Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/ATRAPS.Gen2 und TR/Sirefef.AG.35 (https://www.trojaner-board.de/118105-tr-atraps-gen2-tr-sirefef-ag-35-a.html)

tomatriga 27.06.2012 21:23
TR/ATRAPS.Gen2 und TR/Sirefef.AG.35
 
Hallo zusammen,

zwei Probleme hat mein Avira festgestellt:

In der Datei 'C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@'
wurde ein Virus oder unerwünschtes Programm 'TR/ATRAPS.Gen2' [trojan] gefunden.

In der Datei 'C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@'
wurde ein Virus oder unerwünschtes Programm 'TR/Sirefef.AG.35' [trojan] gefunden.

Habe mich an die regeln gehalten und daher hier die Logs:

OTL
Code:
OTL logfile created on: 27.06.2012 21:02:30 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Krokodil_2\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,43 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 73,37% Memory free
4,85 Gb Paging File | 3,87 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 436,22 Gb Free Space | 93,68% Space Free | Partition Type: NTFS
 
Computer Name: KROKODIL-PC | User Name: Krokodil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 20:57:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Krokodil_2\Downloads\OTL.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.07.06 10:22:45 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.27 12:04:27 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.04 14:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 23:26:58 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.22 03:19:24 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.04.13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.22 14:46:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.22 14:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.22 14:45:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.24 17:48:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.14 16:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 16:47:13 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.14 16:47:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 16:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 16:47:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 16:47:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.09 15:50:00 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.09.09 14:11:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.16 10:59:12 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.07.06 10:22:45 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 12:04:27 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - [2011.07.06 10:22:46 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.06 10:22:46 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.03.30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 23:44:38 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.08 22:52:32 | 000,222,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.27 23:02:46 | 009,023,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2010.07.22 03:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.06.17 14:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 14:21:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.30 17:21:00 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2010.01.11 14:31:00 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.17 14:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.08 17:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Extensions
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Firefox\Profiles\1qvyutew.default\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.04.17 14:58:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:06:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.17 14:58:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.17 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.17 14:58:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 14:58:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.17 14:58:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.17 14:58:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100ADBEC-3DE1-4F2B-BE40-FAF300B8C328}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5182D2D-D8FB-4A1D-A45D-14F8D15CF306}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.27 20:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.27 20:55:52 | 000,000,000 | ---- | M] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.27 20:46:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:46:58 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.27 20:43:18 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.27 20:43:18 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.27 20:43:18 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.27 20:43:18 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.27 20:38:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.27 20:38:41 | 1954,959,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.25 11:24:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
[2012.06.22 14:44:29 | 000,338,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.06.27 20:55:52 | 000,000,000 | ---- | C] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.26 11:34:42 | 000,018,944 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@
[2012.06.26 11:30:22 | 000,012,288 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@
[2012.06.24 11:40:40 | 000,001,648 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@
[2012.01.13 12:54:05 | 000,002,048 | -HS- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@
[2011.04.17 16:46:29 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.08 03:44:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.08 03:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.08 03:35:31 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2011.04.08 03:30:19 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 02:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.08 02:54:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.07.27 23:01:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.07.27 23:01:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.27 23:01:08 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.07.27 22:20:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.07.27 22:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.27 22:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.27 22:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
 
========== LOP Check ==========
 
[2012.05.07 18:10:51 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Die Extra.txt und gmer.txt habe ich als zip Datei angehängt.

Vielen Dank für die Hilfe.

Chris4You 28.06.2012 07:00
Hi,

Fix für OTL:
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif
Code:

:OTL
[2012.06.26 11:34:42 | 000,018,944 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@
[2012.06.26 11:30:22 | 000,012,288 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@
[2012.06.24 11:40:40 | 000,001,648 | ---- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@
[2012.01.13 12:54:05 | 000,002,048 | -HS- | C] () -- C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@

:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Stelle den Killer wir folgt ein:
http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg
Dann den Scan starten durch (Start Scan).
Wenn der Scan fertig ist bitte "Report" anwählen (eventuelle Funde erstmal mit Skip übergehen). Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

tomatriga 28.06.2012 09:14
Hi,
danke für deine Hilfe. hier die Scan Ergebnisse.

OTL:

Code:
All processes killed
========== OTL ==========
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@ moved successfully.
C:\Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Krokodil
->Temp folder emptied: 12774251 bytes
->Temporary Internet Files folder emptied: 18578147 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 17856874 bytes
 
User: Krokodil_2
->Temp folder emptied: 110534273 bytes
->Temporary Internet Files folder emptied: 31739989 bytes
->Java cache emptied: 199805 bytes
->FireFox cache emptied: 899454654 bytes
->Google Chrome cache emptied: 10928868 bytes
->Flash cache emptied: 2427 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 140489014 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.185,00 mb
 
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.53.0 log created on 06282012_095536
TDS Log:

Code:
10:07:09.0521 2936        TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
10:07:09.0567 2936        ============================================================
10:07:09.0567 2936        Current date / time: 2012/06/28 10:07:09.0567
10:07:09.0567 2936        SystemInfo:
10:07:09.0567 2936       
10:07:09.0567 2936        OS Version: 6.1.7601 ServicePack: 1.0
10:07:09.0567 2936        Product type: Workstation
10:07:09.0567 2936        ComputerName: KROKODIL-PC
10:07:09.0567 2936        UserName: Krokodil
10:07:09.0567 2936        Windows directory: C:\Windows
10:07:09.0567 2936        System windows directory: C:\Windows
10:07:09.0567 2936        Processor architecture: Intel x86
10:07:09.0567 2936        Number of processors: 4
10:07:09.0567 2936        Page size: 0x1000
10:07:09.0567 2936        Boot type: Normal boot
10:07:09.0567 2936        ============================================================
10:07:10.0176 2936        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
10:07:10.0191 2936        ============================================================
10:07:10.0191 2936        \Device\Harddisk0\DR0:
10:07:10.0191 2936        MBR partitions:
10:07:10.0191 2936        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:07:10.0191 2936        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
10:07:10.0191 2936        ============================================================
10:07:10.0238 2936        C: <-> \Device\Harddisk0\DR0\Partition1
10:07:10.0238 2936        ============================================================
10:07:10.0238 2936        Initialize success
10:07:10.0238 2936        ============================================================
10:07:43.0763 0248        ============================================================
10:07:43.0763 0248        Scan started
10:07:43.0763 0248        Mode: Manual; SigCheck; TDLFS;
10:07:43.0763 0248        ============================================================
10:07:44.0121 0248        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:07:44.0262 0248        1394ohci - ok
10:07:44.0293 0248        Accelerometer  (cc1f1d3d70dc13c2c281488d347d4415) C:\Windows\system32\DRIVERS\Accelerometer.sys
10:07:44.0324 0248        Accelerometer - ok
10:07:44.0355 0248        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:07:44.0387 0248        ACPI - ok
10:07:44.0402 0248        AcpiPmi        (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:07:44.0496 0248        AcpiPmi - ok
10:07:44.0574 0248        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:07:44.0589 0248        AdobeARMservice - ok
10:07:44.0652 0248        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:07:44.0699 0248        adp94xx - ok
10:07:44.0714 0248        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:07:44.0745 0248        adpahci - ok
10:07:44.0761 0248        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:07:44.0792 0248        adpu320 - ok
10:07:44.0823 0248        AeLookupSvc    (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:07:44.0948 0248        AeLookupSvc - ok
10:07:45.0026 0248        AESTFilters    (827dbc22c96eecf6d36a13162fabafd3) C:\Program Files\IDT\WDM\aestsrv.exe
10:07:45.0089 0248        AESTFilters - ok
10:07:45.0151 0248        AFD            (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:07:45.0229 0248        AFD - ok
10:07:45.0260 0248        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:07:45.0291 0248        agp440 - ok
10:07:45.0338 0248        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:07:45.0354 0248        aic78xx - ok
10:07:45.0401 0248        ALG            (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:07:45.0463 0248        ALG - ok
10:07:45.0510 0248        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:07:45.0525 0248        aliide - ok
10:07:45.0572 0248        AMD External Events Utility (14c7d74ac4f90f881659532f4ce74f83) C:\Windows\system32\atiesrxx.exe
10:07:45.0650 0248        AMD External Events Utility - ok
10:07:45.0713 0248        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:07:45.0744 0248        amdagp - ok
10:07:45.0759 0248        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:07:45.0775 0248        amdide - ok
10:07:45.0791 0248        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:07:45.0822 0248        AmdK8 - ok
10:07:46.0149 0248        amdkmdag        (280578aa4f589bfda3a76375a47a26b5) C:\Windows\system32\DRIVERS\atikmdag.sys
10:07:46.0337 0248        amdkmdag - ok
10:07:46.0493 0248        amdkmdap        (ba43ee7d325877677bad4d0b3ccde02a) C:\Windows\system32\DRIVERS\atikmpag.sys
10:07:46.0539 0248        amdkmdap - ok
10:07:46.0586 0248        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:07:46.0633 0248        AmdPPM - ok
10:07:46.0680 0248        amdsata        (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:07:46.0695 0248        amdsata - ok
10:07:46.0727 0248        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:07:46.0758 0248        amdsbs - ok
10:07:46.0773 0248        amdxata        (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:07:46.0789 0248        amdxata - ok
10:07:46.0898 0248        AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
10:07:46.0914 0248        AntiVirSchedulerService - ok
10:07:46.0929 0248        AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
10:07:46.0945 0248        AntiVirService - ok
10:07:46.0992 0248        AppID          (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:07:47.0054 0248        AppID - ok
10:07:47.0085 0248        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:07:47.0163 0248        AppIDSvc - ok
10:07:47.0179 0248        Appinfo        (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:07:47.0241 0248        Appinfo - ok
10:07:47.0288 0248        AppMgmt        (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:07:47.0351 0248        AppMgmt - ok
10:07:47.0382 0248        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:07:47.0413 0248        arc - ok
10:07:47.0429 0248        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:07:47.0460 0248        arcsas - ok
10:07:47.0475 0248        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:07:47.0585 0248        AsyncMac - ok
10:07:47.0616 0248        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:07:47.0647 0248        atapi - ok
10:07:47.0694 0248        AtiHdmiService  (8df873d0587596c1d35a9cececc61da1) C:\Windows\system32\drivers\AtiHdmi.sys
10:07:47.0725 0248        AtiHdmiService - ok
10:07:47.0772 0248        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:07:47.0850 0248        AudioEndpointBuilder - ok
10:07:47.0865 0248        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:07:47.0928 0248        Audiosrv - ok
10:07:47.0959 0248        avgntflt        (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
10:07:47.0975 0248        avgntflt - ok
10:07:48.0006 0248        avipbb          (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
10:07:48.0021 0248        avipbb - ok
10:07:48.0068 0248        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:07:48.0146 0248        AxInstSV - ok
10:07:48.0193 0248        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:07:48.0255 0248        b06bdrv - ok
10:07:48.0287 0248        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:07:48.0333 0248        b57nd60x - ok
10:07:48.0567 0248        BCM43XX        (9e209171c51b1d750f53777253b80e81) C:\Windows\system32\DRIVERS\bcmwl6.sys
10:07:48.0723 0248        BCM43XX - ok
10:07:48.0817 0248        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:07:48.0895 0248        BDESVC - ok
10:07:48.0942 0248        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:07:48.0989 0248        Beep - ok
10:07:49.0035 0248        BFE            (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:07:49.0113 0248        BFE - ok
10:07:49.0176 0248        BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:07:49.0254 0248        BITS - ok
10:07:49.0285 0248        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:07:49.0332 0248        blbdrive - ok
10:07:49.0363 0248        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:07:49.0425 0248        bowser - ok
10:07:49.0425 0248        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:07:49.0503 0248        BrFiltLo - ok
10:07:49.0503 0248        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:07:49.0550 0248        BrFiltUp - ok
10:07:49.0581 0248        Browser        (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:07:49.0644 0248        Browser - ok
10:07:49.0691 0248        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:07:49.0769 0248        Brserid - ok
10:07:49.0769 0248        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:07:49.0815 0248        BrSerWdm - ok
10:07:49.0831 0248        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:07:49.0878 0248        BrUsbMdm - ok
10:07:49.0878 0248        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:07:49.0909 0248        BrUsbSer - ok
10:07:49.0909 0248        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:07:49.0940 0248        BTHMODEM - ok
10:07:50.0003 0248        bthserv        (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:07:50.0081 0248        bthserv - ok
10:07:50.0112 0248        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:07:50.0174 0248        cdfs - ok
10:07:50.0221 0248        cdrom          (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
10:07:50.0237 0248        cdrom - ok
10:07:50.0283 0248        CertPropSvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:07:50.0346 0248        CertPropSvc - ok
10:07:50.0361 0248        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:07:50.0393 0248        circlass - ok
10:07:50.0424 0248        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:07:50.0455 0248        CLFS - ok
10:07:50.0517 0248        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:07:50.0533 0248        clr_optimization_v2.0.50727_32 - ok
10:07:50.0595 0248        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:07:50.0627 0248        clr_optimization_v4.0.30319_32 - ok
10:07:50.0642 0248        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:07:50.0658 0248        CmBatt - ok
10:07:50.0689 0248        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:07:50.0705 0248        cmdide - ok
10:07:50.0751 0248        CNG            (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:07:50.0798 0248        CNG - ok
10:07:50.0814 0248        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:07:50.0829 0248        Compbatt - ok
10:07:50.0845 0248        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:07:50.0892 0248        CompositeBus - ok
10:07:50.0923 0248        COMSysApp - ok
10:07:50.0939 0248        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:07:50.0954 0248        crcdisk - ok
10:07:51.0001 0248        CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:07:51.0063 0248        CryptSvc - ok
10:07:51.0110 0248        CSC            (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:07:51.0173 0248        CSC - ok
10:07:51.0219 0248        CscService      (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:07:51.0266 0248        CscService - ok
10:07:51.0313 0248        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:07:51.0391 0248        DcomLaunch - ok
10:07:51.0422 0248        defragsvc      (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:07:51.0500 0248        defragsvc - ok
10:07:51.0563 0248        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:07:51.0641 0248        DfsC - ok
10:07:51.0703 0248        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:07:51.0765 0248        Dhcp - ok
10:07:51.0797 0248        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:07:51.0859 0248        discache - ok
10:07:51.0906 0248        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:07:51.0921 0248        Disk - ok
10:07:51.0953 0248        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:07:51.0999 0248        Dnscache - ok
10:07:52.0031 0248        dot3svc        (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:07:52.0093 0248        dot3svc - ok
10:07:52.0140 0248        DPS            (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:07:52.0187 0248        DPS - ok
10:07:52.0218 0248        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:07:52.0249 0248        drmkaud - ok
10:07:52.0311 0248        DXGKrnl        (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:07:52.0358 0248        DXGKrnl - ok
10:07:52.0389 0248        E1G60          (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
10:07:52.0436 0248        E1G60 - ok
10:07:52.0467 0248        EapHost        (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:07:52.0514 0248        EapHost - ok
10:07:52.0670 0248        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:07:52.0779 0248        ebdrv - ok
10:07:52.0889 0248        EFS            (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:07:52.0935 0248        EFS - ok
10:07:53.0013 0248        ehRecvr        (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:07:53.0076 0248        ehRecvr - ok
10:07:53.0107 0248        ehSched        (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:07:53.0169 0248        ehSched - ok
10:07:53.0232 0248        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:07:53.0279 0248        elxstor - ok
10:07:53.0294 0248        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:07:53.0341 0248        ErrDev - ok
10:07:53.0388 0248        EventSystem    (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:07:53.0466 0248        EventSystem - ok
10:07:53.0497 0248        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:07:53.0575 0248        exfat - ok
10:07:53.0606 0248        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:07:53.0669 0248        fastfat - ok
10:07:53.0731 0248        Fax            (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:07:53.0793 0248        Fax - ok
10:07:53.0825 0248        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:07:53.0856 0248        fdc - ok
10:07:53.0887 0248        fdPHost        (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:07:53.0965 0248        fdPHost - ok
10:07:53.0996 0248        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:07:54.0059 0248        FDResPub - ok
10:07:54.0090 0248        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:07:54.0105 0248        FileInfo - ok
10:07:54.0121 0248        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:07:54.0183 0248        Filetrace - ok
10:07:54.0199 0248        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:07:54.0246 0248        flpydisk - ok
10:07:54.0277 0248        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:07:54.0308 0248        FltMgr - ok
10:07:54.0371 0248        FontCache      (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
10:07:54.0449 0248        FontCache - ok
10:07:54.0542 0248        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:07:54.0573 0248        FontCache3.0.0.0 - ok
10:07:54.0589 0248        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:07:54.0605 0248        FsDepends - ok
10:07:54.0651 0248        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:07:54.0667 0248        Fs_Rec - ok
10:07:54.0714 0248        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:07:54.0729 0248        fvevol - ok
10:07:54.0761 0248        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:07:54.0792 0248        gagp30kx - ok
10:07:54.0854 0248        gpsvc          (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:07:54.0932 0248        gpsvc - ok
10:07:54.0963 0248        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:07:55.0026 0248        hcw85cir - ok
10:07:55.0073 0248        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:07:55.0119 0248        HdAudAddService - ok
10:07:55.0166 0248        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:07:55.0213 0248        HDAudBus - ok
10:07:55.0385 0248        HECI            (a88485dc6a7136c10d9a6c7e38fdfe3c) C:\Windows\system32\DRIVERS\HECI.sys
10:07:55.0463 0248        HECI - ok
10:07:55.0494 0248        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:07:55.0541 0248        HidBatt - ok
10:07:55.0665 0248        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:07:55.0712 0248        HidBth - ok
10:07:55.0743 0248        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:07:55.0790 0248        HidIr - ok
10:07:55.0837 0248        hidserv        (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:07:55.0884 0248        hidserv - ok
10:07:55.0993 0248        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
10:07:56.0009 0248        HidUsb - ok
10:07:56.0071 0248        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:07:56.0118 0248        hkmsvc - ok
10:07:56.0196 0248        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:07:56.0305 0248        HomeGroupListener - ok
10:07:56.0414 0248        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:07:56.0477 0248        HomeGroupProvider - ok
10:07:56.0508 0248        hpdskflt        (4ef10b866c62abbeaf7511cdd05a19be) C:\Windows\system32\DRIVERS\hpdskflt.sys
10:07:56.0523 0248        hpdskflt - ok
10:07:56.0586 0248        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:07:56.0601 0248        HpSAMD - ok
10:07:56.0664 0248        hpsrv          (c0beb56ed79b59b7b33d0aa6c38a0ba6) C:\Windows\system32\Hpservice.exe
10:07:56.0679 0248        hpsrv - ok
10:07:57.0069 0248        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:07:57.0147 0248        HTTP - ok
10:07:57.0225 0248        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:07:57.0257 0248        hwpolicy - ok
10:07:57.0381 0248        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:07:57.0428 0248        i8042prt - ok
10:07:57.0584 0248        iaStor          (e11ed9b1ea60e747655e1090c7509d08) C:\Windows\system32\DRIVERS\iaStor.sys
10:07:57.0615 0248        iaStor - ok
10:07:57.0771 0248        IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:07:57.0787 0248        IAStorDataMgrSvc - ok
10:07:58.0068 0248        iaStorV        (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:07:58.0099 0248        iaStorV - ok
10:07:58.0489 0248        idsvc          (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:07:58.0567 0248        idsvc - ok
10:07:58.0661 0248        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:07:58.0692 0248        iirsp - ok
10:07:58.0879 0248        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:07:58.0973 0248        IKEEXT - ok
10:07:59.0066 0248        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:07:59.0082 0248        intelide - ok
10:07:59.0815 0248        intelkmd        (db7413cf09d74231720f78737dcf4188) C:\Windows\system32\DRIVERS\igdpmd32.sys
10:08:00.0127 0248        intelkmd - ok
10:08:00.0267 0248        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:08:00.0299 0248        intelppm - ok
10:08:00.0314 0248        IPBusEnum      (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:08:00.0377 0248        IPBusEnum - ok
10:08:00.0439 0248        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:08:00.0501 0248        IpFilterDriver - ok
10:08:00.0564 0248        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:08:00.0626 0248        iphlpsvc - ok
10:08:01.0063 0248        IPMIDRV        (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:08:01.0110 0248        IPMIDRV - ok
10:08:01.0203 0248        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:08:01.0281 0248        IPNAT - ok
10:08:01.0328 0248        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:08:01.0406 0248        IRENUM - ok
10:08:01.0484 0248        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:08:01.0500 0248        isapnp - ok
10:08:01.0718 0248        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:08:01.0749 0248        iScsiPrt - ok
10:08:01.0843 0248        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:08:01.0859 0248        kbdclass - ok
10:08:01.0937 0248        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:08:01.0968 0248        kbdhid - ok
10:08:02.0015 0248        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:02.0046 0248        KeyIso - ok
10:08:02.0077 0248        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:08:02.0093 0248        KSecDD - ok
10:08:02.0186 0248        KSecPkg        (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:08:02.0217 0248        KSecPkg - ok
10:08:02.0264 0248        KtmRm          (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:08:02.0358 0248        KtmRm - ok
10:08:02.0420 0248        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:08:02.0498 0248        LanmanServer - ok
10:08:02.0529 0248        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:08:02.0607 0248        LanmanWorkstation - ok
10:08:02.0701 0248        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:08:02.0779 0248        lltdio - ok
10:08:02.0826 0248        lltdsvc        (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:08:02.0888 0248        lltdsvc - ok
10:08:02.0904 0248        lmhosts        (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:08:02.0982 0248        lmhosts - ok
10:08:03.0122 0248        LMS            (6d515466ab8bfe61184092b635ae6eb4) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:08:03.0153 0248        LMS - ok
10:08:03.0185 0248        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:08:03.0216 0248        LSI_FC - ok
10:08:03.0231 0248        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:08:03.0263 0248        LSI_SAS - ok
10:08:03.0278 0248        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:08:03.0294 0248        LSI_SAS2 - ok
10:08:03.0387 0248        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:08:03.0403 0248        LSI_SCSI - ok
10:08:03.0434 0248        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:08:03.0497 0248        luafv - ok
10:08:03.0543 0248        Mcx2Svc        (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:08:03.0575 0248        Mcx2Svc - ok
10:08:03.0762 0248        MDM            (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
10:08:03.0793 0248        MDM - ok
10:08:03.0824 0248        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:08:03.0840 0248        megasas - ok
10:08:03.0933 0248        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:08:03.0965 0248        MegaSR - ok
10:08:04.0011 0248        MMCSS          (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:08:04.0089 0248        MMCSS - ok
10:08:04.0121 0248        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:08:04.0199 0248        Modem - ok
10:08:04.0230 0248        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:08:04.0277 0248        monitor - ok
10:08:04.0323 0248        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
10:08:04.0339 0248        mouclass - ok
10:08:04.0386 0248        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:08:04.0433 0248        mouhid - ok
10:08:04.0526 0248        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:08:04.0542 0248        mountmgr - ok
10:08:04.0589 0248        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:08:04.0620 0248        mpio - ok
10:08:04.0667 0248        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:08:04.0729 0248        mpsdrv - ok
10:08:04.0838 0248        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:08:04.0963 0248        MpsSvc - ok
10:08:05.0010 0248        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:08:05.0088 0248        MRxDAV - ok
10:08:05.0119 0248        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:08:05.0181 0248        mrxsmb - ok
10:08:05.0275 0248        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:08:05.0322 0248        mrxsmb10 - ok
10:08:05.0353 0248        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:08:05.0400 0248        mrxsmb20 - ok
10:08:05.0462 0248        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:08:05.0493 0248        msahci - ok
10:08:05.0540 0248        msdsm          (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:08:05.0556 0248        msdsm - ok
10:08:05.0618 0248        MSDTC          (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:08:05.0665 0248        MSDTC - ok
10:08:05.0727 0248        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:08:05.0790 0248        Msfs - ok
10:08:05.0805 0248        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:08:05.0883 0248        mshidkmdf - ok
10:08:05.0930 0248        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:08:05.0946 0248        msisadrv - ok
10:08:06.0071 0248        MSiSCSI        (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:08:06.0164 0248        MSiSCSI - ok
10:08:06.0164 0248        msiserver - ok
10:08:06.0195 0248        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:08:06.0273 0248        MSKSSRV - ok
10:08:06.0289 0248        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:08:06.0351 0248        MSPCLOCK - ok
10:08:06.0367 0248        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:08:06.0445 0248        MSPQM - ok
10:08:06.0539 0248        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:08:06.0554 0248        MsRPC - ok
10:08:06.0632 0248        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:08:06.0648 0248        mssmbios - ok
10:08:06.0679 0248        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:08:06.0726 0248        MSTEE - ok
10:08:06.0757 0248        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:08:06.0804 0248        MTConfig - ok
10:08:06.0835 0248        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:08:06.0851 0248        Mup - ok
10:08:06.0929 0248        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:08:07.0022 0248        napagent - ok
10:08:07.0194 0248        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:08:07.0225 0248        NativeWifiP - ok
10:08:07.0646 0248        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:08:07.0693 0248        NDIS - ok
10:08:07.0771 0248        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:08:07.0849 0248        NdisCap - ok
10:08:07.0880 0248        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:08:07.0958 0248        NdisTapi - ok
10:08:08.0021 0248        Ndisuio        (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:08:08.0067 0248        Ndisuio - ok
10:08:08.0145 0248        NdisWan        (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:08:08.0208 0248        NdisWan - ok
10:08:08.0270 0248        NDProxy        (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:08:08.0333 0248        NDProxy - ok
10:08:08.0395 0248        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:08:08.0473 0248        NetBIOS - ok
10:08:08.0567 0248        NetBT          (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:08:08.0629 0248        NetBT - ok
10:08:08.0660 0248        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:08.0691 0248        Netlogon - ok
10:08:08.0910 0248        Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:08:08.0988 0248        Netman - ok
10:08:09.0159 0248        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:08:09.0253 0248        netprofm - ok
10:08:09.0425 0248        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:08:09.0440 0248        NetTcpPortSharing - ok
10:08:09.0487 0248        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:08:09.0518 0248        nfrd960 - ok
10:08:09.0627 0248        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:08:09.0721 0248        NlaSvc - ok
10:08:09.0737 0248        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:08:09.0815 0248        Npfs - ok
10:08:09.0846 0248        nsi            (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:08:09.0908 0248        nsi - ok
10:08:09.0955 0248        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:08:10.0033 0248        nsiproxy - ok
10:08:10.0392 0248        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:08:10.0454 0248        Ntfs - ok
10:08:10.0501 0248        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:08:10.0688 0248        Null - ok
10:08:10.0766 0248        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:08:10.0797 0248        nvraid - ok
10:08:10.0907 0248        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:08:10.0938 0248        nvstor - ok
10:08:11.0094 0248        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:08:11.0125 0248        nv_agp - ok
10:08:11.0172 0248        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:08:11.0219 0248        ohci1394 - ok
10:08:11.0359 0248        ose            (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:08:11.0390 0248        ose - ok
10:08:11.0655 0248        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:08:11.0733 0248        p2pimsvc - ok
10:08:11.0905 0248        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:08:11.0936 0248        p2psvc - ok
10:08:12.0061 0248        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:08:12.0092 0248        Parport - ok
10:08:12.0201 0248        partmgr        (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:08:12.0217 0248        partmgr - ok
10:08:12.0248 0248        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:08:12.0295 0248        Parvdm - ok
10:08:12.0373 0248        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:08:12.0420 0248        PcaSvc - ok
10:08:12.0685 0248        pci            (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:08:12.0716 0248        pci - ok
10:08:12.0763 0248        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:08:12.0794 0248        pciide - ok
10:08:13.0153 0248        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:08:13.0200 0248        pcmcia - ok
10:08:13.0293 0248        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:08:13.0309 0248        pcw - ok
10:08:14.0027 0248        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:08:14.0105 0248        PEAUTH - ok
10:08:15.0072 0248        PeerDistSvc    (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:08:15.0165 0248        PeerDistSvc - ok
10:08:15.0571 0248        pla            (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:08:15.0696 0248        pla - ok
10:08:16.0429 0248        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:08:16.0554 0248        PlugPlay - ok
10:08:16.0601 0248        PNRPAutoReg    (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:08:16.0663 0248        PNRPAutoReg - ok
10:08:16.0788 0248        PNRPsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:08:16.0803 0248        PNRPsvc - ok
10:08:17.0147 0248        PolicyAgent    (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:08:17.0225 0248        PolicyAgent - ok
10:08:17.0334 0248        Power          (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:08:17.0427 0248        Power - ok
10:08:17.0537 0248        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:08:17.0615 0248        PptpMiniport - ok
10:08:17.0661 0248        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:08:17.0708 0248        Processor - ok
10:08:17.0817 0248        ProfSvc        (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:08:17.0911 0248        ProfSvc - ok
10:08:17.0958 0248        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:17.0973 0248        ProtectedStorage - ok
10:08:18.0114 0248        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:08:18.0192 0248        Psched - ok
10:08:18.0441 0248        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:08:18.0519 0248        ql2300 - ok
10:08:18.0847 0248        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:08:18.0878 0248        ql40xx - ok
10:08:18.0941 0248        QWAVE          (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:08:18.0987 0248        QWAVE - ok
10:08:19.0003 0248        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:08:19.0034 0248        QWAVEdrv - ok
10:08:19.0050 0248        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:08:19.0128 0248        RasAcd - ok
10:08:19.0175 0248        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:08:19.0253 0248        RasAgileVpn - ok
10:08:19.0346 0248        RasAuto        (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:08:19.0424 0248        RasAuto - ok
10:08:19.0487 0248        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:08:19.0549 0248        Rasl2tp - ok
10:08:19.0611 0248        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:08:19.0689 0248        RasMan - ok
10:08:19.0736 0248        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:08:19.0799 0248        RasPppoe - ok
10:08:19.0877 0248        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:08:19.0939 0248        RasSstp - ok
10:08:20.0033 0248        rdbss          (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:08:20.0111 0248        rdbss - ok
10:08:20.0126 0248        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:08:20.0157 0248        rdpbus - ok
10:08:20.0189 0248        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:08:20.0251 0248        RDPCDD - ok
10:08:20.0313 0248        RDPDR          (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:08:20.0360 0248        RDPDR - ok
10:08:20.0391 0248        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:08:20.0469 0248        RDPENCDD - ok
10:08:20.0485 0248        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:08:20.0532 0248        RDPREFMP - ok
10:08:20.0594 0248        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
10:08:20.0657 0248        RdpVideoMiniport - ok
10:08:20.0797 0248        RDPWD          (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:08:20.0859 0248        RDPWD - ok
10:08:20.0937 0248        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:08:20.0969 0248        rdyboost - ok
10:08:21.0062 0248        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:08:21.0140 0248        RemoteAccess - ok
10:08:21.0203 0248        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:08:21.0281 0248        RemoteRegistry - ok
10:08:21.0312 0248        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:08:21.0405 0248        RpcEptMapper - ok
10:08:21.0421 0248        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:08:21.0452 0248        RpcLocator - ok
10:08:21.0530 0248        RpcSs          (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:08:21.0577 0248        RpcSs - ok
10:08:21.0624 0248        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:08:21.0671 0248        rspndr - ok
10:08:21.0780 0248        RSUSBSTOR      (b87f999e05dd9c0312c83a8752e8e66b) C:\Windows\system32\Drivers\RtsUStor.sys
10:08:21.0811 0248        RSUSBSTOR - ok
10:08:21.0920 0248        RTL8167        (d5ede44ca85899e0478208c8413c1c31) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:08:21.0936 0248        RTL8167 - ok
10:08:21.0983 0248        s3cap          (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:08:22.0061 0248        s3cap - ok
10:08:22.0107 0248        SamSs          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:22.0123 0248        SamSs - ok
10:08:22.0217 0248        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:08:22.0248 0248        sbp2port - ok
10:08:22.0326 0248        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:08:22.0388 0248        SCardSvr - ok
10:08:22.0404 0248        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:08:22.0482 0248        scfilter - ok
10:08:22.0732 0248        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:08:22.0825 0248        Schedule - ok
10:08:22.0856 0248        SCPolicySvc    (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:08:22.0903 0248        SCPolicySvc - ok
10:08:22.0934 0248        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:08:22.0981 0248        SDRSVC - ok
10:08:23.0044 0248        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:08:23.0090 0248        secdrv - ok
10:08:23.0122 0248        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:08:23.0184 0248        seclogon - ok
10:08:23.0215 0248        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:08:23.0278 0248        SENS - ok
10:08:23.0293 0248        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:08:23.0371 0248        SensrSvc - ok
10:08:23.0387 0248        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:08:23.0434 0248        Serenum - ok
10:08:23.0449 0248        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:08:23.0543 0248        Serial - ok
10:08:23.0574 0248        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:08:23.0636 0248        sermouse - ok
10:08:23.0730 0248        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:08:23.0808 0248        SessionEnv - ok
10:08:23.0870 0248        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:08:23.0917 0248        sffdisk - ok
10:08:23.0948 0248        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:08:23.0995 0248        sffp_mmc - ok
10:08:24.0011 0248        sffp_sd        (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:08:24.0042 0248        sffp_sd - ok
10:08:24.0089 0248        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:08:24.0104 0248        sfloppy - ok
10:08:24.0198 0248        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:08:24.0276 0248        SharedAccess - ok
10:08:24.0307 0248        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:08:24.0370 0248        ShellHWDetection - ok
10:08:24.0448 0248        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:08:24.0463 0248        sisagp - ok
10:08:24.0526 0248        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:08:24.0541 0248        SiSRaid2 - ok
10:08:24.0572 0248        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:08:24.0604 0248        SiSRaid4 - ok
10:08:24.0666 0248        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:08:24.0713 0248        Smb - ok
10:08:24.0822 0248        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:08:24.0853 0248        SNMPTRAP - ok
10:08:24.0869 0248        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:08:24.0884 0248        spldr - ok
10:08:24.0947 0248        Spooler        (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:08:25.0009 0248        Spooler - ok
10:08:25.0789 0248        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:08:25.0945 0248        sppsvc - ok
10:08:26.0117 0248        sppuinotify    (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:08:26.0195 0248        sppuinotify - ok
10:08:26.0273 0248        srv            (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:08:26.0351 0248        srv - ok
10:08:26.0944 0248        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:08:27.0006 0248        srv2 - ok
10:08:27.0084 0248        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:08:27.0146 0248        srvnet - ok
10:08:27.0271 0248        SSDPSRV        (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:08:27.0334 0248        SSDPSRV - ok
10:08:27.0396 0248        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
10:08:27.0412 0248        ssmdrv - ok
10:08:27.0552 0248        SstpSvc        (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:08:27.0614 0248        SstpSvc - ok
10:08:27.0864 0248        STacSV          (7aefc130355aa99307b31ee678614380) C:\Program Files\IDT\WDM\STacSV.exe
10:08:27.0880 0248        STacSV - ok
10:08:27.0926 0248        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:08:27.0958 0248        stexstor - ok
10:08:28.0036 0248        STHDA          (ec4b4125ba14f7436b1740f63f7bff21) C:\Windows\system32\DRIVERS\stwrt.sys
10:08:28.0098 0248        STHDA - ok
10:08:28.0363 0248        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:08:28.0426 0248        StiSvc - ok
10:08:28.0488 0248        storflt        (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:08:28.0504 0248        storflt - ok
10:08:28.0535 0248        storvsc        (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:08:28.0566 0248        storvsc - ok
10:08:28.0597 0248        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:08:28.0613 0248        swenum - ok
10:08:28.0691 0248        swprv          (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:08:28.0753 0248        swprv - ok
10:08:28.0784 0248        Synth3dVsc - ok
10:08:29.0206 0248        SynTP          (67c4590262c28bbaecb5b4e8aaf101fd) C:\Windows\system32\DRIVERS\SynTP.sys
10:08:29.0268 0248        SynTP - ok
10:08:29.0705 0248        SysMain        (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:08:29.0767 0248        SysMain - ok
10:08:29.0876 0248        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:08:29.0939 0248        TabletInputService - ok
10:08:30.0017 0248        TapiSrv        (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:08:30.0079 0248        TapiSrv - ok
10:08:30.0173 0248        TBS            (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:08:30.0235 0248        TBS - ok
10:08:30.0641 0248        Tcpip          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:08:30.0703 0248        Tcpip - ok
10:08:31.0390 0248        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:08:31.0436 0248        TCPIP6 - ok
10:08:31.0686 0248        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:08:31.0764 0248        tcpipreg - ok
10:08:31.0780 0248        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:08:31.0842 0248        TDPIPE - ok
10:08:31.0873 0248        TDTCP          (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:08:31.0920 0248        TDTCP - ok
10:08:31.0951 0248        tdx            (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:08:32.0014 0248        tdx - ok
10:08:32.0778 0248        TeamViewer6    (a409a5c99c29328018e1e3dce9abdc36) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
10:08:32.0872 0248        TeamViewer6 - ok
10:08:33.0215 0248        teamviewervpn  (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
10:08:33.0293 0248        teamviewervpn - ok
10:08:33.0340 0248        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:08:33.0355 0248        TermDD - ok
10:08:33.0418 0248        TermService    (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:08:33.0480 0248        TermService - ok
10:08:33.0511 0248        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:08:33.0558 0248        Themes - ok
10:08:33.0605 0248        THREADORDER    (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:08:33.0652 0248        THREADORDER - ok
10:08:33.0730 0248        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:08:33.0808 0248        TrkWks - ok
10:08:33.0917 0248        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:08:33.0995 0248        TrustedInstaller - ok
10:08:34.0010 0248        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:08:34.0073 0248        tssecsrv - ok
10:08:34.0104 0248        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:08:34.0151 0248        TsUsbFlt - ok
10:08:34.0151 0248        tsusbhub - ok
10:08:34.0244 0248        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:08:34.0307 0248        tunnel - ok
10:08:34.0354 0248        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:08:34.0385 0248        uagp35 - ok
10:08:34.0447 0248        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:08:34.0556 0248        udfs - ok
10:08:34.0588 0248        UI0Detect      (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:08:34.0634 0248        UI0Detect - ok
10:08:34.0681 0248        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:08:34.0712 0248        uliagpkx - ok
10:08:34.0744 0248        umbus          (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:08:34.0790 0248        umbus - ok
10:08:34.0837 0248        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:08:34.0868 0248        UmPass - ok
10:08:34.0931 0248        UmRdpService    (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:08:34.0978 0248        UmRdpService - ok
10:08:35.0539 0248        UNS            (0fadd949576a164b4e51e716f46b6c33) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:08:35.0648 0248        UNS - ok
10:08:35.0992 0248        upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:08:36.0038 0248        upnphost - ok
10:08:36.0257 0248        usbccgp        (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:08:36.0319 0248        usbccgp - ok
10:08:36.0397 0248        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:08:36.0460 0248        usbcir - ok
10:08:36.0538 0248        usbehci        (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
10:08:36.0553 0248        usbehci - ok
10:08:36.0647 0248        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:08:36.0678 0248        usbhub - ok
10:08:36.0725 0248        usbohci        (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
10:08:36.0772 0248        usbohci - ok
10:08:36.0818 0248        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:08:36.0850 0248        usbprint - ok
10:08:36.0928 0248        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
10:08:36.0974 0248        usbscan - ok
10:08:37.0037 0248        USBSTOR        (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:08:37.0099 0248        USBSTOR - ok
10:08:37.0130 0248        usbuhci        (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:08:37.0146 0248        usbuhci - ok
10:08:37.0255 0248        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
10:08:37.0318 0248        usbvideo - ok
10:08:37.0396 0248        UxSms          (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:08:37.0474 0248        UxSms - ok
10:08:37.0520 0248        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:08:37.0536 0248        VaultSvc - ok
10:08:38.0737 0248        vcsFPService    (6bcad8c95eca6d6ebaf2b25a9ccf7bc6) C:\Windows\system32\vcsFPService.exe
10:08:38.0831 0248        vcsFPService - ok
10:08:39.0236 0248        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:08:39.0252 0248        vdrvroot - ok
10:08:39.0283 0248        vds            (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:08:39.0361 0248        vds - ok
10:08:39.0408 0248        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:08:39.0424 0248        vga - ok
10:08:39.0517 0248        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:08:39.0580 0248        VgaSave - ok
10:08:39.0580 0248        VGPU - ok
10:08:39.0626 0248        vhdmp          (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:08:39.0658 0248        vhdmp - ok
10:08:39.0704 0248        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:08:39.0736 0248        viaagp - ok
10:08:39.0751 0248        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:08:39.0782 0248        ViaC7 - ok
10:08:39.0860 0248        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:08:39.0892 0248        viaide - ok
10:08:39.0923 0248        vmbus          (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:08:39.0954 0248        vmbus - ok
10:08:39.0985 0248        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:08:40.0001 0248        VMBusHID - ok
10:08:40.0048 0248        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:08:40.0063 0248        volmgr - ok
10:08:40.0157 0248        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:08:40.0188 0248        volmgrx - ok
10:08:40.0219 0248        volsnap        (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:08:40.0250 0248        volsnap - ok
10:08:40.0313 0248        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:08:40.0328 0248        vsmraid - ok
10:08:40.0609 0248        VSS            (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:08:40.0687 0248        VSS - ok
10:08:40.0703 0248        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:08:40.0750 0248        vwifibus - ok
10:08:40.0765 0248        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:08:40.0812 0248        vwififlt - ok
10:08:40.0890 0248        W32Time        (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:08:40.0952 0248        W32Time - ok
10:08:41.0030 0248        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:08:41.0062 0248        WacomPen - ok
10:08:41.0124 0248        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:41.0186 0248        WANARP - ok
10:08:41.0186 0248        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:08:41.0249 0248        Wanarpv6 - ok
10:08:41.0311 0248        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:08:41.0389 0248        wbengine - ok
10:08:41.0436 0248        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:08:41.0467 0248        WbioSrvc - ok
10:08:41.0498 0248        wcncsvc        (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:08:41.0530 0248        wcncsvc - ok
10:08:41.0639 0248        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:08:41.0717 0248        WcsPlugInService - ok
10:08:41.0748 0248        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:08:41.0779 0248        Wd - ok
10:08:41.0810 0248        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:08:41.0842 0248        Wdf01000 - ok
10:08:41.0857 0248        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:08:41.0966 0248        WdiServiceHost - ok
10:08:41.0966 0248        WdiSystemHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:08:41.0998 0248        WdiSystemHost - ok
10:08:42.0029 0248        WebClient      (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:08:42.0060 0248        WebClient - ok
10:08:42.0076 0248        Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:08:42.0138 0248        Wecsvc - ok
10:08:42.0154 0248        wercplsupport  (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:08:42.0200 0248        wercplsupport - ok
10:08:42.0216 0248        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:08:42.0278 0248        WerSvc - ok
10:08:42.0294 0248        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:08:42.0341 0248        WfpLwf - ok
10:08:42.0356 0248        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:08:42.0388 0248        WIMMount - ok
10:08:42.0466 0248        WinDefend      (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:08:42.0528 0248        WinDefend - ok
10:08:42.0544 0248        WinHttpAutoProxySvc - ok
10:08:42.0606 0248        Winmgmt        (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:08:42.0653 0248        Winmgmt - ok
10:08:42.0715 0248        WinRM          (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:08:42.0793 0248        WinRM - ok
10:08:42.0856 0248        WinUSB          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUSB.sys
10:08:42.0887 0248        WinUSB - ok
10:08:42.0949 0248        Wlansvc        (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:08:42.0996 0248        Wlansvc - ok
10:08:43.0027 0248        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:08:43.0043 0248        WmiAcpi - ok
10:08:43.0105 0248        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:08:43.0136 0248        wmiApSrv - ok
10:08:43.0292 0248        WMPNetworkSvc  (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:08:43.0370 0248        WMPNetworkSvc - ok
10:08:43.0464 0248        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:08:43.0526 0248        WPCSvc - ok
10:08:43.0558 0248        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:08:43.0667 0248        WPDBusEnum - ok
10:08:43.0776 0248        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:08:43.0838 0248        ws2ifsl - ok
10:08:43.0979 0248        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:08:44.0041 0248        wscsvc - ok
10:08:44.0041 0248        WSearch - ok
10:08:45.0180 0248        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
10:08:45.0289 0248        wuauserv - ok
10:08:45.0851 0248        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:08:45.0913 0248        WudfPf - ok
10:08:46.0007 0248        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:08:46.0054 0248        WUDFRd - ok
10:08:46.0194 0248        wudfsvc        (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:08:46.0272 0248        wudfsvc - ok
10:08:46.0412 0248        WwanSvc        (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:08:46.0600 0248        WwanSvc - ok
10:08:46.0662 0248        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:08:47.0317 0248        \Device\Harddisk0\DR0 - ok
10:08:47.0333 0248        Boot (0x1200)  (a98eea5640ad49c0d6caecd0cd3f0850) \Device\Harddisk0\DR0\Partition0
10:08:47.0333 0248        \Device\Harddisk0\DR0\Partition0 - ok
10:08:47.0348 0248        Boot (0x1200)  (b0d76643689caf9f1aaec91ee1ae1023) \Device\Harddisk0\DR0\Partition1
10:08:47.0348 0248        \Device\Harddisk0\DR0\Partition1 - ok
10:08:47.0348 0248        ============================================================
10:08:47.0348 0248        Scan finished
10:08:47.0348 0248        ============================================================
10:08:47.0364 4024        Detected object count: 0
10:08:47.0364 4024        Actual detected object count: 0

Chris4You 28.06.2012 09:19
Hi,

Combofix
Lade Combo Fix von http://download.bleepingcomputer.com/sUBs/ComboFix.exe und speichert es auf den Desktop.

Achtung: In einigen wenigen Fällen kann es vorkommen, das der Rechner nicht mehr booten kann und Neuaufgesetzt werden muß!

Alle Fenster schliessen und combofix.exe starten und bestätige die folgende Abfrage mit 1 und drücke Enter.

Der Scan mit Combofix kann einige Zeit in Anspruch nehmen, also habe etwas Geduld. Während des Scans bitte nichts am Rechner unternehmen
Es kann möglich sein, dass der Rechner zwischendurch neu gestartet wird.
Nach Scanende wird ein Report (ComboFix.txt) angezeigt, den bitte kopieren und in deinem Thread einfuegen. Das Log solltest Du unter C:\ComboFix.txt finden...

chris

tomatriga 28.06.2012 10:04
Hallo,

Habe CombiFix gestartet und lief auch durch. Dann hat es einen Neustart bewirkt und Windows wieder hochgefahren. Dann ging wieder Combofix auf und das Fenster ist schwarz und wechselt immer zwischen schwarz und Blau und bewegt sich auf und ab auf dem Desktop. Aber nichts weiter passiert.

Was soll ich nun tun?

Edit: Das ist so in der Art wie wenn ich mehrere Notepad Fenster auf einmal aufmache und die sich halb überdecken nach unten hin.

Chris4You 28.06.2012 10:36
Hi,

wenn es geht die Fenster schließen und den Rechner neu starten.
Das LOG von CF findest Du unter C:\ComboFix.txt, bitte posten...

chris

tomatriga 28.06.2012 10:55
Hallo,

jetzt hat sich das Programm einfach geschlossen, hier also der Log.

Code:
ComboFix 12-06-28.01 - Krokodil 28.06.2012  10:44:33.1.4 - x86
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.2486.1508 [GMT 2:00]
ausgeführt von:: C:\Users\Krokodil_2\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
Edit: Grad gesehen das das falsche Log ist, dies war unter C:\ComboFix gespeichert.
Unter C: finde ich leider kein ComboFix Log bzw. txt Datei.

Chris4You 28.06.2012 12:29
Hi,

boote in den abgesicherten Modus (F8 beim Booten) und starte ComboFix nochmal...

chris

tomatriga 28.06.2012 22:34
So habe das ganze jetzt mal im abgesichertern Modus gestartet.
Und nachdem ich wieder zur normalen Oberfläche gewechselt hatte, war das Programm auch beendet.

So hier nochmal das normale Log.

Code:
ComboFix 12-06-28.03 - Krokodil 28.06.2012  23:21:59.3.4 - x86 MINIMAL
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.2486.1739 [GMT 2:00]
ausgeführt von:: c:\users\Krokodil_2\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\wbem\Performance\WmiApRpl_new.ini
.
-- Vorheriger Suchlauf --
.
Infizierte Kopie von c:\windows\system32\drivers\ntfs.sys wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys wurde wiederhergestellt
.
--------
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-28 bis 2012-06-28  ))))))))))))))))))))))))))))))
.
.
2012-06-28 21:25 . 2012-06-28 21:25        --------        d-----w-        c:\users\Krokodil\AppData\Local\temp
2012-06-28 21:25 . 2012-06-28 21:25        --------        d-----w-        c:\users\Krokodil_2\AppData\Local\temp
2012-06-28 21:25 . 2012-06-28 21:25        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-28 21:09 . 2012-06-28 21:09        --------        d-----w-        c:\users\Krokodil_2\AppData\Roaming\Avira
2012-06-28 21:04 . 2012-04-27 08:20        137928        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-06-28 21:04 . 2012-04-24 22:32        83392        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-06-28 21:04 . 2012-04-16 19:17        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2012-06-28 21:04 . 2012-06-28 21:04        --------        d-----w-        c:\programdata\Avira
2012-06-28 21:04 . 2012-06-28 21:04        --------        d-----w-        c:\program files\Avira
2012-06-28 08:40 . 2012-06-28 08:40        --------        d-----w-        c:\users\Krokodil_2\AppData\Local\Macromedia
2012-06-28 08:11 . 2011-02-19 06:30        805376        ----a-w-        c:\windows\system32\FntCache.dll
2012-06-28 08:11 . 2011-02-19 06:30        739840        ----a-w-        c:\windows\system32\d2d1.dll
2012-06-28 07:55 . 2012-06-28 07:55        --------        d-----w-        C:\_OTL
2012-06-27 20:09 . 2012-06-27 20:09        --------        d-----w-        c:\program files\7-Zip
2012-06-27 19:09 . 2012-06-27 19:09        --------        d-----w-        c:\users\Krokodil_2\AppData\Local\Diagnostics
2012-06-24 09:45 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-24 09:45 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-24 09:45 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-24 09:45 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-24 09:45 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-24 09:45 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-24 09:45 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-24 09:45 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-24 09:45 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-20 16:48 . 2012-04-28 04:41        919040        ----a-w-        c:\windows\system32\rdpcorets.dll
2012-06-20 16:48 . 2012-04-28 03:17        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-20 16:48 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\system32\msi.dll
2012-06-20 16:48 . 2012-05-15 01:05        2343936        ----a-w-        c:\windows\system32\win32k.sys
2012-06-20 16:48 . 2012-04-26 04:45        58880        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-20 16:48 . 2012-04-26 04:45        129536        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-20 16:48 . 2012-04-26 04:41        8192        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-20 16:48 . 2012-05-01 04:44        164352        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-20 16:48 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-20 16:48 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-20 16:48 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\system32\cryptnet.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-28 07:50 . 2012-04-26 15:01        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-28 07:50 . 2012-04-26 15:01        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-04-26 14:06 . 2011-08-08 15:56        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2012-03-31 04:39 . 2012-05-10 10:41        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-10 10:41        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-17 12:58 . 2011-04-17 12:58        142296        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-09-13 1873192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-07-22 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-27 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-27 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-27 170520]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-09 98304]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
R2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002Core.job
- c:\users\Krokodil_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 14:19]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
- c:\users\Krokodil_2\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-26 14:19]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Krokodil\AppData\Roaming\Mozilla\Firefox\Profiles\1qvyutew.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-28  23:25:58
ComboFix-quarantined-files.txt  2012-06-28 21:25
.
Vor Suchlauf: 8 Verzeichnis(se), 469.853.089.792 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 469.679.349.760 Bytes frei
.
- - End Of File - - DC34F97F2F865F8D1E6CC8A325960AC4

Chris4You 28.06.2012 23:23
Hi,

das sieht gut aus, bitte MAM updaten und Fullscan, log posten...

chris

tomatriga 28.06.2012 23:38
Hallo,

Das freut mich.

Was ist MAM? Und wo bekomme ich das her?

MfG

Habs raus bekommen, MAM ist Malwarebytes Anti Malware. Habe daher einen Fullscan durchgeführt und hier ist der Log dazu.

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.29.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Krokodil :: KROKODIL-PC [Administrator]

Schutz: Aktiviert

29.06.2012 10:24:08
mbam-log-2012-06-29 (10-55-18).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 284315
Laufzeit: 28 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\00000001.@ (Trojan.Small) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\80000000.@ (Trojan.Sirefef) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\06282012_095536\C_Users\Krokodil_2\AppData\Local\{0f3ca18e-0573-62c5-1677-945ffe5d27df}\U\800000cb.@ (Rootkit.0Access) -> Keine Aktion durchgeführt.

(Ende)

Chris4You 29.06.2012 10:25
Hi,

MAM=Anitmalwarebyte... ;o)...

Poste bitte noch ein neues OTL-Log...

Gibt es noch Umleitungen bzw. verhält sich der Rechner normal?

chris

tomatriga 29.06.2012 10:55
Was sind bitte Umleitungen? Da der Rechner nicht mir gehört sondern der Schwiegermutter kann ich jetzt nicht beurteilen ob er sich komisch verhält, aber gesagt hat sie nichts. und ich habe bisher auch keine Vorkommnisse daran feststellen können, die mir merkwürdig vorkommen.

Hier noch der neue OtL Log.

Code:
OTL logfile created on: 29.06.2012 11:45:33 - Run 2
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\Krokodil_2\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,43 Gb Total Physical Memory | 1,65 Gb Available Physical Memory | 67,86% Memory free
4,85 Gb Paging File | 3,92 Gb Available in Paging File | 80,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 437,32 Gb Free Space | 93,91% Space Free | Partition Type: NTFS
 
Computer Name: KROKODIL-PC | User Name: Krokodil | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.27 20:57:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Krokodil_2\Downloads\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.04.01 10:31:38 | 007,690,104 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 04:17:48 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.09.08 23:26:58 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.07.22 03:19:24 | 000,495,708 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\stacsv.exe
PRC - [2010.04.13 09:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vcsFPService.exe
PRC - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Programme\IDT\WDM\AEstSrv.exe
PRC - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.22 14:46:24 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.22 14:45:48 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.22 14:45:39 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.24 17:48:08 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\701baa4d78031ac5130eadea085bbebf\IAStorUtil.ni.dll
MOD - [2012.05.14 16:47:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.14 16:47:08 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.14 16:47:05 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.14 16:47:05 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.14 16:47:00 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2010.11.13 02:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.04 17:59:42 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.09.09 15:50:00 | 000,016,384 | R--- | M] () -- c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll
MOD - [2010.09.09 14:11:20 | 000,270,336 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.01 10:31:39 | 002,271,608 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 04:17:58 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.08 23:26:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.07.22 03:19:24 | 000,245,842 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.04.30 17:21:14 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.04.30 17:21:14 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.04.13 09:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.23 07:19:02 | 001,799,472 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vcsFPService.exe -- (vcsFPService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.03 03:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003.06.19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\MDM.EXE -- (MDM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Krokodil\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.13 18:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011.05.13 18:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2011.03.30 13:05:55 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn)
DRV - [2010.11.20 04:30:16 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 04:30:16 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 04:30:16 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 02:24:42 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 02:21:16 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 01:59:46 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.11.20 01:14:46 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 01:14:42 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 23:44:38 | 006,380,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.09.08 22:52:32 | 000,222,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.07.27 23:02:46 | 009,023,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd)
DRV - [2010.07.22 03:19:24 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.05 14:21:00 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.04.30 17:21:00 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2010.01.11 14:31:00 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.17 14:58:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.26 16:48:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.08 17:46:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Extensions
[2011.04.17 14:51:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krokodil\AppData\Roaming\mozilla\Firefox\Profiles\1qvyutew.default\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.04.26 16:06:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.04.17 14:58:40 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.26 16:06:41 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.04.17 14:58:42 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.04.17 14:58:42 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.04.17 14:58:42 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.04.17 14:58:42 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.04.17 14:58:42 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.04.17 14:58:42 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.06.28 23:25:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{100ADBEC-3DE1-4F2B-BE40-FAF300B8C328}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5182D2D-D8FB-4A1D-A45D-14F8D15CF306}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.29 10:22:57 | 000,000,000 | ---D | C] -- C:\Users\Krokodil\AppData\Roaming\Malwarebytes
[2012.06.29 10:21:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.29 10:21:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.29 10:21:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.29 10:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.28 23:26:02 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.06.28 23:26:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.06.28 23:26:00 | 000,000,000 | ---D | C] -- C:\Users\Krokodil\AppData\Local\temp
[2012.06.28 23:11:09 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.06.28 23:11:09 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.06.28 23:11:09 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.06.28 23:10:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.06.28 23:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.28 23:04:12 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.06.28 23:04:12 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.06.28 23:04:12 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.06.28 23:04:12 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.06.28 23:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.28 23:04:08 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.06.28 10:42:57 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.06.28 10:11:17 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012.06.28 09:55:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.06.27 22:09:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.06.27 22:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.06.24 11:45:19 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.24 11:45:18 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.24 11:45:11 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.24 11:45:11 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.24 11:45:11 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.24 11:45:02 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.24 11:45:02 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.20 19:50:50 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.06.20 19:50:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.06.20 19:50:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.06.20 19:50:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.06.20 19:50:48 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.06.20 19:50:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.06.20 19:50:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.06.20 18:48:19 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012.06.20 18:48:17 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.06.20 18:48:16 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012.06.20 18:48:16 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012.06.20 18:48:16 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.29 11:48:42 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.29 11:48:42 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.29 11:48:42 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.29 11:48:42 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.29 11:48:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:48:42 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.29 11:43:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.29 11:43:21 | 1954,959,360 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.29 10:24:03 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-478040494-308374193-1665734407-1002UA.job
[2012.06.29 10:21:39 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.28 23:25:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.06.28 23:04:18 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.28 09:50:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.28 09:50:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.27 20:55:52 | 000,000,000 | ---- | M] () -- C:\Users\Krokodil\defogger_reenable
[2012.06.22 14:44:29 | 000,338,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012.06.29 10:21:39 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.06.28 23:11:09 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.06.28 23:11:09 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.06.28 23:11:09 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.06.28 23:11:09 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.06.28 23:11:09 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.06.28 23:04:18 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.06.27 20:55:52 | 000,000,000 | ---- | C] () -- C:\Users\Krokodil\defogger_reenable
[2011.04.17 16:46:29 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.04.08 03:44:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.04.08 03:36:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.08 03:35:31 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblup.dat
[2011.04.08 03:30:19 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 02:54:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.08 02:54:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.07.27 23:01:12 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2010.07.27 23:01:10 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2010.07.27 23:01:08 | 000,870,560 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2010.07.27 22:20:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2010.07.27 22:18:42 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.07.27 22:14:38 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.07.27 22:14:38 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll

< End of report >
Mfg

Chris4You 29.06.2012 16:19
Hi,

sieht gut aus...

Combofix deinstallieren:
Klicke auf Start (Windows 7 Start Button) und tippe dann in das Suchfeld combofix /uninstall, wie im Piktogram unter diesem Text mit dem blauen Pfeil. Bitte sicherstellen, dass ein Leerzeichen zwischen Combofix und /uninstall ist.
Combofix deinstallieren http://www.bleepstatic.com/combofix/en/run-box.jpg

chris

tomatriga 29.06.2012 20:30
Hallo,

Super das freut mich. Habe das jetzt deinstalliert und nun fertig, oder muss ich noch was machen?

MfG


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:32 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131