Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Weißer Bildschirm (https://www.trojaner-board.de/137255-weisser-bildschirm.html)

gorbiWTF 26.06.2013 21:31
Weißer Bildschirm
 
Hey, ich bin neu hier und komme gleich mit einem Problem: Das Notebook (Acer Aspire 5750ZG), dass ich hier habe, will nicht mehr so recht. Es startet ganz normal, aber sobald ich mich (automatisch) anmelde, sehe ich nur mehr weiß :) Abgesicherter Modus bringt nichts. Der Besitzer meint, er hat den "BKA-Trojaner" (= Überweisen Sie mir Ihr Geld), aber das kann ich nicht bestätigen.

Hier die log-Dateien, soweit sie überhaupt sinnvoll sind, da ich sie nur im "Computer-Reparatur-Modus" gestartet habe.

defogger_disable.log:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:45 on 26/06/2013 (SYSTEM)

Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Extras.Txt:
Code:
OTL Extras logfile created on: 26.06.2013 21:46:26 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 90,09% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 100,00 Mb Total Space | 61,70 Mb Free Space | 61,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 428,41 Gb Free Space | 92,00% Space Free | Partition Type: NTFS
Drive F: | 973,63 Mb Total Space | 969,44 Mb Free Space | 99,57% Space Free | Partition Type: FAT
Drive X: | 33,59 Mb Total Space | 31,16 Mb Free Space | 92,76% Space Free | Partition Type: NTFS
 
Computer Name: MININT-44D3V55 | User Name: SYSTEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- %SystemRoot%\System32\control.exe "%1",%*
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
Error encountered while reading event logs.
 
< End of report >
OTL.Txt:
Code:
OTL logfile created on: 26.06.2013 21:46:26 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = F:\
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 90,09% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 100,00 Mb Total Space | 61,70 Mb Free Space | 61,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 428,41 Gb Free Space | 92,00% Space Free | Partition Type: NTFS
Drive F: | 973,63 Mb Total Space | 969,44 Mb Free Space | 99,57% Space Free | Partition Type: FAT
Drive X: | 33,59 Mb Total Space | 31,16 Mb Free Space | 92,76% Space Free | Partition Type: NTFS
 
Computer Name: MININT-44D3V55 | User Name: SYSTEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.26 21:33:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2009.07.14 05:03:37 | 000,602,112 | ---- | M] (Microsoft Corporation) -- X:\sources\recovery\RecEnv.exe
PRC - [2009.07.14 02:14:45 | 000,565,760 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\winpeshl.exe
PRC - [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\cmd.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\conhost.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2009.07.14 02:16:13 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Windows\System32\sacsvr.dll -- (sacsvr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.07.14 03:38:07 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:38:07 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:38:07 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:38:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 02:19:03 | 000,080,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- X:\Windows\System32\drivers\sacdrv.sys -- (sacdrv)
DRV - [2009.07.14 00:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk)
DRV - [2009.07.14 00:18:10 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\Windows\System32\drivers\fbwf.sys -- (FBWF)
DRV - [2009.07.14 00:17:59 | 000,053,248 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\windows\System32\drivers\wimfsf.sys -- (WimFsf)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
 
 
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - X:\windows\System32\Drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0
O13 - ftp Prefix: missing
O13 - gopher Prefix: missing
O13 - home Prefix: missing
O13 - mosaic Prefix: missing
O13 - www Prefix: missing
O20 - HKLM Winlogon: Shell - (cmd.exe) - X:\windows\System32\cmd.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (/k start cmd.exe) -  File not found
O20 - HKLM Winlogon: UserInit - (X:\windows\system32\userinit.exe) - X:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.26 21:43:02 | 000,000,000 | ---D | C] -- X:\windows\debug
[2013.06.26 21:43:01 | 000,000,000 | --SD | C] -- X:\windows\System32\Microsoft
[2013.06.26 21:43:01 | 000,000,000 | ---D | C] -- X:\windows\ServiceProfiles
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.26 21:47:04 | 000,076,760 | ---- | M] () -- X:\windows\System32\FNTCACHE.DAT
[2013.06.26 21:45:33 | 000,000,000 | ---- | M] () -- X:\windows\system32\config\systemprofile\defogger_reenable
 
========== Files Created - No Company Name ==========
 
[2013.06.26 21:45:33 | 000,000,000 | ---- | C] () -- X:\windows\system32\config\systemprofile\defogger_reenable
[2013.06.26 21:43:00 | 000,076,760 | ---- | C] () -- X:\windows\System32\FNTCACHE.DAT
[2013.06.26 21:35:14 | 000,377,856 | ---- | C] () -- \gmer_2.1.19163.exe
[2013.06.26 21:33:58 | 000,050,477 | ---- | C] () -- \Defogger.exe
[2013.06.26 21:33:38 | 000,602,112 | ---- | C] () -- \OTL.exe
[2013.06.26 21:07:28 | 001,931,844 | ---- | C] () -- \FRST64.exe
[2013.06.26 21:07:13 | 001,370,251 | ---- | C] () -- \FRST.exe
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 05:05:08 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 05:05:08 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 

< End of report >
Gmer.txt:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-26 22:20:22
Windows 6.1.7600  \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: X:\windows\TEMP\kgrcqfoc.sys


---- Kernel code sections - GMER 2.1 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13AD                                              8A88F579 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                        8A8B3F52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                      fltmgr.sys

---- Registry - GMER 2.1 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName@ComputerName  MINWINPC
Reg            HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB@CurrentConfig                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\Winmgmt@Start                          2
Reg            HKLM\SYSTEM\CurrentControlSet\services\Winmgmt                               
Reg            HKLM\SYSTEM\Setup@SetupType                                                  1
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentType                Multiprocessor Checked
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@SystemRoot                  X:\Windows
Reg            HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit          userinit.exe

---- EOF - GMER 2.1 ----

aharonov 26.06.2013 21:43
Hallo,

Zitat:
Hier die log-Dateien, soweit sie überhaupt sinnvoll sind, da ich sie nur im "Computer-Reparatur-Modus" gestartet habe.
Nein, diese Tools laufen im Reperaturmodus nicht korrekt.
Aber wir haben extra ein Tool, dass dafür spezialisiert ist:


Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!).
Schliesse den USB Stick an den infizierten Rechner an.

Du musst das System nun in die System Reparatur Option booten:
Variante 1 - Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während des Hochfahrens drücke mehrmals die F8 Taste.
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

oder

Variante 2 - Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und boote von der CD.
  • Wähle die Spracheinstellungen und klicke Weiter.
  • Klicke auf Computerreparaturoptionen.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils Weiter.

Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
  • Gib nun bitte notepad ein und drücke Enter.
    • Es öffnet sich ein Textdokument. Klicke auf Datei -> Speichern unter und wähle Computer.
    • Lese hier nun den Laufwerksbuchstaben deines USB Sticks (z.B. e:\) ab.
    • Schliesse Notepad wieder.
  • Gib nun bitte folgenden Befehl ein und drücke Enter:
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Wenn es bei dir ein anderer Buchstabe ist, dann passe den Befehl entsprechend an.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan.
Das Tool erstellt eine Datei FRST.txt auf deinem USB Stick. Poste dessen Inhalt bitte hier.

gorbiWTF 26.06.2013 22:55
Bitteschön:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by SYSTEM on 26-06-2013 21:12:28
Running from F:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4  [1571432 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1210640 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKLM\...\Run: [TAG_A1Dashboard_Launcher.exe] C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe [478192 2012-10-22] ()
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [73381792 2013-06-16] (Microsoft Corporation)
HKU\kira\...\Run: [Yontoo Desktop] "C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
HKU\kira\...\Winlogon: [Shell] explorer.exe,C:\Users\kira\AppData\Roaming\skype.dat <==== ATTENTION

========================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-05-02] ()
S2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S2 TAG_Service; C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe [330736 2012-10-22] ()
S2 Yontoo Desktop Updater; C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)

==================== Drivers (Whitelisted) ====================

S0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-26 21:12 - 2013-06-26 21:12 - 00000000 ____D C:\FRST
2013-06-17 12:45 - 2013-06-26 20:08 - 00000004 ____A C:\Users\kira\AppData\Roaming\skype.ini
2013-06-17 12:14 - 2013-06-17 12:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-11 20:23 - 2013-06-11 20:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-07 19:36 - 2013-06-07 19:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 15:27 - 2013-06-23 17:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 15:27 - 2013-06-12 16:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-07 15:27 - 2013-06-12 16:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 15:27 - 2013-06-07 15:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 15:26 - 2013-06-07 15:27 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 14:26 - 2013-06-06 14:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 14:11 - 2013-06-07 16:18 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 13:47 - 2013-06-06 13:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 19:15 - 2013-06-05 19:18 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 19:05 - 2013-06-05 20:03 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 19:05 - 2013-06-05 19:18 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-05-29 17:15 - 2013-05-29 17:15 - 00000000 __SHD C:\found.001
2013-05-27 07:58 - 2012-12-16 15:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-27 07:58 - 2012-12-16 15:25 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-27 07:58 - 2009-09-10 06:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-05-27 07:57 - 2009-11-25 11:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-05-27 03:22 - 2013-05-27 03:22 - 00000000 __SHD C:\found.000

==================== One Month Modified Files and Folders ========

2013-06-26 21:12 - 2013-06-26 21:12 - 00000000 ____D C:\FRST
2013-06-26 20:08 - 2013-06-17 12:45 - 00000004 ____A C:\Users\kira\AppData\Roaming\skype.ini
2013-06-26 20:04 - 2013-04-13 16:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 20:04 - 2013-04-13 16:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 20:04 - 2013-03-07 19:46 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 20:04 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 20:04 - 2009-07-14 05:39 - 00060169 ____A C:\Windows\setupact.log
2013-06-23 20:19 - 2013-03-07 18:51 - 01530853 ____A C:\Windows\WindowsUpdate.log
2013-06-23 20:18 - 2013-03-07 19:03 - 01472002 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 18:04 - 2013-05-19 17:03 - 00000288 ____A C:\Windows\Tasks\MySearchDial.job
2013-06-23 17:56 - 2013-03-07 19:46 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 17:51 - 2013-06-07 15:27 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 17:32 - 2009-07-14 05:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 17:32 - 2009-07-14 05:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-22 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-06-22 10:57 - 2013-03-07 18:53 - 00000000 ____D C:\users\kira
2013-06-17 12:46 - 2013-05-16 09:17 - 00000000 ____D C:\Users\kira\AppData\Roaming\Yontoo
2013-06-17 12:32 - 2013-05-25 11:04 - 00000000 ____D C:\Users\kira\AppData\Roaming\vlc
2013-06-17 12:14 - 2013-06-17 12:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-16 07:51 - 2013-04-29 09:19 - 00000219 ____A C:\Windows\System32\MRT.INI
2013-06-16 07:48 - 2013-04-29 09:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 20:29 - 2009-07-14 05:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-12 16:51 - 2013-06-07 15:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:51 - 2013-06-07 15:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 20:23 - 2013-06-11 20:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-11 20:23 - 2013-04-27 11:17 - 280512269 ____A C:\Windows\MEMORY.DMP
2013-06-11 20:23 - 2013-04-27 11:17 - 00000000 ____D C:\Windows\Minidump
2013-06-09 00:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-07 19:36 - 2013-06-07 19:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 19:36 - 2013-05-10 13:13 - 00000000 ____D C:\Users\kira\AppData\Roaming\Adobe
2013-06-07 16:18 - 2013-06-06 14:11 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-07 16:03 - 2013-03-07 19:50 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-07 15:27 - 2013-06-07 15:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 15:27 - 2013-06-07 15:26 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 14:26 - 2013-06-06 14:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 13:47 - 2013-06-06 13:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 20:03 - 2013-06-05 19:05 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 19:18 - 2013-06-05 19:15 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 19:18 - 2013-06-05 19:05 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-06-02 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2013-05-29 17:15 - 2013-05-29 17:15 - 00000000 __SHD C:\found.001
2013-05-27 11:40 - 2009-07-14 05:33 - 00265640 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 05:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\MUI
2013-05-27 03:22 - 2013-05-27 03:22 - 00000000 __SHD C:\found.000

Files to move or delete:
====================
C:\Users\kira\AppData\Roaming\skype.dat
C:\Users\kira\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-04-13 16:02] - [2009-08-03 06:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-29 09:15] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E


==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2013-06-17 15:03:28
Restore point made on: 2013-06-23 02:04:13
Restore point made on: 2013-06-23 12:54:57

==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3947.86 MB
Available physical RAM: 3467.52 MB
Total Pagefile: 3946.14 MB
Available Pagefile: 3468.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:428.47 GB) NTFS
Drive f: (PENDRIVE) (Removable) (Total:0.95 GB) (Free:0.36 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 81F7F3A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=974 MB) - (Type=0C)


LastRegBack: 2013-06-22 23:03

==================== End Of Log ============================
--- --- ---

aharonov 26.06.2013 23:56
Ja, das ist besser. :)
Kannst du nach folgendem Fix wieder normal starten?


Drücke auf einem Zweitrechner bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument:
Code:
HKU\kira\...\Winlogon: [Shell] explorer.exe,C:\Users\kira\AppData\Roaming\skype.dat <==== ATTENTION
C:\Users\kira\AppData\Roaming\skype.dat
C:\Users\kira\AppData\Roaming\skype.ini
Speichere dieses dann bitte unter dem Dateinamen Fixlist.txt auf deinen USB Stick neben FRST.
  • Schliesse den USB Stick wieder an den infizierten Rechner an.
  • Starte deinen Rechner erneut in die Reparaturoptionen.
  • Starte nun wiederum FRST, aber klicke dieses Mal auf den Fix Button.
Das Tool erstellt eine Datei Fixlog.txt auf deinem USB Stick. Poste deren Inhalt bitte hier.

gorbiWTF 27.06.2013 13:36
Here we go:
Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-06-2013 02
Ran by SYSTEM at 2013-06-27 14:35:38 Run:1
Running from F:\
Boot Mode: Recovery

==============================================

HKU\kira\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\kira\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\kira\AppData\Roaming\skype.ini => Moved successfully.

==== End of Fixlog ====
Jetzt kann ich ganz normal starten :)

aharonov 27.06.2013 13:44
Prima. Dann geht's jetzt im normalen Modus weiter.

Verschiebe die frst.exe vom USB-Stick auf den Desktop.
  • Starte dann FRST.
  • Setze bei Optional Scan den Haken bei Addition.txt und drücke Scan.
  • Wenn der Scan abgeschlossen ist, werden zwei neue Logfiles FRST.txt und Addition.txt erstellt und auf dem Desktop gespeichert.
  • Poste den Inhalt dieser beiden Logfiles bitte hier in deinen Thread.

gorbiWTF 27.06.2013 14:51
Zweites frst.txt:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by kira (administrator) on 27-06-2013 15:46:55
Running from C:\Users\kira\Desktop
Microsoft Windows 7 Home Premium  (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
() C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
() C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe
(Yontoo LLC) C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4  [1571432 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1210640 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: []  [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKLM\...\Run: [TAG_A1Dashboard_Launcher.exe] C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe [478192 2012-10-22] ()
HKCU\...\Run: [Yontoo Desktop] "C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe" [47392 2013-05-17] (Yontoo LLC)
MountPoints2: {3d4a93c7-874f-11e2-ab93-806e6f6e6963} - D:\sources\sperr32.exe x64
MountPoints2: {f73c0fcf-bc6a-11e2-8dd6-806e6f6e6963} - E:\.\Autorun.exe AUTORUN=1
MountPoints2: {f73c1024-bc6a-11e2-8dd6-b870f49ff7c0} - E:\.\Autorun.exe AUTORUN=1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sm.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKCU - {515815B3-C1BF-4BAC-9D95-FA44E68A8DAC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^AT&apn_uid=4FB8BE34-EBB0-40FF-BFA6-D7054BA7E21B&apn_sauid=3ED68056-6910-4B67-884B-8050DB1B994D
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~1\MYSEAR~1\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\PROGRA~1\MYSEAR~1\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)

Chrome:
=======
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=42BC582C80139263
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\kira\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0
CHR Extension: (Google Docs) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Yontoo) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0
CHR Extension: (New Tab) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.2_0
CHR Extension: (Gmail) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-05-02] ()
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
R2 TAG_Service; C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe [330736 2012-10-22] ()
R2 Yontoo Desktop Updater; C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)

==================== Drivers (Whitelisted) ====================

R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2013-06-27] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S1 tkwnteqh; \??\C:\Windows\system32\drivers\tkwnteqh.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-27 15:46 - 2013-06-26 21:07 - 01370251 ____A (Farbar) C:\Users\kira\Desktop\FRST.exe
2013-06-27 14:40 - 2013-06-27 15:44 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-26 22:12 - 2013-06-26 22:12 - 00000000 ____D C:\FRST
2013-06-17 13:14 - 2013-06-17 13:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-11 21:23 - 2013-06-11 21:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-07 20:36 - 2013-06-07 20:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 16:27 - 2013-06-27 14:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 16:27 - 2013-06-12 17:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-07 16:27 - 2013-06-12 17:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 16:27 - 2013-06-07 16:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 16:26 - 2013-06-07 16:27 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 15:26 - 2013-06-06 15:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 15:11 - 2013-06-07 17:18 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:47 - 2013-06-06 14:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 20:15 - 2013-06-05 20:18 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 20:05 - 2013-06-05 21:03 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 20:05 - 2013-06-05 20:18 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-05-29 18:15 - 2013-05-29 18:15 - 00000000 __SHD C:\found.001

==================== One Month Modified Files and Folders ========

2013-06-27 15:45 - 2013-03-07 20:46 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 15:44 - 2013-06-27 14:40 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-27 15:44 - 2013-04-13 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-27 15:44 - 2013-04-13 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-27 15:44 - 2013-03-07 19:51 - 01265601 ____A C:\Windows\WindowsUpdate.log
2013-06-27 15:44 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 15:44 - 2009-07-14 06:39 - 00055494 ____A C:\Windows\setupact.log
2013-06-27 15:43 - 2009-07-14 01:11 - 00021584 ____A C:\Windows\System32\Drivers\atapi.sys
2013-06-27 15:04 - 2013-05-19 18:03 - 00000288 ____A C:\Windows\Tasks\MySearchDial.job
2013-06-27 15:00 - 2013-03-07 20:03 - 01472002 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 14:56 - 2013-03-07 20:46 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 14:51 - 2013-06-07 16:27 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 14:44 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 14:44 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 14:37 - 2013-03-07 19:53 - 00000000 ____D C:\users\kira
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-26 22:12 - 2013-06-26 22:12 - 00000000 ____D C:\FRST
2013-06-26 21:07 - 2013-06-27 15:46 - 01370251 ____A (Farbar) C:\Users\kira\Desktop\FRST.exe
2013-06-17 13:46 - 2013-05-16 10:17 - 00000000 ____D C:\Users\kira\AppData\Roaming\Yontoo
2013-06-17 13:32 - 2013-05-25 12:04 - 00000000 ____D C:\Users\kira\AppData\Roaming\vlc
2013-06-17 13:14 - 2013-06-17 13:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-16 08:51 - 2013-04-29 10:19 - 00000219 ____A C:\Windows\System32\MRT.INI
2013-06-16 08:48 - 2013-04-29 10:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 21:29 - 2009-07-14 06:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 12:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-15 12:10 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-12 17:51 - 2013-06-07 16:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:51 - 2013-06-07 16:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 21:23 - 2013-06-11 21:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-11 21:23 - 2013-04-27 12:17 - 280512269 ____A C:\Windows\MEMORY.DMP
2013-06-11 21:23 - 2013-04-27 12:17 - 00000000 ____D C:\Windows\Minidump
2013-06-09 01:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-07 20:36 - 2013-06-07 20:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 20:36 - 2013-05-10 14:13 - 00000000 ____D C:\Users\kira\AppData\Roaming\Adobe
2013-06-07 17:18 - 2013-06-06 15:11 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-07 17:03 - 2013-03-07 20:50 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-07 16:27 - 2013-06-07 16:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 16:27 - 2013-06-07 16:26 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 15:26 - 2013-06-06 15:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:47 - 2013-06-06 14:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 21:03 - 2013-06-05 20:05 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 20:18 - 2013-06-05 20:15 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 20:18 - 2013-06-05 20:05 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-06-02 14:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-05-29 18:15 - 2013-05-29 18:15 - 00000000 __SHD C:\found.001

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2013-04-13 17:02] - [2009-08-03 07:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-29 10:15] - [2012-09-06 18:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E



LastRegBack: 2013-06-23 00:03

==================== End Of Log ============================
--- --- ---


addition.txt:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 02
Ran by kira at 2013-06-27 15:47:55
Running from C:\Users\kira\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

A1 Dashboard (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Ask Toolbar (Version: 1.15.23.0)
Ask Toolbar Updater (HKCU Version: 1.2.5.36191)
Broadcom NetLink Controller (Version: 14.8.4.1)
DirectX Media Runtime 5.2b
Dolby Advanced Audio v2 (Version: 7.2.7000.7)
Gold Rush
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Intel PROSet Wireless
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.01.1000)
Intel(R) Rapid Storage Technology (Version: 10.5.0.1026)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Logitech Harmony Remote Software (x86) (Version: 2.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mysearchdial
NSIS Example2
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Online Games Manager v1.20 (Version: 1.20.13)
PlanetPenguin Racer (Version: 0.3.1)
Realtek High Definition Audio Driver (Version: 6.0.1.6438)
Unity Web Player (HKCU Version: )
VLC media player 2.0.6 (Version: 2.0.6)
WET - The Sexy Empire
Yontoo 2.053 (Version: 2.053)

==================== Restore Points  =========================

17-06-2013 14:03:27 Geplanter Prüfpunkt
23-06-2013 01:04:11 Windows Update
23-06-2013 11:54:55 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {4500C94E-9D60-4EE7-9EA8-4A14D0BF686A} - System32\Tasks\MySearchDial => C:\Users\kira\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE [2013-05-19] ()
Task: {6F13C3E6-7A41-4107-9D4D-882E0C7D1AE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {81F11953-E28C-4B9A-BCE3-26BFA087D0B2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-03-31] ()
Task: {CEB91A09-10CE-4FCA-8F0B-9A1AC880574B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {D6825302-3F17-47AE-B0EB-83A087FD360E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {DC53FBFB-656E-4CB2-8A2D-2167AA1D4698} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => ?

==================== Faulty Device Manager Devices =============

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/16/2013 08:48:31 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.

Error: (06/16/2013 08:48:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.
.


System errors:
=============
Error: (06/26/2013 09:08:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%126

Error: (06/26/2013 09:08:30 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

Error: (06/26/2013 09:08:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%126

Error: (06/23/2013 09:33:07 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068

Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068


Microsoft Office Sessions:
=========================
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/16/2013 08:48:31 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.

Error: (06/16/2013 08:48:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.

System Error:
Falscher Parameter.


CodeIntegrity Errors:
===================================
  Date: 2013-05-24 05:37:52.690
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-24 05:37:50.600
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-24 05:37:49.336
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-24 05:37:48.135
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-05-24 05:37:46.794
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 2413.86 MB
Available physical RAM: 1756.11 MB
Total Pagefile: 4826 MB
Available Pagefile: 4107.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:428.4 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 81F7F3A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=974 MB) - (Type=06)

==================== End Of Log ============================

aharonov 28.06.2013 00:40
Ok, dann mach bitte so weiter:


Schritt 1

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




Schritt 2

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.



Bitte poste in deiner nächsten Antwort:
  • Log von aswMBR
  • Log von TDSSKiller

gorbiWTF 28.06.2013 14:11
aswMBR.txt:
Code:
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-28 14:50:52
-----------------------------
14:50:52.569    OS Version: Windows 6.1.7600
14:50:52.569    Number of processors: 2 586 0x2A07
14:50:52.569    ComputerName: KIRA-PC  UserName: kira
14:50:53.380    Initialize success
14:52:17.164    AVAST engine defs: 13062800
14:52:43.559    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:52:43.575    Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
14:52:43.731    Disk 0 MBR read successfully
14:52:43.731    Disk 0 MBR scan
14:52:43.746    Disk 0 Windows 7 default MBR code
14:52:43.762    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
14:52:43.778    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      476838 MB offset 206848
14:52:43.778    Disk 0 scanning sectors +976771072
14:52:43.980    Disk 0 scanning C:\Windows\system32\drivers
14:52:57.552    Service scanning
14:53:24.213    Modules scanning
14:53:37.816    Disk 0 trace - called modules:
14:53:37.847    ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:53:37.863    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880e8948]
14:53:37.878    3 CLASSPNP.SYS[8a58e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8623a028]
14:53:39.766    AVAST engine scan C:\Windows
14:53:43.058    AVAST engine scan C:\Windows\system32
14:56:45.703    AVAST engine scan C:\Windows\system32\drivers
14:57:03.034    AVAST engine scan C:\Users\kira
14:58:34.794    AVAST engine scan C:\ProgramData
14:58:47.695    Scan finished successfully
14:59:01.501    Disk 0 MBR has been saved successfully to "C:\Users\kira\Desktop\MBR.dat"
14:59:01.501    The log file has been saved successfully to "C:\Users\kira\Desktop\aswMBR.txt"
TDSSKiller....txt:
Code:
15:00:03.0102 3592  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:05.0114 3592  ============================================================
15:00:05.0114 3592  Current date / time: 2013/06/28 15:00:05.0114
15:00:05.0114 3592  SystemInfo:
15:00:05.0114 3592 
15:00:05.0114 3592  OS Version: 6.1.7600 ServicePack: 0.0
15:00:05.0114 3592  Product type: Workstation
15:00:05.0114 3592  ComputerName: KIRA-PC
15:00:05.0114 3592  UserName: kira
15:00:05.0114 3592  Windows directory: C:\Windows
15:00:05.0114 3592  System windows directory: C:\Windows
15:00:05.0114 3592  Processor architecture: Intel x86
15:00:05.0114 3592  Number of processors: 2
15:00:05.0114 3592  Page size: 0x1000
15:00:05.0114 3592  Boot type: Normal boot
15:00:05.0114 3592  ============================================================
15:00:05.0644 3592  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:00:05.0660 3592  Drive \Device\Harddisk1\DR1 - Size: 0xF0A00000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:05.0660 3592  ============================================================
15:00:05.0660 3592  \Device\Harddisk0\DR0:
15:00:05.0660 3592  MBR partitions:
15:00:05.0660 3592  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:00:05.0660 3592  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:00:05.0660 3592  \Device\Harddisk1\DR1:
15:00:05.0660 3592  MBR partitions:
15:00:05.0660 3592  \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xBD0, BlocksNum 0x784430
15:00:05.0660 3592  ============================================================
15:00:05.0691 3592  C: <-> \Device\Harddisk0\DR0\Partition2
15:00:05.0691 3592  ============================================================
15:00:05.0691 3592  Initialize success
15:00:05.0691 3592  ============================================================
15:00:17.0282 3324  ============================================================
15:00:17.0282 3324  Scan started
15:00:17.0282 3324  Mode: Manual; SigCheck; TDLFS;
15:00:17.0282 3324  ============================================================
15:00:17.0844 3324  ================ Scan system memory ========================
15:00:17.0844 3324  System memory - ok
15:00:17.0844 3324  ================ Scan services =============================
15:00:18.0000 3324  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
15:00:18.0140 3324  1394ohci - ok
15:00:18.0202 3324  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
15:00:18.0234 3324  ACPI - ok
15:00:18.0280 3324  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi        C:\Windows\system32\DRIVERS\acpipmi.sys
15:00:18.0327 3324  AcpiPmi - ok
15:00:18.0468 3324  [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:18.0499 3324  AdobeFlashPlayerUpdateSvc - ok
15:00:18.0577 3324  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx        C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:18.0624 3324  adp94xx - ok
15:00:18.0639 3324  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci        C:\Windows\system32\DRIVERS\adpahci.sys
15:00:18.0670 3324  adpahci - ok
15:00:18.0702 3324  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320        C:\Windows\system32\DRIVERS\adpu320.sys
15:00:18.0733 3324  adpu320 - ok
15:00:18.0764 3324  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
15:00:18.0842 3324  AeLookupSvc - ok
15:00:18.0920 3324  [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD            C:\Windows\system32\drivers\afd.sys
15:00:19.0092 3324  AFD - ok
15:00:19.0123 3324  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
15:00:19.0154 3324  agp440 - ok
15:00:19.0185 3324  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx        C:\Windows\system32\DRIVERS\djsvs.sys
15:00:19.0216 3324  aic78xx - ok
15:00:19.0263 3324  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG            C:\Windows\System32\alg.exe
15:00:19.0310 3324  ALG - ok
15:00:19.0372 3324  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
15:00:19.0388 3324  aliide - ok
15:00:19.0435 3324  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
15:00:19.0450 3324  amdagp - ok
15:00:19.0482 3324  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
15:00:19.0497 3324  amdide - ok
15:00:19.0513 3324  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8          C:\Windows\system32\DRIVERS\amdk8.sys
15:00:19.0560 3324  AmdK8 - ok
15:00:19.0560 3324  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
15:00:19.0622 3324  AmdPPM - ok
15:00:19.0669 3324  [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata        C:\Windows\system32\DRIVERS\amdsata.sys
15:00:19.0700 3324  amdsata - ok
15:00:19.0778 3324  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:19.0809 3324  amdsbs - ok
15:00:19.0825 3324  [ B81C2B5616F6420A9941EA093A92B150 ] amdxata        C:\Windows\system32\DRIVERS\amdxata.sys
15:00:19.0840 3324  amdxata - ok
15:00:19.0856 3324  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID          C:\Windows\system32\drivers\appid.sys
15:00:19.0950 3324  AppID - ok
15:00:19.0996 3324  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
15:00:20.0184 3324  AppIDSvc - ok
15:00:20.0199 3324  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo        C:\Windows\System32\appinfo.dll
15:00:20.0246 3324  Appinfo - ok
15:00:20.0277 3324  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc            C:\Windows\system32\DRIVERS\arc.sys
15:00:20.0308 3324  arc - ok
15:00:20.0340 3324  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
15:00:20.0355 3324  arcsas - ok
15:00:20.0386 3324  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:20.0464 3324  AsyncMac - ok
15:00:20.0511 3324  [ 586906F468F7E54A54679E3AFD6B5227 ] atapi          C:\Windows\system32\DRIVERS\atapi.sys
15:00:20.0542 3324  atapi ( UnsignedFile.Multi.Generic ) - warning
15:00:20.0542 3324  atapi - detected UnsignedFile.Multi.Generic (1)
15:00:20.0605 3324  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:20.0714 3324  AudioEndpointBuilder - ok
15:00:20.0745 3324  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
15:00:20.0792 3324  Audiosrv - ok
15:00:20.0823 3324  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
15:00:20.0870 3324  AxInstSV - ok
15:00:20.0932 3324  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv        C:\Windows\system32\DRIVERS\bxvbdx.sys
15:00:21.0010 3324  b06bdrv - ok
15:00:21.0042 3324  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
15:00:21.0104 3324  b57nd60x - ok
15:00:21.0276 3324  [ EA0B976854393EBD1FAAB4A0A22B1124 ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl6.sys
15:00:21.0354 3324  BCM43XX - ok
15:00:21.0400 3324  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
15:00:21.0463 3324  BDESVC - ok
15:00:21.0510 3324  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
15:00:21.0588 3324  Beep - ok
15:00:21.0650 3324  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE            C:\Windows\System32\bfe.dll
15:00:21.0728 3324  BFE - ok
15:00:21.0775 3324  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
15:00:21.0884 3324  BITS - ok
15:00:21.0915 3324  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:21.0946 3324  blbdrive - ok
15:00:22.0009 3324  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
15:00:22.0056 3324  bowser - ok
15:00:22.0087 3324  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:22.0149 3324  BrFiltLo - ok
15:00:22.0165 3324  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:22.0227 3324  BrFiltUp - ok
15:00:22.0305 3324  [ 598E1280E7FF3744F4B8329366CC5635 ] Browser        C:\Windows\System32\browser.dll
15:00:22.0383 3324  Browser - ok
15:00:22.0430 3324  [ 845B8CE732E67F3B4133164868C666EA ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
15:00:22.0508 3324  Brserid - ok
15:00:22.0524 3324  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:22.0586 3324  BrSerWdm - ok
15:00:22.0617 3324  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:22.0680 3324  BrUsbMdm - ok
15:00:22.0680 3324  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:22.0711 3324  BrUsbSer - ok
15:00:22.0742 3324  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:22.0789 3324  BTHMODEM - ok
15:00:22.0851 3324  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv        C:\Windows\system32\bthserv.dll
15:00:22.0929 3324  bthserv - ok
15:00:22.0976 3324  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
15:00:23.0054 3324  cdfs - ok
15:00:23.0132 3324  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
15:00:23.0179 3324  cdrom - ok
15:00:23.0241 3324  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc    C:\Windows\System32\certprop.dll
15:00:23.0319 3324  CertPropSvc - ok
15:00:23.0350 3324  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
15:00:23.0382 3324  circlass - ok
15:00:23.0397 3324  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
15:00:23.0428 3324  CLFS - ok
15:00:23.0522 3324  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:23.0553 3324  clr_optimization_v2.0.50727_32 - ok
15:00:23.0569 3324  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:23.0616 3324  CmBatt - ok
15:00:23.0647 3324  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
15:00:23.0678 3324  cmdide - ok
15:00:23.0740 3324  [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG            C:\Windows\system32\Drivers\cng.sys
15:00:23.0803 3324  CNG - ok
15:00:23.0834 3324  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
15:00:23.0865 3324  Compbatt - ok
15:00:23.0896 3324  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
15:00:23.0928 3324  CompositeBus - ok
15:00:23.0943 3324  COMSysApp - ok
15:00:23.0959 3324  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk        C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:23.0974 3324  crcdisk - ok
15:00:24.0052 3324  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
15:00:24.0130 3324  CryptSvc - ok
15:00:24.0193 3324  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
15:00:24.0286 3324  DcomLaunch - ok
15:00:24.0333 3324  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc      C:\Windows\System32\defragsvc.dll
15:00:24.0427 3324  defragsvc - ok
15:00:24.0505 3324  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
15:00:24.0583 3324  DfsC - ok
15:00:24.0645 3324  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
15:00:24.0708 3324  Dhcp - ok
15:00:24.0754 3324  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
15:00:24.0801 3324  discache - ok
15:00:24.0832 3324  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
15:00:24.0848 3324  Disk - ok
15:00:24.0910 3324  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
15:00:24.0988 3324  Dnscache - ok
15:00:25.0020 3324  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc        C:\Windows\System32\dot3svc.dll
15:00:25.0113 3324  dot3svc - ok
15:00:25.0144 3324  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS            C:\Windows\system32\dps.dll
15:00:25.0238 3324  DPS - ok
15:00:25.0269 3324  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
15:00:25.0332 3324  drmkaud - ok
15:00:25.0378 3324  [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
15:00:25.0425 3324  DXGKrnl - ok
15:00:25.0456 3324  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost        C:\Windows\System32\eapsvc.dll
15:00:25.0534 3324  EapHost - ok
15:00:25.0659 3324  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv          C:\Windows\system32\DRIVERS\evbdx.sys
15:00:25.0815 3324  ebdrv - ok
15:00:25.0862 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS            C:\Windows\System32\lsass.exe
15:00:25.0893 3324  EFS - ok
15:00:25.0987 3324  [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
15:00:26.0096 3324  ehRecvr - ok
15:00:26.0096 3324  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched        C:\Windows\ehome\ehsched.exe
15:00:26.0143 3324  ehSched - ok
15:00:26.0205 3324  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor        C:\Windows\system32\DRIVERS\elxstor.sys
15:00:26.0268 3324  elxstor - ok
15:00:26.0299 3324  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
15:00:26.0346 3324  ErrDev - ok
15:00:26.0424 3324  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem    C:\Windows\system32\es.dll
15:00:26.0502 3324  EventSystem - ok
15:00:26.0580 3324  [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev    C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:00:26.0626 3324  ew_hwusbdev - ok
15:00:26.0658 3324  [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
15:00:26.0673 3324  ew_usbenumfilter - ok
15:00:26.0704 3324  [ 2DC9108D74081149CC8B651D3A26207F ] exfat          C:\Windows\system32\drivers\exfat.sys
15:00:26.0767 3324  exfat - ok
15:00:26.0782 3324  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
15:00:26.0829 3324  fastfat - ok
15:00:26.0907 3324  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax            C:\Windows\system32\fxssvc.exe
15:00:27.0001 3324  Fax - ok
15:00:27.0032 3324  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
15:00:27.0063 3324  fdc - ok
15:00:27.0110 3324  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost        C:\Windows\system32\fdPHost.dll
15:00:27.0172 3324  fdPHost - ok
15:00:27.0204 3324  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
15:00:27.0219 3324  FDResPub - ok
15:00:27.0266 3324  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
15:00:27.0266 3324  FileInfo - ok
15:00:27.0297 3324  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
15:00:27.0344 3324  Filetrace - ok
15:00:27.0391 3324  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:27.0438 3324  flpydisk - ok
15:00:27.0469 3324  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
15:00:27.0500 3324  FltMgr - ok
15:00:27.0562 3324  [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache      C:\Windows\system32\FntCache.dll
15:00:27.0640 3324  FontCache - ok
15:00:27.0703 3324  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:00:27.0718 3324  FontCache3.0.0.0 - ok
15:00:27.0750 3324  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
15:00:27.0765 3324  FsDepends - ok
15:00:27.0828 3324  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
15:00:27.0843 3324  Fs_Rec - ok
15:00:27.0874 3324  [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
15:00:27.0906 3324  fvevol - ok
15:00:27.0937 3324  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:27.0952 3324  gagp30kx - ok
15:00:27.0999 3324  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc          C:\Windows\System32\gpsvc.dll
15:00:28.0093 3324  gpsvc - ok
15:00:28.0233 3324  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate        C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:28.0264 3324  gupdate - ok
15:00:28.0280 3324  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:28.0296 3324  gupdatem - ok
15:00:28.0327 3324  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
15:00:28.0389 3324  hcw85cir - ok
15:00:28.0420 3324  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:28.0467 3324  HdAudAddService - ok
15:00:28.0483 3324  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:28.0530 3324  HDAudBus - ok
15:00:28.0576 3324  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt        C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:28.0608 3324  HidBatt - ok
15:00:28.0623 3324  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
15:00:28.0670 3324  HidBth - ok
15:00:28.0701 3324  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr          C:\Windows\system32\DRIVERS\hidir.sys
15:00:28.0764 3324  HidIr - ok
15:00:28.0795 3324  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv        C:\Windows\system32\hidserv.dll
15:00:28.0873 3324  hidserv - ok
15:00:28.0951 3324  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
15:00:28.0998 3324  HidUsb - ok
15:00:29.0044 3324  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
15:00:29.0122 3324  hkmsvc - ok
15:00:29.0154 3324  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:29.0232 3324  HomeGroupListener - ok
15:00:29.0278 3324  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:29.0341 3324  HomeGroupProvider - ok
15:00:29.0388 3324  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
15:00:29.0403 3324  HpSAMD - ok
15:00:29.0450 3324  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
15:00:29.0528 3324  HTTP - ok
15:00:29.0590 3324  [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm  C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
15:00:29.0637 3324  huawei_cdcacm - ok
15:00:29.0653 3324  [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
15:00:29.0731 3324  huawei_enumerator - ok
15:00:29.0731 3324  [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
15:00:29.0778 3324  huawei_ext_ctrl - ok
15:00:29.0809 3324  [ CB4A1F464EF6FE83ABDFE49E7416E6D7 ] huawei_wwanecm  C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
15:00:29.0856 3324  huawei_wwanecm - ok
15:00:29.0902 3324  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
15:00:29.0918 3324  hwpolicy - ok
15:00:29.0949 3324  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:30.0012 3324  i8042prt - ok
15:00:30.0058 3324  [ 9615DAF540B2C04DC871D10D7AE59F38 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
15:00:30.0090 3324  iaStor - ok
15:00:30.0121 3324  [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV        C:\Windows\system32\DRIVERS\iaStorV.sys
15:00:30.0152 3324  iaStorV - ok
15:00:30.0214 3324  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:00:30.0292 3324  idsvc - ok
15:00:30.0308 3324  [ 4173FF5708F3236CF25195FECD742915 ] iirsp          C:\Windows\system32\DRIVERS\iirsp.sys
15:00:30.0324 3324  iirsp - ok
15:00:30.0386 3324  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
15:00:30.0495 3324  IKEEXT - ok
15:00:30.0667 3324  [ 6CAC927C002DD79D666AA71332EAF03A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:00:30.0745 3324  IntcAzAudAddService - ok
15:00:30.0776 3324  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
15:00:30.0776 3324  intelide - ok
15:00:30.0823 3324  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
15:00:30.0854 3324  intelppm - ok
15:00:30.0885 3324  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
15:00:30.0963 3324  IPBusEnum - ok
15:00:30.0994 3324  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:31.0072 3324  IpFilterDriver - ok
15:00:31.0135 3324  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
15:00:31.0213 3324  iphlpsvc - ok
15:00:31.0244 3324  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV        C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:00:31.0275 3324  IPMIDRV - ok
15:00:31.0275 3324  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
15:00:31.0322 3324  IPNAT - ok
15:00:31.0338 3324  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
15:00:31.0400 3324  IRENUM - ok
15:00:31.0431 3324  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
15:00:31.0447 3324  isapnp - ok
15:00:31.0478 3324  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
15:00:31.0509 3324  iScsiPrt - ok
15:00:31.0556 3324  [ 410765797CF25CA4B94493D21CCFD487 ] k57nd60x        C:\Windows\system32\DRIVERS\k57nd60x.sys
15:00:31.0587 3324  k57nd60x - ok
15:00:31.0650 3324  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:31.0681 3324  kbdclass - ok
15:00:31.0712 3324  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:31.0759 3324  kbdhid - ok
15:00:31.0790 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
15:00:31.0821 3324  KeyIso - ok
15:00:31.0837 3324  [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
15:00:31.0868 3324  KSecDD - ok
15:00:31.0915 3324  [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
15:00:31.0946 3324  KSecPkg - ok
15:00:31.0977 3324  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm          C:\Windows\system32\msdtckrm.dll
15:00:32.0055 3324  KtmRm - ok
15:00:32.0133 3324  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
15:00:32.0211 3324  LanmanServer - ok
15:00:32.0258 3324  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:32.0320 3324  LanmanWorkstation - ok
15:00:32.0398 3324  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
15:00:32.0445 3324  lltdio - ok
15:00:32.0476 3324  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
15:00:32.0554 3324  lltdsvc - ok
15:00:32.0586 3324  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts        C:\Windows\System32\lmhsvc.dll
15:00:32.0664 3324  lmhosts - ok
15:00:32.0773 3324  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS            C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:00:32.0804 3324  LMS - ok
15:00:32.0835 3324  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:32.0851 3324  LSI_FC - ok
15:00:32.0866 3324  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS        C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:32.0882 3324  LSI_SAS - ok
15:00:32.0898 3324  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:32.0913 3324  LSI_SAS2 - ok
15:00:32.0929 3324  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:32.0944 3324  LSI_SCSI - ok
15:00:32.0960 3324  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv          C:\Windows\system32\drivers\luafv.sys
15:00:33.0022 3324  luafv - ok
15:00:33.0069 3324  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
15:00:33.0085 3324  Mcx2Svc - ok
15:00:33.0132 3324  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas        C:\Windows\system32\DRIVERS\megasas.sys
15:00:33.0147 3324  megasas - ok
15:00:33.0163 3324  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:33.0194 3324  MegaSR - ok
15:00:33.0225 3324  [ D86AC00883B9C98B570E7643AAF8E554 ] MEI            C:\Windows\system32\DRIVERS\HECI.sys
15:00:33.0272 3324  MEI - ok
15:00:33.0319 3324  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS          C:\Windows\system32\mmcss.dll
15:00:33.0397 3324  MMCSS - ok
15:00:33.0428 3324  [ F001861E5700EE84E2D4E52C712F4964 ] Modem          C:\Windows\system32\drivers\modem.sys
15:00:33.0506 3324  Modem - ok
15:00:33.0568 3324  [ 79D10964DE86B292320E9DFE02282A23 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
15:00:33.0600 3324  monitor - ok
15:00:33.0646 3324  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
15:00:33.0678 3324  mouclass - ok
15:00:33.0678 3324  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
15:00:33.0709 3324  mouhid - ok
15:00:33.0740 3324  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
15:00:33.0756 3324  mountmgr - ok
15:00:33.0787 3324  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
15:00:33.0802 3324  mpio - ok
15:00:33.0818 3324  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
15:00:33.0896 3324  mpsdrv - ok
15:00:33.0943 3324  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
15:00:34.0068 3324  MpsSvc - ok
15:00:34.0099 3324  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
15:00:34.0114 3324  MRxDAV - ok
15:00:34.0177 3324  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:34.0255 3324  mrxsmb - ok
15:00:34.0286 3324  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:34.0317 3324  mrxsmb10 - ok
15:00:34.0333 3324  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:34.0380 3324  mrxsmb20 - ok
15:00:34.0411 3324  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
15:00:34.0442 3324  msahci - ok
15:00:34.0458 3324  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm          C:\Windows\system32\DRIVERS\msdsm.sys
15:00:34.0489 3324  msdsm - ok
15:00:34.0520 3324  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC          C:\Windows\System32\msdtc.exe
15:00:34.0567 3324  MSDTC - ok
15:00:34.0614 3324  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
15:00:34.0692 3324  Msfs - ok
15:00:34.0723 3324  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
15:00:34.0785 3324  mshidkmdf - ok
15:00:34.0816 3324  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
15:00:34.0832 3324  msisadrv - ok
15:00:34.0879 3324  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
15:00:34.0957 3324  MSiSCSI - ok
15:00:34.0957 3324  msiserver - ok
15:00:35.0050 3324  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
15:00:35.0113 3324  MSKSSRV - ok
15:00:35.0144 3324  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:35.0222 3324  MSPCLOCK - ok
15:00:35.0253 3324  [ F456E973590D663B1073E9C463B40932 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
15:00:35.0331 3324  MSPQM - ok
15:00:35.0362 3324  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
15:00:35.0394 3324  MsRPC - ok
15:00:35.0409 3324  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:35.0440 3324  mssmbios - ok
15:00:35.0440 3324  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
15:00:35.0503 3324  MSTEE - ok
15:00:35.0518 3324  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:35.0550 3324  MTConfig - ok
15:00:35.0565 3324  [ 159FAD02F64E6381758C990F753BCC80 ] Mup            C:\Windows\system32\Drivers\mup.sys
15:00:35.0581 3324  Mup - ok
15:00:35.0612 3324  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
15:00:35.0690 3324  napagent - ok
15:00:35.0737 3324  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
15:00:35.0799 3324  NativeWifiP - ok
15:00:35.0846 3324  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
15:00:35.0908 3324  NDIS - ok
15:00:35.0940 3324  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:35.0971 3324  NdisCap - ok
15:00:36.0002 3324  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:36.0064 3324  NdisTapi - ok
15:00:36.0111 3324  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:36.0189 3324  Ndisuio - ok
15:00:36.0220 3324  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:36.0298 3324  NdisWan - ok
15:00:36.0330 3324  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
15:00:36.0408 3324  NDProxy - ok
15:00:36.0439 3324  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
15:00:36.0517 3324  NetBIOS - ok
15:00:36.0532 3324  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
15:00:36.0642 3324  NetBT - ok
15:00:36.0657 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
15:00:36.0688 3324  Netlogon - ok
15:00:36.0735 3324  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
15:00:36.0798 3324  Netman - ok
15:00:36.0829 3324  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
15:00:36.0922 3324  netprofm - ok
15:00:36.0954 3324  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:36.0985 3324  NetTcpPortSharing - ok
15:00:37.0032 3324  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960        C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:37.0047 3324  nfrd960 - ok
15:00:37.0078 3324  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
15:00:37.0141 3324  NlaSvc - ok
15:00:37.0156 3324  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
15:00:37.0188 3324  Npfs - ok
15:00:37.0219 3324  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi            C:\Windows\system32\nsisvc.dll
15:00:37.0281 3324  nsi - ok
15:00:37.0312 3324  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
15:00:37.0359 3324  nsiproxy - ok
15:00:37.0453 3324  [ A8F59428E9F361C7AC42A94AC1560BC9 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
15:00:37.0531 3324  Ntfs - ok
15:00:37.0546 3324  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
15:00:37.0562 3324  Null - ok
15:00:37.0874 3324  [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:00:38.0030 3324  nvlddmkm - ok
15:00:38.0046 3324  [ 33A6E5EFF1E31EC778079EBFDB80EC1E ] nvpciflt        C:\Windows\system32\DRIVERS\nvpciflt.sys
15:00:38.0046 3324  nvpciflt - ok
15:00:38.0077 3324  [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid          C:\Windows\system32\DRIVERS\nvraid.sys
15:00:38.0092 3324  nvraid - ok
15:00:38.0124 3324  [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor          C:\Windows\system32\DRIVERS\nvstor.sys
15:00:38.0155 3324  nvstor - ok
15:00:38.0186 3324  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
15:00:38.0202 3324  nv_agp - ok
15:00:38.0326 3324  [ F0F6BEE889236BB6D6A94560D7EEA2AC ] ogmservice      C:\Program Files\Online Games Manager\ogmservice.exe
15:00:38.0358 3324  ogmservice - ok
15:00:38.0373 3324  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
15:00:38.0389 3324  ohci1394 - ok
15:00:38.0420 3324  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
15:00:38.0467 3324  p2pimsvc - ok
15:00:38.0498 3324  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
15:00:38.0529 3324  p2psvc - ok
15:00:38.0560 3324  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport        C:\Windows\system32\DRIVERS\parport.sys
15:00:38.0607 3324  Parport - ok
15:00:38.0638 3324  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr        C:\Windows\system32\drivers\partmgr.sys
15:00:38.0670 3324  partmgr - ok
15:00:38.0685 3324  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
15:00:38.0732 3324  Parvdm - ok
15:00:38.0779 3324  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
15:00:38.0810 3324  PcaSvc - ok
15:00:38.0841 3324  [ C858CB77C577780ECC456A892E7E7D0F ] pci            C:\Windows\system32\DRIVERS\pci.sys
15:00:38.0872 3324  pci - ok
15:00:38.0888 3324  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
15:00:38.0904 3324  pciide - ok
15:00:38.0950 3324  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:38.0982 3324  pcmcia - ok
15:00:38.0997 3324  [ 250F6B43D2B613172035C6747AEEB19F ] pcw            C:\Windows\system32\drivers\pcw.sys
15:00:39.0013 3324  pcw - ok
15:00:39.0060 3324  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
15:00:39.0169 3324  PEAUTH - ok
15:00:39.0247 3324  [ 9C1BFF7910C89A1D12E57343475840CB ] pla            C:\Windows\system32\pla.dll
15:00:39.0403 3324  pla - ok
15:00:39.0465 3324  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
15:00:39.0559 3324  PlugPlay - ok
15:00:39.0590 3324  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
15:00:39.0637 3324  PNRPAutoReg - ok
15:00:39.0684 3324  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
15:00:39.0715 3324  PNRPsvc - ok
15:00:39.0746 3324  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
15:00:39.0824 3324  PolicyAgent - ok
15:00:39.0855 3324  [ DBFF83F709A91049621C1D35DD45C92C ] Power          C:\Windows\system32\umpo.dll
15:00:39.0949 3324  Power - ok
15:00:39.0996 3324  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
15:00:40.0089 3324  PptpMiniport - ok
15:00:40.0120 3324  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor      C:\Windows\system32\DRIVERS\processr.sys
15:00:40.0167 3324  Processor - ok
15:00:40.0198 3324  [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc        C:\Windows\system32\profsvc.dll
15:00:40.0276 3324  ProfSvc - ok
15:00:40.0308 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:40.0323 3324  ProtectedStorage - ok
15:00:40.0354 3324  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
15:00:40.0448 3324  Psched - ok
15:00:40.0526 3324  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
15:00:40.0604 3324  ql2300 - ok
15:00:40.0620 3324  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:40.0635 3324  ql40xx - ok
15:00:40.0666 3324  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE          C:\Windows\system32\qwave.dll
15:00:40.0698 3324  QWAVE - ok
15:00:40.0713 3324  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
15:00:40.0760 3324  QWAVEdrv - ok
15:00:40.0791 3324  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
15:00:40.0869 3324  RasAcd - ok
15:00:40.0916 3324  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:40.0978 3324  RasAgileVpn - ok
15:00:41.0041 3324  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto        C:\Windows\System32\rasauto.dll
15:00:41.0088 3324  RasAuto - ok
15:00:41.0103 3324  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:41.0134 3324  Rasl2tp - ok
15:00:41.0166 3324  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
15:00:41.0244 3324  RasMan - ok
15:00:41.0275 3324  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:41.0353 3324  RasPppoe - ok
15:00:41.0415 3324  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
15:00:41.0478 3324  RasSstp - ok
15:00:41.0493 3324  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
15:00:41.0587 3324  rdbss - ok
15:00:41.0602 3324  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:41.0618 3324  rdpbus - ok
15:00:41.0634 3324  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:41.0696 3324  RDPCDD - ok
15:00:41.0727 3324  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
15:00:41.0805 3324  RDPENCDD - ok
15:00:41.0852 3324  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
15:00:41.0899 3324  RDPREFMP - ok
15:00:41.0946 3324  [ 801371BA9782282892D00AADB08EE367 ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
15:00:42.0039 3324  RDPWD - ok
15:00:42.0070 3324  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
15:00:42.0102 3324  rdyboost - ok
15:00:42.0133 3324  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
15:00:42.0195 3324  RemoteAccess - ok
15:00:42.0242 3324  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
15:00:42.0320 3324  RemoteRegistry - ok
15:00:42.0351 3324  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
15:00:42.0429 3324  RpcEptMapper - ok
15:00:42.0460 3324  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
15:00:42.0507 3324  RpcLocator - ok
15:00:42.0554 3324  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs          C:\Windows\system32\rpcss.dll
15:00:42.0616 3324  RpcSs - ok
15:00:42.0648 3324  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
15:00:42.0694 3324  rspndr - ok
15:00:42.0710 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs          C:\Windows\system32\lsass.exe
15:00:42.0726 3324  SamSs - ok
15:00:42.0757 3324  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
15:00:42.0772 3324  sbp2port - ok
15:00:42.0788 3324  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
15:00:42.0866 3324  SCardSvr - ok
15:00:42.0897 3324  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
15:00:42.0928 3324  scfilter - ok
15:00:43.0006 3324  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
15:00:43.0084 3324  Schedule - ok
15:00:43.0100 3324  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc    C:\Windows\System32\certprop.dll
15:00:43.0147 3324  SCPolicySvc - ok
15:00:43.0194 3324  [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
15:00:43.0240 3324  sdbus - ok
15:00:43.0287 3324  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
15:00:43.0318 3324  SDRSVC - ok
15:00:43.0350 3324  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
15:00:43.0443 3324  secdrv - ok
15:00:43.0459 3324  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
15:00:43.0537 3324  seclogon - ok
15:00:43.0568 3324  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
15:00:43.0646 3324  SENS - ok
15:00:43.0693 3324  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
15:00:43.0755 3324  SensrSvc - ok
15:00:43.0786 3324  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum        C:\Windows\system32\DRIVERS\serenum.sys
15:00:43.0786 3324  Serenum - ok
15:00:43.0818 3324  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
15:00:43.0833 3324  Serial - ok
15:00:43.0849 3324  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
15:00:43.0864 3324  sermouse - ok
15:00:43.0896 3324  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
15:00:43.0927 3324  SessionEnv - ok
15:00:43.0974 3324  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
15:00:44.0036 3324  sffdisk - ok
15:00:44.0083 3324  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:00:44.0114 3324  sffp_mmc - ok
15:00:44.0130 3324  [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
15:00:44.0161 3324  sffp_sd - ok
15:00:44.0176 3324  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy        C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:44.0208 3324  sfloppy - ok
15:00:44.0239 3324  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
15:00:44.0301 3324  SharedAccess - ok
15:00:44.0332 3324  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:44.0379 3324  ShellHWDetection - ok
15:00:44.0395 3324  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
15:00:44.0410 3324  sisagp - ok
15:00:44.0426 3324  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:44.0442 3324  SiSRaid2 - ok
15:00:44.0457 3324  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:44.0473 3324  SiSRaid4 - ok
15:00:44.0504 3324  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb            C:\Windows\system32\DRIVERS\smb.sys
15:00:44.0551 3324  Smb - ok
15:00:44.0598 3324  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
15:00:44.0644 3324  SNMPTRAP - ok
15:00:44.0691 3324  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr          C:\Windows\system32\drivers\spldr.sys
15:00:44.0707 3324  spldr - ok
15:00:44.0785 3324  [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler        C:\Windows\System32\spoolsv.exe
15:00:44.0847 3324  Spooler - ok
15:00:44.0972 3324  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
15:00:45.0112 3324  sppsvc - ok
15:00:45.0144 3324  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
15:00:45.0237 3324  sppuinotify - ok
15:00:45.0284 3324  [ 2DBEDFB1853F06110EC2AA7F3213C89F ] srv            C:\Windows\system32\DRIVERS\srv.sys
15:00:45.0346 3324  srv - ok
15:00:45.0378 3324  [ DB37131D1027C50EA7EE21C8BB4536AA ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
15:00:45.0409 3324  srv2 - ok
15:00:45.0424 3324  [ F5980B74124DB9233B33F86FC5EBBB4F ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
15:00:45.0471 3324  srvnet - ok
15:00:45.0518 3324  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
15:00:45.0596 3324  SSDPSRV - ok
15:00:45.0627 3324  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
15:00:45.0705 3324  SstpSvc - ok
15:00:45.0752 3324  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
15:00:45.0768 3324  stexstor - ok
15:00:45.0814 3324  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
15:00:45.0892 3324  StiSvc - ok
15:00:45.0924 3324  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
15:00:45.0939 3324  swenum - ok
15:00:45.0970 3324  [ A28BD92DF340E57B024BA433165D34D7 ] swprv          C:\Windows\System32\swprv.dll
15:00:46.0048 3324  swprv - ok
15:00:46.0095 3324  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain        C:\Windows\system32\sysmain.dll
15:00:46.0220 3324  SysMain - ok
15:00:46.0236 3324  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:46.0282 3324  TabletInputService - ok
15:00:46.0392 3324  [ 47CC67FA0AD6D5448D256D1343C6EC38 ] TAG_Service    C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe
15:00:46.0423 3324  TAG_Service - ok
15:00:46.0470 3324  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv        C:\Windows\System32\tapisrv.dll
15:00:46.0548 3324  TapiSrv - ok
15:00:46.0579 3324  [ B799D9FDB26111737F58288D8DC172D9 ] TBS            C:\Windows\System32\tbssvc.dll
15:00:46.0626 3324  TBS - ok
15:00:46.0704 3324  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
15:00:46.0797 3324  Tcpip - ok
15:00:46.0844 3324  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
15:00:46.0906 3324  TCPIP6 - ok
15:00:46.0938 3324  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
15:00:46.0984 3324  tcpipreg - ok
15:00:47.0016 3324  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
15:00:47.0078 3324  TDPIPE - ok
15:00:47.0125 3324  [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
15:00:47.0187 3324  TDTCP - ok
15:00:47.0203 3324  [ CB39E896A2A83702D1737BFD402B3542 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
15:00:47.0265 3324  tdx - ok
15:00:47.0312 3324  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
15:00:47.0328 3324  TermDD - ok
15:00:47.0374 3324  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService    C:\Windows\System32\termsrv.dll
15:00:47.0484 3324  TermService - ok
15:00:47.0515 3324  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
15:00:47.0562 3324  Themes - ok
15:00:47.0593 3324  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER    C:\Windows\system32\mmcss.dll
15:00:47.0640 3324  THREADORDER - ok
15:00:47.0655 3324  tkwnteqh - ok
15:00:47.0686 3324  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
15:00:47.0733 3324  TrkWks - ok
15:00:47.0780 3324  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:47.0811 3324  TrustedInstaller - ok
15:00:47.0842 3324  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:47.0920 3324  tssecsrv - ok
15:00:47.0983 3324  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
15:00:48.0030 3324  tunnel - ok
15:00:48.0076 3324  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
15:00:48.0092 3324  uagp35 - ok
15:00:48.0123 3324  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
15:00:48.0217 3324  udfs - ok
15:00:48.0264 3324  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
15:00:48.0295 3324  UI0Detect - ok
15:00:48.0357 3324  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
15:00:48.0373 3324  uliagpkx - ok
15:00:48.0404 3324  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
15:00:48.0451 3324  umbus - ok
15:00:48.0482 3324  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
15:00:48.0513 3324  UmPass - ok
15:00:48.0654 3324  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS            C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:00:48.0794 3324  UNS - ok
15:00:48.0825 3324  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
15:00:48.0903 3324  upnphost - ok
15:00:48.0934 3324  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:48.0950 3324  usbccgp - ok
15:00:48.0981 3324  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
15:00:49.0028 3324  usbcir - ok
15:00:49.0059 3324  [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
15:00:49.0106 3324  usbehci - ok
15:00:49.0153 3324  [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
15:00:49.0184 3324  usbhub - ok
15:00:49.0200 3324  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci        C:\Windows\system32\DRIVERS\usbohci.sys
15:00:49.0246 3324  usbohci - ok
15:00:49.0278 3324  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
15:00:49.0324 3324  usbprint - ok
15:00:49.0356 3324  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:49.0387 3324  USBSTOR - ok
15:00:49.0387 3324  [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
15:00:49.0434 3324  usbuhci - ok
15:00:49.0480 3324  [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
15:00:49.0543 3324  usbvideo - ok
15:00:49.0574 3324  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms          C:\Windows\System32\uxsms.dll
15:00:49.0621 3324  UxSms - ok
15:00:49.0636 3324  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
15:00:49.0652 3324  VaultSvc - ok
15:00:49.0699 3324  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
15:00:49.0714 3324  vdrvroot - ok
15:00:49.0746 3324  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds            C:\Windows\System32\vds.exe
15:00:49.0824 3324  vds - ok
15:00:49.0839 3324  [ 17C408214EA61696CEC9C66E388B14F3 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:49.0870 3324  vga - ok
15:00:49.0886 3324  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave        C:\Windows\System32\drivers\vga.sys
15:00:49.0964 3324  VgaSave - ok
15:00:50.0011 3324  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp          C:\Windows\system32\DRIVERS\vhdmp.sys
15:00:50.0026 3324  vhdmp - ok
15:00:50.0042 3324  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
15:00:50.0058 3324  viaagp - ok
15:00:50.0073 3324  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7          C:\Windows\system32\DRIVERS\viac7.sys
15:00:50.0120 3324  ViaC7 - ok
15:00:50.0151 3324  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
15:00:50.0167 3324  viaide - ok
15:00:50.0198 3324  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
15:00:50.0214 3324  volmgr - ok
15:00:50.0245 3324  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
15:00:50.0276 3324  volmgrx - ok
15:00:50.0307 3324  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap        C:\Windows\system32\DRIVERS\volsnap.sys
15:00:50.0338 3324  volsnap - ok
15:00:50.0370 3324  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid        C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:50.0401 3324  vsmraid - ok
15:00:50.0463 3324  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS            C:\Windows\system32\vssvc.exe
15:00:50.0557 3324  VSS - ok
15:00:50.0572 3324  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
15:00:50.0604 3324  vwifibus - ok
15:00:50.0635 3324  [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt        C:\Windows\system32\DRIVERS\vwififlt.sys
15:00:50.0666 3324  VWiFiFlt - ok
15:00:50.0666 3324  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
15:00:50.0713 3324  vwifimp - ok
15:00:50.0760 3324  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time        C:\Windows\system32\w32time.dll
15:00:50.0806 3324  W32Time - ok
15:00:50.0822 3324  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
15:00:50.0822 3324  WacomPen - ok
15:00:50.0853 3324  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
15:00:50.0916 3324  WANARP - ok
15:00:50.0931 3324  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
15:00:50.0962 3324  Wanarpv6 - ok
15:00:51.0056 3324  [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:51.0150 3324  WatAdminSvc - ok
15:00:51.0196 3324  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
15:00:51.0337 3324  wbengine - ok
15:00:51.0352 3324  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
15:00:51.0399 3324  WbioSrvc - ok
15:00:51.0446 3324  [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
15:00:51.0508 3324  wcncsvc - ok
15:00:51.0540 3324  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:00:51.0571 3324  WcsPlugInService - ok
15:00:51.0602 3324  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
15:00:51.0618 3324  Wd - ok
15:00:51.0633 3324  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
15:00:51.0680 3324  Wdf01000 - ok
15:00:51.0696 3324  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
15:00:51.0742 3324  WdiServiceHost - ok
15:00:51.0758 3324  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
15:00:51.0789 3324  WdiSystemHost - ok
15:00:51.0836 3324  [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient      C:\Windows\System32\webclnt.dll
15:00:51.0898 3324  WebClient - ok
15:00:51.0930 3324  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
15:00:51.0992 3324  Wecsvc - ok
15:00:51.0992 3324  [ AC804569BB2364FB6017370258A4091B ] wercplsupport  C:\Windows\System32\wercplsupport.dll
15:00:52.0054 3324  wercplsupport - ok
15:00:52.0086 3324  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
15:00:52.0148 3324  WerSvc - ok
15:00:52.0210 3324  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:52.0288 3324  WfpLwf - ok
15:00:52.0320 3324  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
15:00:52.0335 3324  WIMMount - ok
15:00:52.0398 3324  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend      C:\Program Files\Windows Defender\mpsvc.dll
15:00:52.0491 3324  WinDefend - ok
15:00:52.0491 3324  WinHttpAutoProxySvc - ok
15:00:52.0569 3324  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
15:00:52.0647 3324  Winmgmt - ok
15:00:52.0725 3324  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM          C:\Windows\system32\WsmSvc.dll
15:00:52.0819 3324  WinRM - ok
15:00:52.0866 3324  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:52.0912 3324  WinUsb - ok
15:00:52.0975 3324  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc        C:\Windows\System32\wlansvc.dll
15:00:53.0053 3324  Wlansvc - ok
15:00:53.0068 3324  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:53.0084 3324  WmiAcpi - ok
15:00:53.0115 3324  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
15:00:53.0178 3324  wmiApSrv - ok
15:00:53.0256 3324  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
15:00:53.0349 3324  WMPNetworkSvc - ok
15:00:53.0380 3324  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
15:00:53.0443 3324  WPCSvc - ok
15:00:53.0458 3324  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
15:00:53.0521 3324  WPDBusEnum - ok
15:00:53.0552 3324  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
15:00:53.0614 3324  ws2ifsl - ok
15:00:53.0630 3324  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
15:00:53.0661 3324  wscsvc - ok
15:00:53.0661 3324  WSearch - ok
15:00:53.0755 3324  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
15:00:53.0895 3324  wuauserv - ok
15:00:53.0911 3324  [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
15:00:53.0989 3324  WudfPf - ok
15:00:54.0036 3324  [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:54.0098 3324  WUDFRd - ok
15:00:54.0129 3324  [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
15:00:54.0192 3324  wudfsvc - ok
15:00:54.0223 3324  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc        C:\Windows\System32\wwansvc.dll
15:00:54.0285 3324  WwanSvc - ok
15:00:54.0426 3324  [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
15:00:54.0441 3324  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:00:54.0441 3324  Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:00:54.0488 3324  ================ Scan global ===============================
15:00:54.0519 3324  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
15:00:54.0582 3324  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
15:00:54.0597 3324  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
15:00:54.0628 3324  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:00:54.0675 3324  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:00:54.0691 3324  [Global] - ok
15:00:54.0691 3324  ================ Scan MBR ==================================
15:00:54.0691 3324  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:00:54.0956 3324  \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:00:54.0956 3324  \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:00:54.0972 3324  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
15:00:55.0159 3324  \Device\Harddisk1\DR1 - ok
15:00:55.0159 3324  ================ Scan VBR ==================================
15:00:55.0159 3324  [ 4E4FAACCFC9B0AB503031FCA80331195 ] \Device\Harddisk0\DR0\Partition1
15:00:55.0159 3324  \Device\Harddisk0\DR0\Partition1 - ok
15:00:55.0206 3324  [ 19D82606CCD617B68FB9066D5967FC6B ] \Device\Harddisk0\DR0\Partition2
15:00:55.0206 3324  \Device\Harddisk0\DR0\Partition2 - ok
15:00:55.0206 3324  [ 13E40243626253E58505B57C94C400BB ] \Device\Harddisk1\DR1\Partition1
15:00:55.0221 3324  \Device\Harddisk1\DR1\Partition1 - ok
15:00:55.0221 3324  ============================================================
15:00:55.0221 3324  Scan finished
15:00:55.0221 3324  ============================================================
15:00:55.0237 3316  Detected object count: 3
15:00:55.0237 3316  Actual detected object count: 3
15:01:12.0475 3316  atapi ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:12.0475 3316  atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:12.0475 3316  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:12.0475 3316  Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:12.0475 3316  \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:01:12.0475 3316  \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:01:44.0997 0308  Deinitialize success

aharonov 28.06.2013 16:50
Hallo,

ja da liegt noch mehr im Argen...


Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    C:\Windows\system32\DRIVERS\atapi.sys
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.

gorbiWTF 03.07.2013 17:26
Danke für die große Hilfe, aber der "Kunde" (ein Bekannter eines Bekannten) wollte sein Notebook unbedingt wieder zurück haben. Ich hab ihn darauf hingewiesen, dass das Problem noch nicht beseitigt sei, aber er lies nicht mit sich reden.
Was soll man machen, wenn jemanden nicht geholfen werden will?! :D

Danke vielmals und noch einen schönen Tag :)

aharonov 03.07.2013 17:31
Ja man kann die Leute nicht zu ihrem Glück zwingen. :)
Danke für die Mitteilung.

Du kannst dem "Kunden" ausrichten, dass sein Laptop weiterhin infiziert und unsicher ist und wohl auch bald wieder "sichtbare" Symptome auftreten werden.


Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131