86)\Common Files\Web Solution Mart
2012-03-07 05:48 . 2012-03-07 12:17        --------        d-----w-        c:\program files (x86)\PC Tools
2012-03-07 05:42 . 2012-03-07 12:17        --------        d-----w-        c:\program files (x86)\Common Files\PC Tools
2012-03-07 05:42 . 2012-02-24 09:36        230952        ----a-w-        c:\windows\system32\drivers\PCTSD64.sys
2012-03-07 05:41 . 2012-03-07 06:03        --------        d-----w-        c:\programdata\PC Tools
2012-03-07 04:59 . 2012-03-07 05:40        --------        dc----w-        c:\windows\system32\DRVSTORE
2012-03-07 04:59 . 2012-03-07 04:59        55384        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2012-03-07 04:53 . 2012-03-07 04:59        --------        d-----w-        c:\programdata\Lavasoft
2012-03-07 04:04 . 2012-03-08 17:10        --------        d-----w-        c:\program files (x86)\Pidgin
2012-03-07 01:53 . 2012-03-07 01:53        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-03-07 01:52 . 2012-03-07 01:52        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-03-07 01:52 . 2012-03-07 01:52        --------        d-----w-        c:\program files (x86)\Java
2012-03-07 00:55 . 2012-03-19 17:00        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2012-03-07 00:55 . 2012-03-07 00:55        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy
2012-03-06 02:03 . 2012-03-06 02:03        --------        d-----w-        c:\program files (x86)\Microsoft.NET
2012-03-05 16:46 . 2012-03-05 16:46        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-03-05 11:53 . 2012-03-05 11:53        --------        d-----w-        c:\program files (x86)\SlimBrowser
2012-03-05 09:18 . 2012-03-05 09:18        --------        d-----w-        c:\windows\system32\SPReview
2012-03-05 09:17 . 2012-03-05 09:17        --------        d-----w-        c:\windows\system32\EventProviders
2012-03-04 12:13 . 2010-11-20 13:33        951680        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-03-04 12:12 . 2010-11-20 13:34        71552        ----a-w-        c:\windows\system32\drivers\volmgr.sys
2012-03-04 12:11 . 2010-11-20 13:33        155008        ----a-w-        c:\windows\system32\drivers\mpio.sys
2012-03-04 12:10 . 2010-11-20 13:27        36352        ----a-w-        c:\windows\system32\wdiasqmmodule.dll
2012-03-04 12:09 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\SysWow64\wdscore.dll
2012-03-04 12:09 . 2010-11-20 13:26        399872        ----a-w-        c:\windows\system32\dpx.dll
2012-03-04 12:09 . 2010-11-20 12:21        189952        ----a-w-        c:\windows\SysWow64\sqmapi.dll
2012-03-04 12:09 . 2010-11-20 12:21        363008        ----a-w-        c:\windows\SysWow64\wbemcomn.dll
2012-03-04 12:09 . 2010-11-20 12:21        189952        ----a-w-        c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-03-04 12:09 . 2010-11-20 12:19        606208        ----a-w-        c:\windows\SysWow64\wbem\fastprox.dll
2012-03-04 12:07 . 2010-11-20 13:27        529408        ----a-w-        c:\windows\system32\wbemcomn.dll
2012-03-04 12:07 . 2010-11-20 13:27        244736        ----a-w-        c:\program files\Windows Portable Devices\sqmapi.dll
2012-03-04 12:07 . 2010-11-20 13:27        244736        ----a-w-        c:\windows\system32\sqmapi.dll
2012-03-04 09:44 . 2011-02-19 12:05        1139200        ----a-w-        c:\windows\system32\FntCache.dll
2012-03-04 09:44 . 2011-02-19 12:04        902656        ----a-w-        c:\windows\system32\d2d1.dll
2012-03-04 09:44 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\SysWow64\d2d1.dll
2012-03-03 12:44 . 2011-03-25 03:29        343040        ----a-w-        c:\windows\system32\drivers\usbhub.sys
2012-03-03 12:44 . 2011-03-25 03:29        98816        ----a-w-        c:\windows\system32\drivers\usbccgp.sys
2012-03-03 12:44 . 2011-03-25 03:29        325120        ----a-w-        c:\windows\system32\drivers\usbport.sys
2012-03-03 12:44 . 2011-03-25 03:29        52736        ----a-w-        c:\windows\system32\drivers\usbehci.sys
2012-03-03 12:44 . 2011-03-25 03:29        25600        ----a-w-        c:\windows\system32\drivers\usbohci.sys
2012-03-03 12:44 . 2011-03-25 03:29        30720        ----a-w-        c:\windows\system32\drivers\usbuhci.sys
2012-03-03 02:28 . 2010-02-23 08:16        294912        ----a-w-        c:\windows\system32\browserchoice.exe
2012-03-03 02:14 . 2010-12-23 10:42        961024        ----a-w-        c:\windows\system32\CPFilters.dll
2012-03-03 02:13 . 2011-10-26 05:21        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2012-03-03 02:12 . 2011-04-22 22:15        27520        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2012-03-03 02:11 . 2011-05-24 11:42        404480        ----a-w-        c:\windows\system32\umpnpmgr.dll
2012-03-03 02:08 . 2011-11-19 14:58        77312        ----a-w-        c:\windows\system32\packager.dll
2012-03-03 02:08 . 2011-11-19 14:01        67072        ----a-w-        c:\windows\SysWow64\packager.dll
2012-03-02 19:44 . 2012-03-02 19:44        --------        d-----w-        c:\program files (x86)\ICQ6Toolbar
2012-03-02 19:44 . 2012-03-02 19:44        --------        d-----w-        c:\programdata\ICQ
2012-03-02 19:40 . 2012-03-02 19:45        --------        d-----w-        c:\program files (x86)\ICQ7.7
2012-03-02 11:24 . 2012-03-02 11:24        --------        d-----w-        c:\windows\SysWow64\QuickTime
2012-03-02 11:24 . 2012-03-02 11:25        --------        d-----w-        c:\programdata\TechSmith
2012-03-02 11:24 . 2012-03-02 11:24        --------        d-----w-        c:\program files (x86)\QuickTime
2012-03-02 11:24 . 2012-03-02 11:24        --------        d-----w-        c:\program files (x86)\Common Files\TechSmith Shared
2012-03-02 11:24 . 2012-03-02 11:24        --------        d-----w-        c:\program files (x86)\TechSmith
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 09:24 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
2012-03-05 09:24 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2012-03-02 09:34 . 2009-08-18 11:49        564632        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-03-02 09:34 . 2009-08-18 10:24        18328        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-01-18 05:44 . 2012-01-18 05:44        540960        ----a-w-        c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 05:44 . 2012-01-18 05:44        545056        ----a-w-        c:\windows\SysWow64\LVUI2.dll
2012-01-18 05:44 . 2012-01-18 05:44        561440        ----a-w-        c:\windows\system32\LVUIRC64.dll
2012-01-18 05:44 . 2012-01-18 05:44        4865568        ----a-w-        c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 05:44 . 2012-01-18 05:44        769312        ----a-w-        c:\windows\system32\LVUI64.dll
2012-01-18 05:44 . 2012-01-18 05:44        351136        ----a-w-        c:\windows\system32\drivers\lvrs64.sys
2012-01-18 05:44 . 2012-01-18 05:44        307488        ----a-w-        c:\windows\SysWow64\lvcodec2.dll
2012-01-18 05:44 . 2012-01-18 05:44        263456        ----a-w-        c:\windows\system32\lvco13311044.dll
2012-01-18 05:44 . 2012-01-18 05:44        176416        ----a-w-        c:\windows\system32\lvcod64.dll
2012-01-18 05:44 . 2012-01-18 05:44        336408        ----a-w-        c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44        336408        ----a-w-        c:\windows\system32\DevManagerCore.dll
2012-01-18 05:44 . 2012-01-18 05:44        10920984        ----a-w-        c:\windows\SysWow64\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44        10920984        ----a-w-        c:\windows\system32\LogiDPP.dll
2012-01-18 05:44 . 2012-01-18 05:44        104472        ----a-w-        c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 05:44 . 2012-01-18 05:44        104472        ----a-w-        c:\windows\system32\LogiDPPApp.exe
2012-01-18 05:23 . 2012-01-18 05:23        38958        ----a-w-        c:\windows\system32\Repository.reg
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{A02B5E09-122E-4A2D-B996-D997485B8C9E}]
2012-02-28 17:11        269312        ----a-w-        c:\users\Robin\AppData\LocalLow\Flagfox\IE\Flagfox.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 ALSysIO;ALSysIO;c:\users\Robin\AppData\Local\Temp\ALSysIO64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FlagfoxUpdater;Flagfox Updater;c:\users\Robin\AppData\LocalLow\Flagfox\IE\FlagfoxUpdater.exe [2012-02-28 18432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15        135408        ----a-w-        c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page =
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 192.168.0.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3752288333-708083476-1710006870-1000\Software\SecuROM\License information*]
"datasecu"=hex:51,61,cc,75,07,db,89,fd,0d,69,f4,14,17,19,52,52,53,0f,28,8b,42,
  f1,19,f0,55,93,ef,fc,00,12,82,5a,9b,a0,f8,17,65,11,d3,50,5d,2b,1a,32,1e,35,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-19  18:17:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-19 17:17
.
Vor Suchlauf: 9 Verzeichnis(se), 112.393.822.208 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 112.277.676.032 Bytes frei
.
- - End Of File - - E9A397C92D285160F2E951C24B5FF8B8

cosinus 19.03.2012 18:33
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

RoXii 19.03.2012 18:56
Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-19 18:44:12
-----------------------------
18:44:12.585    OS Version: Windows x64 6.1.7601 Service Pack 1
18:44:12.585    Number of processors: 4 586 0x403
18:44:12.586    ComputerName: ROBIN-PC  UserName: Robin
18:44:12.978    Initialize success
18:44:13.011    AVAST engine defs: 12031900
18:44:33.465    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:44:33.466    Disk 0 Vendor: ST3360320AS 3.AAM Size: 343399MB BusType: 3
18:44:33.488    Disk 0 MBR read successfully
18:44:33.490    Disk 0 MBR scan
18:44:33.491    Disk 0 Windows 7 default MBR code
18:44:33.501    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        12288 MB offset 2048
18:44:33.512    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 25167872
18:44:33.517    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      222005 MB offset 25372672
18:44:33.538    Disk 0 Partition 4 00    07    HPFS/NTFS NTFS      109004 MB offset 480038912
18:44:33.561    Disk 0 scanning C:\Windows\system32\drivers
18:44:37.887    Service scanning
18:44:47.467    Modules scanning
18:44:47.467    Disk 0 trace - called modules:
18:44:47.482    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
18:44:47.485    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a5c060]
18:44:47.487    3 CLASSPNP.SYS[fffff8800199343f] -> nt!IofCallDriver -> [0xfffffa80043f4520]
18:44:47.497    5 ACPI.sys[fffff88000e357a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0xfffffa80043f9680]
18:44:47.824    AVAST engine scan C:\Windows
18:44:49.170    AVAST engine scan C:\Windows\system32
18:46:16.114    AVAST engine scan C:\Windows\system32\drivers
18:46:21.170    AVAST engine scan C:\Users\Robin
18:47:08.024    File: C:\Users\Robin\Desktop\skyrim4gb.exe  **INFECTED** Win32:Ransom [Trj]
18:47:13.038    AVAST engine scan C:\ProgramData
18:47:23.363    Scan finished successfully
18:55:07.094    Disk 0 MBR has been saved successfully to "C:\Users\Robin\Desktop\MBR.dat"
18:55:07.097    The log file has been saved successfully to "C:\Users\Robin\Desktop\aswMBR.txt"

diese skyrim4gb.exe habe ich gedownloaded damit skyrim die 4gb ram ausnutzen kann, vom entwickler macht es sonst nur 2 gb ram

cosinus 19.03.2012 19:00
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

RoXii 19.03.2012 20:24
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.19.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Robin :: ROBIN-PC [Administrator]

Schutz: Deaktiviert

19.03.2012 19:12:12
mbam-log-2012-03-19 (19-12-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335081
Laufzeit: 32 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)


Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/19/2012 at 08:21 PM

Application Version : 5.0.1146

Core Rules Database Version : 8350
Trace Rules Database Version: 6162

Scan type      : Complete Scan
Total Scan Time : 00:33:53

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 475
Memory threats detected  : 0
Registry items scanned    : 67553
Registry threats detected : 0
File items scanned        : 52433
File threats detected    : 6

Adware.Tracking Cookie
       
        stats.computecmedia.de [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
        .doubleclick.net [ C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
       

Trojan.Agent/Gen-InstallIQ
        C:\USERS\ROBIN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\CACHE\F_00089F
        C:\USERS\ROBIN\DOWNLOADS\CORETEMP_1236.EXE
        C:\Windows\Prefetch\CORETEMP_1236.EXE-3190DE95.pf

cosinus 20.03.2012 16:07
Kann alle weg. Nur Cookies und wenn überhaupt nur Überreste wenn es denn überhaupt Schädlinge sind und keine Fehlalarme.
Rechner soweit wieder ok?

RoXii 20.03.2012 20:37
hey danke cosinus :)

ich glaube der rechner läuft jetzt wieder schneller.
Vielen Dank

Super Arbeit:)

cosinus 21.03.2012 14:59
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt.
Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

RoXii 21.03.2012 19:35
danke
hab alles geupdatet und passwörter geändert.
duuu bist ein held.


:-)

mfg Roxii


Alle Zeitangaben in WEZ +1. Es ist jetzt 06:19 Uhr.
Seite 2 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19