| |
| |||||||
Log-Analyse und Auswertung: Weißer BildschirmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
26.06.2013, 21:31
| #1 |
 |  Weißer Bildschirm Hey, ich bin neu hier und komme gleich mit einem Problem: Das Notebook (Acer Aspire 5750ZG), dass ich hier habe, will nicht mehr so recht. Es startet ganz normal, aber sobald ich mich (automatisch) anmelde, sehe ich nur mehr weiß  Abgesicherter Modus bringt nichts. Der Besitzer meint, er hat den "BKA-Trojaner" (= Überweisen Sie mir Ihr Geld), aber das kann ich nicht bestätigen.Hier die log-Dateien, soweit sie überhaupt sinnvoll sind, da ich sie nur im "Computer-Reparatur-Modus" gestartet habe. defogger_disable.log: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:45 on 26/06/2013 (SYSTEM)
Checking for autostart values...
Unable to open HKCU\~\Run key (2)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL Extras logfile created on: 26.06.2013 21:46:26 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = F:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = )
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,86 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 90,09% Memory free
3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files
Drive C: | 100,00 Mb Total Space | 61,70 Mb Free Space | 61,70% Space Free | Partition Type: NTFS
Drive D: | 465,66 Gb Total Space | 428,41 Gb Free Space | 92,00% Space Free | Partition Type: NTFS
Drive F: | 973,63 Mb Total Space | 969,44 Mb Free Space | 99,57% Space Free | Partition Type: FAT
Drive X: | 33,59 Mb Total Space | 31,16 Mb Free Space | 92,76% Space Free | Partition Type: NTFS
Computer Name: MININT-44D3V55 | User Name: SYSTEM | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- %SystemRoot%\System32\control.exe "%1",%*
.hlp [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
.hta [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- Reg Error: Key error.
htafile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1"
InternetShortcut [open] -- Reg Error: Key error.
InternetShortcut [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe
Folder [open] -- Reg Error: Key error.
Folder [explore] -- Reg Error: Key error.
Drive [find] -- %SystemRoot%\Explorer.exe
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
Error encountered while reading event logs.
< End of report >
Code:
ATTFilter OTL logfile created on: 26.06.2013 21:46:26 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = F:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = ) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,86 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 90,09% Memory free 3,85 Gb Paging File | 3,47 Gb Available in Paging File | 90,04% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = X: | %SystemRoot% = X:\windows | %ProgramFiles% = X:\Program Files Drive C: | 100,00 Mb Total Space | 61,70 Mb Free Space | 61,70% Space Free | Partition Type: NTFS Drive D: | 465,66 Gb Total Space | 428,41 Gb Free Space | 92,00% Space Free | Partition Type: NTFS Drive F: | 973,63 Mb Total Space | 969,44 Mb Free Space | 99,57% Space Free | Partition Type: FAT Drive X: | 33,59 Mb Total Space | 31,16 Mb Free Space | 92,76% Space Free | Partition Type: NTFS Computer Name: MININT-44D3V55 | User Name: SYSTEM | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.26 21:33:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\OTL.exe PRC - [2009.07.14 05:03:37 | 000,602,112 | ---- | M] (Microsoft Corporation) -- X:\sources\recovery\RecEnv.exe PRC - [2009.07.14 02:14:45 | 000,565,760 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\winpeshl.exe PRC - [2009.07.14 02:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\cmd.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- X:\Windows\System32\conhost.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - [2009.07.14 02:16:13 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- X:\Windows\System32\sacsvr.dll -- (sacsvr) ========== Driver Services (SafeList) ========== DRV - [2009.07.14 03:38:07 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2009.07.14 03:38:07 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2009.07.14 03:38:07 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2009.07.14 03:38:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- X:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 02:19:03 | 000,080,464 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- X:\Windows\System32\drivers\sacdrv.sys -- (sacdrv) DRV - [2009.07.14 00:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- X:\Windows\System32\drivers\ramdisk.sys -- (Ramdisk) DRV - [2009.07.14 00:18:10 | 000,069,632 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\Windows\System32\drivers\fbwf.sys -- (FBWF) DRV - [2009.07.14 00:17:59 | 000,053,248 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- X:\windows\System32\drivers\wimfsf.sys -- (WimFsf) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - X:\windows\System32\Drivers\etc\hosts O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableMIC = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIPI = 0 O13 - ftp Prefix: missing O13 - gopher Prefix: missing O13 - home Prefix: missing O13 - mosaic Prefix: missing O13 - www Prefix: missing O20 - HKLM Winlogon: Shell - (cmd.exe) - X:\windows\System32\cmd.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (/k start cmd.exe) - File not found O20 - HKLM Winlogon: UserInit - (X:\windows\system32\userinit.exe) - X:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.26 21:43:02 | 000,000,000 | ---D | C] -- X:\windows\debug [2013.06.26 21:43:01 | 000,000,000 | --SD | C] -- X:\windows\System32\Microsoft [2013.06.26 21:43:01 | 000,000,000 | ---D | C] -- X:\windows\ServiceProfiles ========== Files - Modified Within 30 Days ========== [2013.06.26 21:47:04 | 000,076,760 | ---- | M] () -- X:\windows\System32\FNTCACHE.DAT [2013.06.26 21:45:33 | 000,000,000 | ---- | M] () -- X:\windows\system32\config\systemprofile\defogger_reenable ========== Files Created - No Company Name ========== [2013.06.26 21:45:33 | 000,000,000 | ---- | C] () -- X:\windows\system32\config\systemprofile\defogger_reenable [2013.06.26 21:43:00 | 000,076,760 | ---- | C] () -- X:\windows\System32\FNTCACHE.DAT [2013.06.26 21:35:14 | 000,377,856 | ---- | C] () -- \gmer_2.1.19163.exe [2013.06.26 21:33:58 | 000,050,477 | ---- | C] () -- \Defogger.exe [2013.06.26 21:33:38 | 000,602,112 | ---- | C] () -- \OTL.exe [2013.06.26 21:07:28 | 001,931,844 | ---- | C] () -- \FRST64.exe [2013.06.26 21:07:13 | 001,370,251 | ---- | C] () -- \FRST.exe ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2009.07.14 02:16:14 | 012,866,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 05:05:08 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 05:05:08 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-26 22:20:22
Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.0001SDM1 465,76GB
Running: gmer_2.1.19163.exe; Driver: X:\windows\TEMP\kgrcqfoc.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8A88F579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8A8B3F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName@ComputerName MINWINPC
Reg HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB@CurrentConfig 0
Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt@Start 2
Reg HKLM\SYSTEM\CurrentControlSet\services\Winmgmt
Reg HKLM\SYSTEM\Setup@SetupType 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@CurrentType Multiprocessor Checked
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion@SystemRoot X:\Windows
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit userinit.exe
---- EOF - GMER 2.1 ----
|
|
26.06.2013, 21:43
| #2 | |
| /// TB-Ausbilder   | Weißer Bildschirm Hallo,
__________________Zitat:
Aber wir haben extra ein Tool, dass dafür spezialisiert ist: Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick (nicht in einen Unterordner!). Schliesse den USB Stick an den infizierten Rechner an. Du musst das System nun in die System Reparatur Option booten: Variante 1 - Über den Boot Manager Wenn du jetzt in den Reparaturoptionen bist, wähle Eingabeaufforderung.
__________________ |
|
26.06.2013, 22:55
| #3 |
| | Weißer Bildschirm Bitteschön:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by SYSTEM on 26-06-2013 21:12:28
Running from F:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4 [1571432 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1210640 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKLM\...\Run: [TAG_A1Dashboard_Launcher.exe] C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe [478192 2012-10-22] ()
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [73381792 2013-06-16] (Microsoft Corporation)
HKU\kira\...\Run: [Yontoo Desktop] "C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe" [x]
HKU\kira\...\Winlogon: [Shell] explorer.exe,C:\Users\kira\AppData\Roaming\skype.dat <==== ATTENTION
========================== Services (Whitelisted) =================
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-05-02] ()
S2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S2 TAG_Service; C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe [330736 2012-10-22] ()
S2 Yontoo Desktop Updater; C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
S0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2009-07-14] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-26 21:12 - 2013-06-26 21:12 - 00000000 ____D C:\FRST
2013-06-17 12:45 - 2013-06-26 20:08 - 00000004 ____A C:\Users\kira\AppData\Roaming\skype.ini
2013-06-17 12:14 - 2013-06-17 12:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-11 20:23 - 2013-06-11 20:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-07 19:36 - 2013-06-07 19:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 15:27 - 2013-06-23 17:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 15:27 - 2013-06-12 16:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-07 15:27 - 2013-06-12 16:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 15:27 - 2013-06-07 15:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 15:26 - 2013-06-07 15:27 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 14:26 - 2013-06-06 14:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 14:11 - 2013-06-07 16:18 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 13:47 - 2013-06-06 13:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 19:15 - 2013-06-05 19:18 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 19:05 - 2013-06-05 20:03 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 19:05 - 2013-06-05 19:18 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-05-29 17:15 - 2013-05-29 17:15 - 00000000 __SHD C:\found.001
2013-05-27 07:58 - 2012-12-16 15:25 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-27 07:58 - 2012-12-16 15:25 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-27 07:58 - 2009-09-10 06:52 - 00257024 ____A (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 01130824 ____A (Microsoft Corporation) C:\Windows\System32\dfshim.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00297808 ____A (Microsoft Corporation) C:\Windows\System32\mscoree.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00295264 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHost.exe
2013-05-27 07:57 - 2009-11-25 11:47 - 00099176 ____A (Microsoft Corporation) C:\Windows\System32\PresentationHostProxy.dll
2013-05-27 07:57 - 2009-11-25 11:47 - 00049472 ____A (Microsoft Corporation) C:\Windows\System32\netfxperf.dll
2013-05-27 03:22 - 2013-05-27 03:22 - 00000000 __SHD C:\found.000
==================== One Month Modified Files and Folders ========
2013-06-26 21:12 - 2013-06-26 21:12 - 00000000 ____D C:\FRST
2013-06-26 20:08 - 2013-06-17 12:45 - 00000004 ____A C:\Users\kira\AppData\Roaming\skype.ini
2013-06-26 20:04 - 2013-04-13 16:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 20:04 - 2013-04-13 16:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-26 20:04 - 2013-03-07 19:46 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-26 20:04 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-26 20:04 - 2009-07-14 05:39 - 00060169 ____A C:\Windows\setupact.log
2013-06-23 20:19 - 2013-03-07 18:51 - 01530853 ____A C:\Windows\WindowsUpdate.log
2013-06-23 20:18 - 2013-03-07 19:03 - 01472002 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-23 18:04 - 2013-05-19 17:03 - 00000288 ____A C:\Windows\Tasks\MySearchDial.job
2013-06-23 17:56 - 2013-03-07 19:46 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-23 17:51 - 2013-06-07 15:27 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-23 17:32 - 2009-07-14 05:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-23 17:32 - 2009-07-14 05:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-22 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-22 11:40 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration
2013-06-22 10:57 - 2013-03-07 18:53 - 00000000 ____D C:\users\kira
2013-06-17 12:46 - 2013-05-16 09:17 - 00000000 ____D C:\Users\kira\AppData\Roaming\Yontoo
2013-06-17 12:32 - 2013-05-25 11:04 - 00000000 ____D C:\Users\kira\AppData\Roaming\vlc
2013-06-17 12:14 - 2013-06-17 12:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-16 07:51 - 2013-04-29 09:19 - 00000219 ____A C:\Windows\System32\MRT.INI
2013-06-16 07:48 - 2013-04-29 09:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 20:29 - 2009-07-14 05:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-15 11:10 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-12 16:51 - 2013-06-07 15:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 16:51 - 2013-06-07 15:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 20:23 - 2013-06-11 20:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-11 20:23 - 2013-04-27 11:17 - 280512269 ____A C:\Windows\MEMORY.DMP
2013-06-11 20:23 - 2013-04-27 11:17 - 00000000 ____D C:\Windows\Minidump
2013-06-09 00:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-07 19:36 - 2013-06-07 19:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 19:36 - 2013-05-10 13:13 - 00000000 ____D C:\Users\kira\AppData\Roaming\Adobe
2013-06-07 16:18 - 2013-06-06 14:11 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-07 16:03 - 2013-03-07 19:50 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-07 15:27 - 2013-06-07 15:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 15:27 - 2013-06-07 15:26 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 14:26 - 2013-06-06 14:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:09 - 2013-06-06 14:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 13:47 - 2013-06-06 13:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 20:03 - 2013-06-05 19:05 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 19:18 - 2013-06-05 19:15 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 19:18 - 2013-06-05 19:05 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-06-02 13:56 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
2013-05-29 17:15 - 2013-05-29 17:15 - 00000000 __SHD C:\found.001
2013-05-27 11:40 - 2009-07-14 05:33 - 00265640 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-27 05:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\MUI
2013-05-27 03:22 - 2013-05-27 03:22 - 00000000 __SHD C:\found.000
Files to move or delete:
====================
C:\Users\kira\AppData\Roaming\skype.dat
C:\Users\kira\AppData\Roaming\skype.ini
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2013-04-13 16:02] - [2009-08-03 06:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-29 09:15] - [2012-09-06 17:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-06-17 15:03:28
Restore point made on: 2013-06-23 02:04:13
Restore point made on: 2013-06-23 12:54:57
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 3947.86 MB
Available physical RAM: 3467.52 MB
Total Pagefile: 3946.14 MB
Available Pagefile: 3468.02 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.67 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:428.47 GB) NTFS
Drive f: (PENDRIVE) (Removable) (Total:0.95 GB) (Free:0.36 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 81F7F3A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=974 MB) - (Type=0C)
LastRegBack: 2013-06-22 23:03
==================== End Of Log ============================
|
|
26.06.2013, 23:56
| #4 |
| /// TB-Ausbilder | Weißer Bildschirm Ja, das ist besser. Kannst du nach folgendem Fix wieder normal starten? Drücke auf einem Zweitrechner bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument: Code:
ATTFilter HKU\kira\...\Winlogon: [Shell] explorer.exe,C:\Users\kira\AppData\Roaming\skype.dat <==== ATTENTION
C:\Users\kira\AppData\Roaming\skype.dat
C:\Users\kira\AppData\Roaming\skype.ini
__________________ cheers, Leo |
|
27.06.2013, 13:36
| #5 |
| | Weißer Bildschirm Here we go: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 25-06-2013 02
Ran by SYSTEM at 2013-06-27 14:35:38 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
HKU\kira\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Users\kira\AppData\Roaming\skype.dat => Moved successfully.
C:\Users\kira\AppData\Roaming\skype.ini => Moved successfully.
==== End of Fixlog ====
|
|
27.06.2013, 13:44
| #6 |
| /// TB-Ausbilder | Weißer Bildschirm Prima. Dann geht's jetzt im normalen Modus weiter. Verschiebe die frst.exe vom USB-Stick auf den Desktop.
__________________ --> Weißer Bildschirm |
|
27.06.2013, 14:51
| #7 |
| | Weißer Bildschirm Zweites frst.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-06-2013 02
Ran by kira (administrator) on 27-06-2013 15:46:55
Running from C:\Users\kira\Desktop
Microsoft Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Online Games Manager\ogmservice.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
() C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Ask) C:\Program Files\Ask.com\Updater\Updater.exe
() C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe
(Yontoo LLC) C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [10820200 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe /FORPCEE4 [1571432 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM\...\Run: [IntelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1210640 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" [1646216 2013-03-31] (Ask)
HKLM\...\Run: [TAG_A1Dashboard_Launcher.exe] C:\Program Files\A1 Dashboard\A1Dashboard_Launcher.exe [478192 2012-10-22] ()
HKCU\...\Run: [Yontoo Desktop] "C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe" [47392 2013-05-17] (Yontoo LLC)
MountPoints2: {3d4a93c7-874f-11e2-ab93-806e6f6e6963} - D:\sources\sperr32.exe x64
MountPoints2: {f73c0fcf-bc6a-11e2-8dd6-806e6f6e6963} - E:\.\Autorun.exe AUTORUN=1
MountPoints2: {f73c1024-bc6a-11e2-8dd6-b870f49ff7c0} - E:\.\Autorun.exe AUTORUN=1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sm.de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.mysearchdial.com/?f=1&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
HKLM SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
HKCU SearchScopes: DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=foxtab&cd=2XzuyEtN2Y1L1Qzu0BzzyBtD0FyEzy0F0FyB0CtDtD0CyCtBtN0D0Tzu0SyDtDyEtN1L2XzutBtFtBtFtCtFyCtCzztN1L1Czu1L1C1F1G1H1B1QtDyE&cr=978288962&ir=
SearchScopes: HKCU - {515815B3-C1BF-4BAC-9D95-FA44E68A8DAC} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_US&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^AT&apn_uid=4FB8BE34-EBB0-40FF-BFA6-D7054BA7E21B&apn_sauid=3ED68056-6910-4B67-884B-8050DB1B994D
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\PROGRA~1\MYSEAR~1\bh\mysearchdial.dll (Ironsource Israel (2011) LTD)
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\PROGRA~1\MYSEAR~1\mysearchdialTlbr.dll (Ironsource Israel (2011) LTD)
Toolbar: HKCU -Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
Chrome:
=======
CHR DefaultSearchURL: (Delta Search) - hxxp://www1.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=42BC582C80139263
CHR DefaultSuggestURL: (Delta Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.110\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Unity Player) - C:\Users\kira\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Ask Toolbar) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0
CHR Extension: (Google Docs) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Yontoo) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.3_0
CHR Extension: (MyHarmony Chrome Plugin) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\omaonpoimgkmbllpdihbnmgphjoipdhf\1.2.0.0_0
CHR Extension: (New Tab) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff\9.2_0
CHR Extension: (Gmail) - C:\Users\kira\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
========================== Services (Whitelisted) =================
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [227600 2011-05-02] ()
R2 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
R2 TAG_Service; C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe [330736 2012-10-22] ()
R2 Yontoo Desktop Updater; C:\Users\kira\AppData\Roaming\Yontoo\YontooDesktop.exe [47392 2013-05-17] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
R0 atapi; C:\Windows\System32\DRIVERS\atapi.sys [21584 2013-06-27] ()
S3 huawei_cdcacm; C:\Windows\System32\DRIVERS\ew_jucdcacm.sys [89856 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_ext_ctrl; C:\Windows\System32\DRIVERS\ew_juextctrl.sys [26624 2011-09-09] (Huawei Technologies Co., Ltd.)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [186880 2011-09-09] (Huawei Technologies Co., Ltd.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-20] (Intel Corporation)
S1 tkwnteqh; \??\C:\Windows\system32\drivers\tkwnteqh.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-27 15:46 - 2013-06-26 21:07 - 01370251 ____A (Farbar) C:\Users\kira\Desktop\FRST.exe
2013-06-27 14:40 - 2013-06-27 15:44 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-26 22:12 - 2013-06-26 22:12 - 00000000 ____D C:\FRST
2013-06-17 13:14 - 2013-06-17 13:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-11 21:23 - 2013-06-11 21:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-07 20:36 - 2013-06-07 20:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 16:27 - 2013-06-27 14:51 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-07 16:27 - 2013-06-12 17:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-07 16:27 - 2013-06-12 17:51 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-07 16:27 - 2013-06-07 16:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 16:26 - 2013-06-07 16:27 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 15:26 - 2013-06-06 15:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 15:11 - 2013-06-07 17:18 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:47 - 2013-06-06 14:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 20:15 - 2013-06-05 20:18 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 20:05 - 2013-06-05 21:03 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 20:05 - 2013-06-05 20:18 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-05-29 18:15 - 2013-05-29 18:15 - 00000000 __SHD C:\found.001
==================== One Month Modified Files and Folders ========
2013-06-27 15:45 - 2013-03-07 20:46 - 00001090 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 15:44 - 2013-06-27 14:40 - 00000000 ____D C:\Windows\System32\MpEngineStore
2013-06-27 15:44 - 2013-04-13 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-27 15:44 - 2013-04-13 17:01 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-27 15:44 - 2013-03-07 19:51 - 01265601 ____A C:\Windows\WindowsUpdate.log
2013-06-27 15:44 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 15:44 - 2009-07-14 06:39 - 00055494 ____A C:\Windows\setupact.log
2013-06-27 15:43 - 2009-07-14 01:11 - 00021584 ____A C:\Windows\System32\Drivers\atapi.sys
2013-06-27 15:04 - 2013-05-19 18:03 - 00000288 ____A C:\Windows\Tasks\MySearchDial.job
2013-06-27 15:00 - 2013-03-07 20:03 - 01472002 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 14:56 - 2013-03-07 20:46 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 14:51 - 2013-06-07 16:27 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 14:44 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 14:44 - 2009-07-14 06:34 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 14:37 - 2013-03-07 19:53 - 00000000 ____D C:\users\kira
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\wfp
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-06-26 22:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2013-06-26 22:12 - 2013-06-26 22:12 - 00000000 ____D C:\FRST
2013-06-26 21:07 - 2013-06-27 15:46 - 01370251 ____A (Farbar) C:\Users\kira\Desktop\FRST.exe
2013-06-17 13:46 - 2013-05-16 10:17 - 00000000 ____D C:\Users\kira\AppData\Roaming\Yontoo
2013-06-17 13:32 - 2013-05-25 12:04 - 00000000 ____D C:\Users\kira\AppData\Roaming\vlc
2013-06-17 13:14 - 2013-06-17 13:14 - 00000288 ____A C:\Users\kira\AppData\Roaming\.backup.dm
2013-06-16 08:51 - 2013-04-29 10:19 - 00000219 ____A C:\Windows\System32\MRT.INI
2013-06-16 08:48 - 2013-04-29 10:18 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 21:29 - 2009-07-14 06:53 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-15 12:10 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-06-15 12:10 - 2009-07-14 04:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-06-12 17:51 - 2013-06-07 16:27 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-12 17:51 - 2013-06-07 16:27 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-11 21:23 - 2013-06-11 21:23 - 00337784 ____A C:\Windows\Minidump\061113-19484-01.dmp
2013-06-11 21:23 - 2013-04-27 12:17 - 280512269 ____A C:\Windows\MEMORY.DMP
2013-06-11 21:23 - 2013-04-27 12:17 - 00000000 ____D C:\Windows\Minidump
2013-06-09 01:43 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-06-07 20:36 - 2013-06-07 20:36 - 00000000 ____D C:\Users\kira\AppData\Roaming\Macromedia
2013-06-07 20:36 - 2013-05-10 14:13 - 00000000 ____D C:\Users\kira\AppData\Roaming\Adobe
2013-06-07 17:18 - 2013-06-06 15:11 - 00000000 ____D C:\Program Files\Der Planer 4
2013-06-07 17:03 - 2013-03-07 20:50 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-07 16:27 - 2013-06-07 16:27 - 00000000 ____D C:\Windows\System32\Macromed
2013-06-07 16:27 - 2013-06-07 16:26 - 00000000 ____D C:\Users\kira\AppData\Local\Adobe
2013-06-06 15:26 - 2013-06-06 15:26 - 00000000 ____D C:\Users\kira\AppData\Roaming\Der Planer 4
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\Users\kira\Documents\bitComposer Games
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 15:09 - 2013-06-06 15:09 - 00000000 ____D C:\ProgramData\Wildlife Park 3
2013-06-06 14:47 - 2013-06-06 14:47 - 00000000 ____D C:\Program Files\bitComposer Games
2013-06-05 21:03 - 2013-06-05 20:05 - 00000000 ____D C:\Program Files\WBFS
2013-06-05 20:18 - 2013-06-05 20:15 - 00000000 ____D C:\Users\kira\Desktop\wii
2013-06-05 20:18 - 2013-06-05 20:05 - 00000000 ____D C:\Users\kira\Documents\WBFS Manager Covers
2013-06-02 14:56 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\AppCompat
2013-05-29 18:15 - 2013-05-29 18:15 - 00000000 __SHD C:\found.001
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2013-04-13 17:02] - [2009-08-03 07:35] - 2613248 ____A (Microsoft Corporation) B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-04-29 10:15] - [2012-09-06 18:48] - 0245616 ____A (Microsoft Corporation) 59F06B4968E58BC83DFC56CA4517960E
LastRegBack: 2013-06-23 00:03
==================== End Of Log ============================
addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-06-2013 02
Ran by kira at 2013-06-27 15:47:55
Running from C:\Users\kira\Desktop
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
A1 Dashboard (Version: 2.0)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Ask Toolbar (Version: 1.15.23.0)
Ask Toolbar Updater (HKCU Version: 1.2.5.36191)
Broadcom NetLink Controller (Version: 14.8.4.1)
DirectX Media Runtime 5.2b
Dolby Advanced Audio v2 (Version: 7.2.7000.7)
Gold Rush
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Intel PROSet Wireless
Intel(R) Management Engine Components (Version: 7.0.0.1144)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.01.1000)
Intel(R) Rapid Storage Technology (Version: 10.5.0.1026)
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Logitech Harmony Remote Software (x86) (Version: 2.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mysearchdial
NSIS Example2
NVIDIA 3D Vision Treiber 311.06 (Version: 311.06)
NVIDIA Grafiktreiber 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)
NVIDIA Systemsteuerung 311.06 (Version: 311.06)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
Online Games Manager v1.20 (Version: 1.20.13)
PlanetPenguin Racer (Version: 0.3.1)
Realtek High Definition Audio Driver (Version: 6.0.1.6438)
Unity Web Player (HKCU Version: )
VLC media player 2.0.6 (Version: 2.0.6)
WET - The Sexy Empire
Yontoo 2.053 (Version: 2.053)
==================== Restore Points =========================
17-06-2013 14:03:27 Geplanter Prüfpunkt
23-06-2013 01:04:11 Windows Update
23-06-2013 11:54:55 Windows Update
==================== Scheduled Tasks (whitelisted) =============
Task: {4500C94E-9D60-4EE7-9EA8-4A14D0BF686A} - System32\Tasks\MySearchDial => C:\Users\kira\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE [2013-05-19] ()
Task: {6F13C3E6-7A41-4107-9D4D-882E0C7D1AE4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12] (Adobe Systems Incorporated)
Task: {81F11953-E28C-4B9A-BCE3-26BFA087D0B2} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe [2013-03-31] ()
Task: {CEB91A09-10CE-4FCA-8F0B-9A1AC880574B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {D6825302-3F17-47AE-B0EB-83A087FD360E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-03-07] (Google Inc.)
Task: {DC53FBFB-656E-4CB2-8A2D-2167AA1D4698} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => ?
==================== Faulty Device Manager Devices =============
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Basissystemgerät
Description: Basissystemgerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/16/2013 08:48:31 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
Error: (06/16/2013 08:48:30 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
.
System errors:
=============
Error: (06/26/2013 09:08:30 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%126
Error: (06/26/2013 09:08:30 PM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (06/26/2013 09:08:00 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler beendet:
%%126
Error: (06/23/2013 09:33:07 PM) (Source: Microsoft-Windows-Directory-Services-SAM) (User: NT-AUTORITÄT)
Description: Das SAM-Modul konnte den TCP/IP- bzw. SPX/IPX-Listening-Thread nicht starten.
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
AFD
DfsC
discache
NetBIOS
NetBT
nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst "Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%31
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (06/23/2013 09:32:58 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/23/2013 01:54:55 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/23/2013 03:04:11 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/17/2013 04:03:27 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/17/2013 08:28:37 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/16/2013 08:48:31 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
Error: (06/16/2013 08:48:30 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddCoreCsiFiles : GetNextFileMapContent() failed.
System Error:
Falscher Parameter.
CodeIntegrity Errors:
===================================
Date: 2013-05-24 05:37:52.690
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-24 05:37:50.600
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-24 05:37:49.336
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-24 05:37:48.135
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-05-24 05:37:46.794
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\14e640dadb1b7ccad9d50cb4dd\mrt.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 2413.86 MB
Available physical RAM: 1756.11 MB
Total Pagefile: 4826 MB
Available Pagefile: 4107.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1922.55 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:428.4 GB) NTFS
Drive e: () (Removable) (Total:0.95 GB) (Free:0.94 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 81F7F3A0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 974 MB) (Disk ID: 04030201)
Partition 1: (Active) - (Size=974 MB) - (Type=06)
==================== End Of Log ============================
|
|
28.06.2013, 00:40
| #8 |
| /// TB-Ausbilder | Weißer Bildschirm Ok, dann mach bitte so weiter: Schritt 1 Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Schritt 2 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
28.06.2013, 14:11
| #9 |
| | Weißer Bildschirm aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-06-28 14:50:52
-----------------------------
14:50:52.569 OS Version: Windows 6.1.7600
14:50:52.569 Number of processors: 2 586 0x2A07
14:50:52.569 ComputerName: KIRA-PC UserName: kira
14:50:53.380 Initialize success
14:52:17.164 AVAST engine defs: 13062800
14:52:43.559 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:52:43.575 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
14:52:43.731 Disk 0 MBR read successfully
14:52:43.731 Disk 0 MBR scan
14:52:43.746 Disk 0 Windows 7 default MBR code
14:52:43.762 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:52:43.778 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
14:52:43.778 Disk 0 scanning sectors +976771072
14:52:43.980 Disk 0 scanning C:\Windows\system32\drivers
14:52:57.552 Service scanning
14:53:24.213 Modules scanning
14:53:37.816 Disk 0 trace - called modules:
14:53:37.847 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
14:53:37.863 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x880e8948]
14:53:37.878 3 CLASSPNP.SYS[8a58e59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8623a028]
14:53:39.766 AVAST engine scan C:\Windows
14:53:43.058 AVAST engine scan C:\Windows\system32
14:56:45.703 AVAST engine scan C:\Windows\system32\drivers
14:57:03.034 AVAST engine scan C:\Users\kira
14:58:34.794 AVAST engine scan C:\ProgramData
14:58:47.695 Scan finished successfully
14:59:01.501 Disk 0 MBR has been saved successfully to "C:\Users\kira\Desktop\MBR.dat"
14:59:01.501 The log file has been saved successfully to "C:\Users\kira\Desktop\aswMBR.txt"
Code:
ATTFilter 15:00:03.0102 3592 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
15:00:05.0114 3592 ============================================================
15:00:05.0114 3592 Current date / time: 2013/06/28 15:00:05.0114
15:00:05.0114 3592 SystemInfo:
15:00:05.0114 3592
15:00:05.0114 3592 OS Version: 6.1.7600 ServicePack: 0.0
15:00:05.0114 3592 Product type: Workstation
15:00:05.0114 3592 ComputerName: KIRA-PC
15:00:05.0114 3592 UserName: kira
15:00:05.0114 3592 Windows directory: C:\Windows
15:00:05.0114 3592 System windows directory: C:\Windows
15:00:05.0114 3592 Processor architecture: Intel x86
15:00:05.0114 3592 Number of processors: 2
15:00:05.0114 3592 Page size: 0x1000
15:00:05.0114 3592 Boot type: Normal boot
15:00:05.0114 3592 ============================================================
15:00:05.0644 3592 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
15:00:05.0660 3592 Drive \Device\Harddisk1\DR1 - Size: 0xF0A00000 (3.76 Gb), SectorSize: 0x200, Cylinders: 0x1EA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:00:05.0660 3592 ============================================================
15:00:05.0660 3592 \Device\Harddisk0\DR0:
15:00:05.0660 3592 MBR partitions:
15:00:05.0660 3592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:00:05.0660 3592 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:00:05.0660 3592 \Device\Harddisk1\DR1:
15:00:05.0660 3592 MBR partitions:
15:00:05.0660 3592 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0xBD0, BlocksNum 0x784430
15:00:05.0660 3592 ============================================================
15:00:05.0691 3592 C: <-> \Device\Harddisk0\DR0\Partition2
15:00:05.0691 3592 ============================================================
15:00:05.0691 3592 Initialize success
15:00:05.0691 3592 ============================================================
15:00:17.0282 3324 ============================================================
15:00:17.0282 3324 Scan started
15:00:17.0282 3324 Mode: Manual; SigCheck; TDLFS;
15:00:17.0282 3324 ============================================================
15:00:17.0844 3324 ================ Scan system memory ========================
15:00:17.0844 3324 System memory - ok
15:00:17.0844 3324 ================ Scan services =============================
15:00:18.0000 3324 [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
15:00:18.0140 3324 1394ohci - ok
15:00:18.0202 3324 [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
15:00:18.0234 3324 ACPI - ok
15:00:18.0280 3324 [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
15:00:18.0327 3324 AcpiPmi - ok
15:00:18.0468 3324 [ 9915504F602D277EE47FD843A677FD15 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
15:00:18.0499 3324 AdobeFlashPlayerUpdateSvc - ok
15:00:18.0577 3324 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:00:18.0624 3324 adp94xx - ok
15:00:18.0639 3324 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:00:18.0670 3324 adpahci - ok
15:00:18.0702 3324 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:00:18.0733 3324 adpu320 - ok
15:00:18.0764 3324 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:00:18.0842 3324 AeLookupSvc - ok
15:00:18.0920 3324 [ DDC040FDB01EF1712A6B13E52AFB104C ] AFD C:\Windows\system32\drivers\afd.sys
15:00:19.0092 3324 AFD - ok
15:00:19.0123 3324 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
15:00:19.0154 3324 agp440 - ok
15:00:19.0185 3324 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
15:00:19.0216 3324 aic78xx - ok
15:00:19.0263 3324 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
15:00:19.0310 3324 ALG - ok
15:00:19.0372 3324 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
15:00:19.0388 3324 aliide - ok
15:00:19.0435 3324 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\DRIVERS\amdagp.sys
15:00:19.0450 3324 amdagp - ok
15:00:19.0482 3324 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\DRIVERS\amdide.sys
15:00:19.0497 3324 amdide - ok
15:00:19.0513 3324 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:00:19.0560 3324 AmdK8 - ok
15:00:19.0560 3324 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:00:19.0622 3324 AmdPPM - ok
15:00:19.0669 3324 [ 2101A86C25C154F8314B24EF49D7FBC2 ] amdsata C:\Windows\system32\DRIVERS\amdsata.sys
15:00:19.0700 3324 amdsata - ok
15:00:19.0778 3324 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:00:19.0809 3324 amdsbs - ok
15:00:19.0825 3324 [ B81C2B5616F6420A9941EA093A92B150 ] amdxata C:\Windows\system32\DRIVERS\amdxata.sys
15:00:19.0840 3324 amdxata - ok
15:00:19.0856 3324 [ FEB834C02CE1E84B6A38F953CA067706 ] AppID C:\Windows\system32\drivers\appid.sys
15:00:19.0950 3324 AppID - ok
15:00:19.0996 3324 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:00:20.0184 3324 AppIDSvc - ok
15:00:20.0199 3324 [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo C:\Windows\System32\appinfo.dll
15:00:20.0246 3324 Appinfo - ok
15:00:20.0277 3324 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
15:00:20.0308 3324 arc - ok
15:00:20.0340 3324 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:00:20.0355 3324 arcsas - ok
15:00:20.0386 3324 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:20.0464 3324 AsyncMac - ok
15:00:20.0511 3324 [ 586906F468F7E54A54679E3AFD6B5227 ] atapi C:\Windows\system32\DRIVERS\atapi.sys
15:00:20.0542 3324 atapi ( UnsignedFile.Multi.Generic ) - warning
15:00:20.0542 3324 atapi - detected UnsignedFile.Multi.Generic (1)
15:00:20.0605 3324 [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:00:20.0714 3324 AudioEndpointBuilder - ok
15:00:20.0745 3324 [ 510C873BFA135AA829F4180352772734 ] Audiosrv C:\Windows\System32\Audiosrv.dll
15:00:20.0792 3324 Audiosrv - ok
15:00:20.0823 3324 [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:00:20.0870 3324 AxInstSV - ok
15:00:20.0932 3324 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
15:00:21.0010 3324 b06bdrv - ok
15:00:21.0042 3324 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
15:00:21.0104 3324 b57nd60x - ok
15:00:21.0276 3324 [ EA0B976854393EBD1FAAB4A0A22B1124 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
15:00:21.0354 3324 BCM43XX - ok
15:00:21.0400 3324 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
15:00:21.0463 3324 BDESVC - ok
15:00:21.0510 3324 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
15:00:21.0588 3324 Beep - ok
15:00:21.0650 3324 [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE C:\Windows\System32\bfe.dll
15:00:21.0728 3324 BFE - ok
15:00:21.0775 3324 [ 53F476476F55A27F580661BDE09C4EC4 ] BITS C:\Windows\System32\qmgr.dll
15:00:21.0884 3324 BITS - ok
15:00:21.0915 3324 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:21.0946 3324 blbdrive - ok
15:00:22.0009 3324 [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:00:22.0056 3324 bowser - ok
15:00:22.0087 3324 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:00:22.0149 3324 BrFiltLo - ok
15:00:22.0165 3324 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:00:22.0227 3324 BrFiltUp - ok
15:00:22.0305 3324 [ 598E1280E7FF3744F4B8329366CC5635 ] Browser C:\Windows\System32\browser.dll
15:00:22.0383 3324 Browser - ok
15:00:22.0430 3324 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:00:22.0508 3324 Brserid - ok
15:00:22.0524 3324 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:22.0586 3324 BrSerWdm - ok
15:00:22.0617 3324 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:22.0680 3324 BrUsbMdm - ok
15:00:22.0680 3324 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:22.0711 3324 BrUsbSer - ok
15:00:22.0742 3324 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:00:22.0789 3324 BTHMODEM - ok
15:00:22.0851 3324 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
15:00:22.0929 3324 bthserv - ok
15:00:22.0976 3324 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:00:23.0054 3324 cdfs - ok
15:00:23.0132 3324 [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:00:23.0179 3324 cdrom - ok
15:00:23.0241 3324 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc C:\Windows\System32\certprop.dll
15:00:23.0319 3324 CertPropSvc - ok
15:00:23.0350 3324 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:00:23.0382 3324 circlass - ok
15:00:23.0397 3324 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
15:00:23.0428 3324 CLFS - ok
15:00:23.0522 3324 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:23.0553 3324 clr_optimization_v2.0.50727_32 - ok
15:00:23.0569 3324 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:00:23.0616 3324 CmBatt - ok
15:00:23.0647 3324 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
15:00:23.0678 3324 cmdide - ok
15:00:23.0740 3324 [ 36C252E474B2FFA0F0FBBFF20D92A640 ] CNG C:\Windows\system32\Drivers\cng.sys
15:00:23.0803 3324 CNG - ok
15:00:23.0834 3324 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:00:23.0865 3324 Compbatt - ok
15:00:23.0896 3324 [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
15:00:23.0928 3324 CompositeBus - ok
15:00:23.0943 3324 COMSysApp - ok
15:00:23.0959 3324 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:00:23.0974 3324 crcdisk - ok
15:00:24.0052 3324 [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:00:24.0130 3324 CryptSvc - ok
15:00:24.0193 3324 [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch C:\Windows\system32\rpcss.dll
15:00:24.0286 3324 DcomLaunch - ok
15:00:24.0333 3324 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
15:00:24.0427 3324 defragsvc - ok
15:00:24.0505 3324 [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:00:24.0583 3324 DfsC - ok
15:00:24.0645 3324 [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp C:\Windows\system32\dhcpcore.dll
15:00:24.0708 3324 Dhcp - ok
15:00:24.0754 3324 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
15:00:24.0801 3324 discache - ok
15:00:24.0832 3324 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:00:24.0848 3324 Disk - ok
15:00:24.0910 3324 [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:00:24.0988 3324 Dnscache - ok
15:00:25.0020 3324 [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc C:\Windows\System32\dot3svc.dll
15:00:25.0113 3324 dot3svc - ok
15:00:25.0144 3324 [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS C:\Windows\system32\dps.dll
15:00:25.0238 3324 DPS - ok
15:00:25.0269 3324 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:00:25.0332 3324 drmkaud - ok
15:00:25.0378 3324 [ C94B6C3CC628179CB9B9061C19888B99 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:00:25.0425 3324 DXGKrnl - ok
15:00:25.0456 3324 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
15:00:25.0534 3324 EapHost - ok
15:00:25.0659 3324 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
15:00:25.0815 3324 ebdrv - ok
15:00:25.0862 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS C:\Windows\System32\lsass.exe
15:00:25.0893 3324 EFS - ok
15:00:25.0987 3324 [ 3A74A6E33685662B125A3269B1F2114F ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:00:26.0096 3324 ehRecvr - ok
15:00:26.0096 3324 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
15:00:26.0143 3324 ehSched - ok
15:00:26.0205 3324 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:00:26.0268 3324 elxstor - ok
15:00:26.0299 3324 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
15:00:26.0346 3324 ErrDev - ok
15:00:26.0424 3324 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
15:00:26.0502 3324 EventSystem - ok
15:00:26.0580 3324 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
15:00:26.0626 3324 ew_hwusbdev - ok
15:00:26.0658 3324 [ 61A973F60E94A551BA7B15F3460444FB ] ew_usbenumfilter C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
15:00:26.0673 3324 ew_usbenumfilter - ok
15:00:26.0704 3324 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
15:00:26.0767 3324 exfat - ok
15:00:26.0782 3324 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:00:26.0829 3324 fastfat - ok
15:00:26.0907 3324 [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax C:\Windows\system32\fxssvc.exe
15:00:27.0001 3324 Fax - ok
15:00:27.0032 3324 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:00:27.0063 3324 fdc - ok
15:00:27.0110 3324 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
15:00:27.0172 3324 fdPHost - ok
15:00:27.0204 3324 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
15:00:27.0219 3324 FDResPub - ok
15:00:27.0266 3324 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:00:27.0266 3324 FileInfo - ok
15:00:27.0297 3324 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:00:27.0344 3324 Filetrace - ok
15:00:27.0391 3324 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:00:27.0438 3324 flpydisk - ok
15:00:27.0469 3324 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:00:27.0500 3324 FltMgr - ok
15:00:27.0562 3324 [ 151258FC2EC8C48BDF8A53350AE0A676 ] FontCache C:\Windows\system32\FntCache.dll
15:00:27.0640 3324 FontCache - ok
15:00:27.0703 3324 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
15:00:27.0718 3324 FontCache3.0.0.0 - ok
15:00:27.0750 3324 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:00:27.0765 3324 FsDepends - ok
15:00:27.0828 3324 [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:00:27.0843 3324 Fs_Rec - ok
15:00:27.0874 3324 [ 5592F5DBA26282D24D2B080EB438A4D7 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:00:27.0906 3324 fvevol - ok
15:00:27.0937 3324 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:00:27.0952 3324 gagp30kx - ok
15:00:27.0999 3324 [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc C:\Windows\System32\gpsvc.dll
15:00:28.0093 3324 gpsvc - ok
15:00:28.0233 3324 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:28.0264 3324 gupdate - ok
15:00:28.0280 3324 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
15:00:28.0296 3324 gupdatem - ok
15:00:28.0327 3324 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:00:28.0389 3324 hcw85cir - ok
15:00:28.0420 3324 [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:00:28.0467 3324 HdAudAddService - ok
15:00:28.0483 3324 [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:28.0530 3324 HDAudBus - ok
15:00:28.0576 3324 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:00:28.0608 3324 HidBatt - ok
15:00:28.0623 3324 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:00:28.0670 3324 HidBth - ok
15:00:28.0701 3324 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:00:28.0764 3324 HidIr - ok
15:00:28.0795 3324 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
15:00:28.0873 3324 hidserv - ok
15:00:28.0951 3324 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
15:00:28.0998 3324 HidUsb - ok
15:00:29.0044 3324 [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:00:29.0122 3324 hkmsvc - ok
15:00:29.0154 3324 [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:00:29.0232 3324 HomeGroupListener - ok
15:00:29.0278 3324 [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:00:29.0341 3324 HomeGroupProvider - ok
15:00:29.0388 3324 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
15:00:29.0403 3324 HpSAMD - ok
15:00:29.0450 3324 [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:00:29.0528 3324 HTTP - ok
15:00:29.0590 3324 [ 88B2115311628579BDE805DDDDD913B7 ] huawei_cdcacm C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
15:00:29.0637 3324 huawei_cdcacm - ok
15:00:29.0653 3324 [ 2AEB89AEAC08ECD23FC0DA3EB4330A29 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
15:00:29.0731 3324 huawei_enumerator - ok
15:00:29.0731 3324 [ FF66400ACC543F4EEFE83CDE5B1B4164 ] huawei_ext_ctrl C:\Windows\system32\DRIVERS\ew_juextctrl.sys
15:00:29.0778 3324 huawei_ext_ctrl - ok
15:00:29.0809 3324 [ CB4A1F464EF6FE83ABDFE49E7416E6D7 ] huawei_wwanecm C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
15:00:29.0856 3324 huawei_wwanecm - ok
15:00:29.0902 3324 [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:00:29.0918 3324 hwpolicy - ok
15:00:29.0949 3324 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:30.0012 3324 i8042prt - ok
15:00:30.0058 3324 [ 9615DAF540B2C04DC871D10D7AE59F38 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
15:00:30.0090 3324 iaStor - ok
15:00:30.0121 3324 [ 934AF4D7C5F457B9F0743F4299B77B67 ] iaStorV C:\Windows\system32\DRIVERS\iaStorV.sys
15:00:30.0152 3324 iaStorV - ok
15:00:30.0214 3324 [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
15:00:30.0292 3324 idsvc - ok
15:00:30.0308 3324 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:00:30.0324 3324 iirsp - ok
15:00:30.0386 3324 [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT C:\Windows\System32\ikeext.dll
15:00:30.0495 3324 IKEEXT - ok
15:00:30.0667 3324 [ 6CAC927C002DD79D666AA71332EAF03A ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
15:00:30.0745 3324 IntcAzAudAddService - ok
15:00:30.0776 3324 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\DRIVERS\intelide.sys
15:00:30.0776 3324 intelide - ok
15:00:30.0823 3324 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:00:30.0854 3324 intelppm - ok
15:00:30.0885 3324 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:00:30.0963 3324 IPBusEnum - ok
15:00:30.0994 3324 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:31.0072 3324 IpFilterDriver - ok
15:00:31.0135 3324 [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:00:31.0213 3324 iphlpsvc - ok
15:00:31.0244 3324 [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:00:31.0275 3324 IPMIDRV - ok
15:00:31.0275 3324 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:00:31.0322 3324 IPNAT - ok
15:00:31.0338 3324 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:00:31.0400 3324 IRENUM - ok
15:00:31.0431 3324 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
15:00:31.0447 3324 isapnp - ok
15:00:31.0478 3324 [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
15:00:31.0509 3324 iScsiPrt - ok
15:00:31.0556 3324 [ 410765797CF25CA4B94493D21CCFD487 ] k57nd60x C:\Windows\system32\DRIVERS\k57nd60x.sys
15:00:31.0587 3324 k57nd60x - ok
15:00:31.0650 3324 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:31.0681 3324 kbdclass - ok
15:00:31.0712 3324 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:31.0759 3324 kbdhid - ok
15:00:31.0790 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso C:\Windows\system32\lsass.exe
15:00:31.0821 3324 KeyIso - ok
15:00:31.0837 3324 [ 0263364ACB9C834ACE52FB85C2C064EC ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:00:31.0868 3324 KSecDD - ok
15:00:31.0915 3324 [ 27391DB553BE2A4E2B0ADEEA2873B2AF ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:00:31.0946 3324 KSecPkg - ok
15:00:31.0977 3324 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
15:00:32.0055 3324 KtmRm - ok
15:00:32.0133 3324 [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer C:\Windows\system32\srvsvc.dll
15:00:32.0211 3324 LanmanServer - ok
15:00:32.0258 3324 [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:00:32.0320 3324 LanmanWorkstation - ok
15:00:32.0398 3324 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:00:32.0445 3324 lltdio - ok
15:00:32.0476 3324 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:00:32.0554 3324 lltdsvc - ok
15:00:32.0586 3324 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
15:00:32.0664 3324 lmhosts - ok
15:00:32.0773 3324 [ 50C7CE53EF461870410355F1F2E7D515 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:00:32.0804 3324 LMS - ok
15:00:32.0835 3324 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:00:32.0851 3324 LSI_FC - ok
15:00:32.0866 3324 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:00:32.0882 3324 LSI_SAS - ok
15:00:32.0898 3324 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:00:32.0913 3324 LSI_SAS2 - ok
15:00:32.0929 3324 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:00:32.0944 3324 LSI_SCSI - ok
15:00:32.0960 3324 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
15:00:33.0022 3324 luafv - ok
15:00:33.0069 3324 [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:00:33.0085 3324 Mcx2Svc - ok
15:00:33.0132 3324 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:00:33.0147 3324 megasas - ok
15:00:33.0163 3324 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:00:33.0194 3324 MegaSR - ok
15:00:33.0225 3324 [ D86AC00883B9C98B570E7643AAF8E554 ] MEI C:\Windows\system32\DRIVERS\HECI.sys
15:00:33.0272 3324 MEI - ok
15:00:33.0319 3324 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
15:00:33.0397 3324 MMCSS - ok
15:00:33.0428 3324 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
15:00:33.0506 3324 Modem - ok
15:00:33.0568 3324 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:00:33.0600 3324 monitor - ok
15:00:33.0646 3324 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:00:33.0678 3324 mouclass - ok
15:00:33.0678 3324 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:00:33.0709 3324 mouhid - ok
15:00:33.0740 3324 [ 921C18727C5920D6C0300736646931C2 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:00:33.0756 3324 mountmgr - ok
15:00:33.0787 3324 [ 2AF5997438C55FB79D33D015C30E1974 ] mpio C:\Windows\system32\DRIVERS\mpio.sys
15:00:33.0802 3324 mpio - ok
15:00:33.0818 3324 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:00:33.0896 3324 mpsdrv - ok
15:00:33.0943 3324 [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc C:\Windows\system32\mpssvc.dll
15:00:34.0068 3324 MpsSvc - ok
15:00:34.0099 3324 [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:00:34.0114 3324 MRxDAV - ok
15:00:34.0177 3324 [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:34.0255 3324 mrxsmb - ok
15:00:34.0286 3324 [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:34.0317 3324 mrxsmb10 - ok
15:00:34.0333 3324 [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:34.0380 3324 mrxsmb20 - ok
15:00:34.0411 3324 [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
15:00:34.0442 3324 msahci - ok
15:00:34.0458 3324 [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
15:00:34.0489 3324 msdsm - ok
15:00:34.0520 3324 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
15:00:34.0567 3324 MSDTC - ok
15:00:34.0614 3324 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:00:34.0692 3324 Msfs - ok
15:00:34.0723 3324 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:00:34.0785 3324 mshidkmdf - ok
15:00:34.0816 3324 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
15:00:34.0832 3324 msisadrv - ok
15:00:34.0879 3324 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:00:34.0957 3324 MSiSCSI - ok
15:00:34.0957 3324 msiserver - ok
15:00:35.0050 3324 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:00:35.0113 3324 MSKSSRV - ok
15:00:35.0144 3324 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:35.0222 3324 MSPCLOCK - ok
15:00:35.0253 3324 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:00:35.0331 3324 MSPQM - ok
15:00:35.0362 3324 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:00:35.0394 3324 MsRPC - ok
15:00:35.0409 3324 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:35.0440 3324 mssmbios - ok
15:00:35.0440 3324 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:00:35.0503 3324 MSTEE - ok
15:00:35.0518 3324 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:00:35.0550 3324 MTConfig - ok
15:00:35.0565 3324 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
15:00:35.0581 3324 Mup - ok
15:00:35.0612 3324 [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent C:\Windows\system32\qagentRT.dll
15:00:35.0690 3324 napagent - ok
15:00:35.0737 3324 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:00:35.0799 3324 NativeWifiP - ok
15:00:35.0846 3324 [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS C:\Windows\system32\drivers\ndis.sys
15:00:35.0908 3324 NDIS - ok
15:00:35.0940 3324 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:35.0971 3324 NdisCap - ok
15:00:36.0002 3324 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:36.0064 3324 NdisTapi - ok
15:00:36.0111 3324 [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:36.0189 3324 Ndisuio - ok
15:00:36.0220 3324 [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:36.0298 3324 NdisWan - ok
15:00:36.0330 3324 [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:00:36.0408 3324 NDProxy - ok
15:00:36.0439 3324 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:00:36.0517 3324 NetBIOS - ok
15:00:36.0532 3324 [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:00:36.0642 3324 NetBT - ok
15:00:36.0657 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon C:\Windows\system32\lsass.exe
15:00:36.0688 3324 Netlogon - ok
15:00:36.0735 3324 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
15:00:36.0798 3324 Netman - ok
15:00:36.0829 3324 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
15:00:36.0922 3324 netprofm - ok
15:00:36.0954 3324 [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:36.0985 3324 NetTcpPortSharing - ok
15:00:37.0032 3324 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:00:37.0047 3324 nfrd960 - ok
15:00:37.0078 3324 [ 2226496E34BD40734946A054B1CD657F ] NlaSvc C:\Windows\System32\nlasvc.dll
15:00:37.0141 3324 NlaSvc - ok
15:00:37.0156 3324 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:00:37.0188 3324 Npfs - ok
15:00:37.0219 3324 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
15:00:37.0281 3324 nsi - ok
15:00:37.0312 3324 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:00:37.0359 3324 nsiproxy - ok
15:00:37.0453 3324 [ A8F59428E9F361C7AC42A94AC1560BC9 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:00:37.0531 3324 Ntfs - ok
15:00:37.0546 3324 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
15:00:37.0562 3324 Null - ok
15:00:37.0874 3324 [ 0B2E7B39411FAA44EBDA76FB38673964 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:00:38.0030 3324 nvlddmkm - ok
15:00:38.0046 3324 [ 33A6E5EFF1E31EC778079EBFDB80EC1E ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
15:00:38.0046 3324 nvpciflt - ok
15:00:38.0077 3324 [ 3F3D04B1D08D43C16EA7963954EC768D ] nvraid C:\Windows\system32\DRIVERS\nvraid.sys
15:00:38.0092 3324 nvraid - ok
15:00:38.0124 3324 [ C99F251A5DE63C6F129CF71933ACED0F ] nvstor C:\Windows\system32\DRIVERS\nvstor.sys
15:00:38.0155 3324 nvstor - ok
15:00:38.0186 3324 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
15:00:38.0202 3324 nv_agp - ok
15:00:38.0326 3324 [ F0F6BEE889236BB6D6A94560D7EEA2AC ] ogmservice C:\Program Files\Online Games Manager\ogmservice.exe
15:00:38.0358 3324 ogmservice - ok
15:00:38.0373 3324 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
15:00:38.0389 3324 ohci1394 - ok
15:00:38.0420 3324 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:00:38.0467 3324 p2pimsvc - ok
15:00:38.0498 3324 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
15:00:38.0529 3324 p2psvc - ok
15:00:38.0560 3324 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:00:38.0607 3324 Parport - ok
15:00:38.0638 3324 [ 66D3415C159741ADE7038A277EFFF99F ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:00:38.0670 3324 partmgr - ok
15:00:38.0685 3324 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
15:00:38.0732 3324 Parvdm - ok
15:00:38.0779 3324 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:00:38.0810 3324 PcaSvc - ok
15:00:38.0841 3324 [ C858CB77C577780ECC456A892E7E7D0F ] pci C:\Windows\system32\DRIVERS\pci.sys
15:00:38.0872 3324 pci - ok
15:00:38.0888 3324 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\DRIVERS\pciide.sys
15:00:38.0904 3324 pciide - ok
15:00:38.0950 3324 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:00:38.0982 3324 pcmcia - ok
15:00:38.0997 3324 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
15:00:39.0013 3324 pcw - ok
15:00:39.0060 3324 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:00:39.0169 3324 PEAUTH - ok
15:00:39.0247 3324 [ 9C1BFF7910C89A1D12E57343475840CB ] pla C:\Windows\system32\pla.dll
15:00:39.0403 3324 pla - ok
15:00:39.0465 3324 [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:00:39.0559 3324 PlugPlay - ok
15:00:39.0590 3324 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:00:39.0637 3324 PNRPAutoReg - ok
15:00:39.0684 3324 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:00:39.0715 3324 PNRPsvc - ok
15:00:39.0746 3324 [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:00:39.0824 3324 PolicyAgent - ok
15:00:39.0855 3324 [ DBFF83F709A91049621C1D35DD45C92C ] Power C:\Windows\system32\umpo.dll
15:00:39.0949 3324 Power - ok
15:00:39.0996 3324 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:00:40.0089 3324 PptpMiniport - ok
15:00:40.0120 3324 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:00:40.0167 3324 Processor - ok
15:00:40.0198 3324 [ 630CF26F0227498B7D5A92B12548960F ] ProfSvc C:\Windows\system32\profsvc.dll
15:00:40.0276 3324 ProfSvc - ok
15:00:40.0308 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:00:40.0323 3324 ProtectedStorage - ok
15:00:40.0354 3324 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:00:40.0448 3324 Psched - ok
15:00:40.0526 3324 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:00:40.0604 3324 ql2300 - ok
15:00:40.0620 3324 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:00:40.0635 3324 ql40xx - ok
15:00:40.0666 3324 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
15:00:40.0698 3324 QWAVE - ok
15:00:40.0713 3324 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:00:40.0760 3324 QWAVEdrv - ok
15:00:40.0791 3324 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:00:40.0869 3324 RasAcd - ok
15:00:40.0916 3324 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:40.0978 3324 RasAgileVpn - ok
15:00:41.0041 3324 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
15:00:41.0088 3324 RasAuto - ok
15:00:41.0103 3324 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:41.0134 3324 Rasl2tp - ok
15:00:41.0166 3324 [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan C:\Windows\System32\rasmans.dll
15:00:41.0244 3324 RasMan - ok
15:00:41.0275 3324 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:41.0353 3324 RasPppoe - ok
15:00:41.0415 3324 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:00:41.0478 3324 RasSstp - ok
15:00:41.0493 3324 [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:00:41.0587 3324 rdbss - ok
15:00:41.0602 3324 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:00:41.0618 3324 rdpbus - ok
15:00:41.0634 3324 [ 1E016846895B15A99F9A176A05029075 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:41.0696 3324 RDPCDD - ok
15:00:41.0727 3324 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:00:41.0805 3324 RDPENCDD - ok
15:00:41.0852 3324 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:00:41.0899 3324 RDPREFMP - ok
15:00:41.0946 3324 [ 801371BA9782282892D00AADB08EE367 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:00:42.0039 3324 RDPWD - ok
15:00:42.0070 3324 [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:00:42.0102 3324 rdyboost - ok
15:00:42.0133 3324 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
15:00:42.0195 3324 RemoteAccess - ok
15:00:42.0242 3324 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:00:42.0320 3324 RemoteRegistry - ok
15:00:42.0351 3324 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:00:42.0429 3324 RpcEptMapper - ok
15:00:42.0460 3324 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
15:00:42.0507 3324 RpcLocator - ok
15:00:42.0554 3324 [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs C:\Windows\system32\rpcss.dll
15:00:42.0616 3324 RpcSs - ok
15:00:42.0648 3324 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:00:42.0694 3324 rspndr - ok
15:00:42.0710 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs C:\Windows\system32\lsass.exe
15:00:42.0726 3324 SamSs - ok
15:00:42.0757 3324 [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
15:00:42.0772 3324 sbp2port - ok
15:00:42.0788 3324 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:00:42.0866 3324 SCardSvr - ok
15:00:42.0897 3324 [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:00:42.0928 3324 scfilter - ok
15:00:43.0006 3324 [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule C:\Windows\system32\schedsvc.dll
15:00:43.0084 3324 Schedule - ok
15:00:43.0100 3324 [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc C:\Windows\System32\certprop.dll
15:00:43.0147 3324 SCPolicySvc - ok
15:00:43.0194 3324 [ 7B48CFF3A475FE849DEA65EC4D35C425 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
15:00:43.0240 3324 sdbus - ok
15:00:43.0287 3324 [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:00:43.0318 3324 SDRSVC - ok
15:00:43.0350 3324 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:00:43.0443 3324 secdrv - ok
15:00:43.0459 3324 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
15:00:43.0537 3324 seclogon - ok
15:00:43.0568 3324 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
15:00:43.0646 3324 SENS - ok
15:00:43.0693 3324 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:00:43.0755 3324 SensrSvc - ok
15:00:43.0786 3324 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:00:43.0786 3324 Serenum - ok
15:00:43.0818 3324 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:00:43.0833 3324 Serial - ok
15:00:43.0849 3324 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:00:43.0864 3324 sermouse - ok
15:00:43.0896 3324 [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv C:\Windows\system32\sessenv.dll
15:00:43.0927 3324 SessionEnv - ok
15:00:43.0974 3324 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
15:00:44.0036 3324 sffdisk - ok
15:00:44.0083 3324 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:00:44.0114 3324 sffp_mmc - ok
15:00:44.0130 3324 [ 4F1E5B0FE7C8050668DBFADE8999AEFB ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
15:00:44.0161 3324 sffp_sd - ok
15:00:44.0176 3324 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:00:44.0208 3324 sfloppy - ok
15:00:44.0239 3324 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:00:44.0301 3324 SharedAccess - ok
15:00:44.0332 3324 [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:00:44.0379 3324 ShellHWDetection - ok
15:00:44.0395 3324 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\DRIVERS\sisagp.sys
15:00:44.0410 3324 sisagp - ok
15:00:44.0426 3324 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:00:44.0442 3324 SiSRaid2 - ok
15:00:44.0457 3324 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:00:44.0473 3324 SiSRaid4 - ok
15:00:44.0504 3324 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:00:44.0551 3324 Smb - ok
15:00:44.0598 3324 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:00:44.0644 3324 SNMPTRAP - ok
15:00:44.0691 3324 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
15:00:44.0707 3324 spldr - ok
15:00:44.0785 3324 [ 49B6DD6AB3715B7A67965F17194E98A9 ] Spooler C:\Windows\System32\spoolsv.exe
15:00:44.0847 3324 Spooler - ok
15:00:44.0972 3324 [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc C:\Windows\system32\sppsvc.exe
15:00:45.0112 3324 sppsvc - ok
15:00:45.0144 3324 [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:00:45.0237 3324 sppuinotify - ok
15:00:45.0284 3324 [ 2DBEDFB1853F06110EC2AA7F3213C89F ] srv C:\Windows\system32\DRIVERS\srv.sys
15:00:45.0346 3324 srv - ok
15:00:45.0378 3324 [ DB37131D1027C50EA7EE21C8BB4536AA ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:00:45.0409 3324 srv2 - ok
15:00:45.0424 3324 [ F5980B74124DB9233B33F86FC5EBBB4F ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:00:45.0471 3324 srvnet - ok
15:00:45.0518 3324 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:00:45.0596 3324 SSDPSRV - ok
15:00:45.0627 3324 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:00:45.0705 3324 SstpSvc - ok
15:00:45.0752 3324 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:00:45.0768 3324 stexstor - ok
15:00:45.0814 3324 [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc C:\Windows\System32\wiaservc.dll
15:00:45.0892 3324 StiSvc - ok
15:00:45.0924 3324 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
15:00:45.0939 3324 swenum - ok
15:00:45.0970 3324 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
15:00:46.0048 3324 swprv - ok
15:00:46.0095 3324 [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain C:\Windows\system32\sysmain.dll
15:00:46.0220 3324 SysMain - ok
15:00:46.0236 3324 [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:00:46.0282 3324 TabletInputService - ok
15:00:46.0392 3324 [ 47CC67FA0AD6D5448D256D1343C6EC38 ] TAG_Service C:\Program Files\A1 Dashboard\A1Dashboard_Service.exe
15:00:46.0423 3324 TAG_Service - ok
15:00:46.0470 3324 [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv C:\Windows\System32\tapisrv.dll
15:00:46.0548 3324 TapiSrv - ok
15:00:46.0579 3324 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
15:00:46.0626 3324 TBS - ok
15:00:46.0704 3324 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:00:46.0797 3324 Tcpip - ok
15:00:46.0844 3324 [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:00:46.0906 3324 TCPIP6 - ok
15:00:46.0938 3324 [ E64444523ADD154F86567C469BC0B17F ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:00:46.0984 3324 tcpipreg - ok
15:00:47.0016 3324 [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:00:47.0078 3324 TDPIPE - ok
15:00:47.0125 3324 [ 7551E91EA999EE9A8E9C331D5A9C31F3 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:00:47.0187 3324 TDTCP - ok
15:00:47.0203 3324 [ CB39E896A2A83702D1737BFD402B3542 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:00:47.0265 3324 tdx - ok
15:00:47.0312 3324 [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
15:00:47.0328 3324 TermDD - ok
15:00:47.0374 3324 [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService C:\Windows\System32\termsrv.dll
15:00:47.0484 3324 TermService - ok
15:00:47.0515 3324 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
15:00:47.0562 3324 Themes - ok
15:00:47.0593 3324 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
15:00:47.0640 3324 THREADORDER - ok
15:00:47.0655 3324 tkwnteqh - ok
15:00:47.0686 3324 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
15:00:47.0733 3324 TrkWks - ok
15:00:47.0780 3324 [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:00:47.0811 3324 TrustedInstaller - ok
15:00:47.0842 3324 [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:47.0920 3324 tssecsrv - ok
15:00:47.0983 3324 [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:00:48.0030 3324 tunnel - ok
15:00:48.0076 3324 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:00:48.0092 3324 uagp35 - ok
15:00:48.0123 3324 [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:00:48.0217 3324 udfs - ok
15:00:48.0264 3324 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:00:48.0295 3324 UI0Detect - ok
15:00:48.0357 3324 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
15:00:48.0373 3324 uliagpkx - ok
15:00:48.0404 3324 [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus C:\Windows\system32\DRIVERS\umbus.sys
15:00:48.0451 3324 umbus - ok
15:00:48.0482 3324 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:00:48.0513 3324 UmPass - ok
15:00:48.0654 3324 [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:00:48.0794 3324 UNS - ok
15:00:48.0825 3324 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
15:00:48.0903 3324 upnphost - ok
15:00:48.0934 3324 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:48.0950 3324 usbccgp - ok
15:00:48.0981 3324 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:00:49.0028 3324 usbcir - ok
15:00:49.0059 3324 [ 1C333BFD60F2FED2C7AD5DAF533CB742 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
15:00:49.0106 3324 usbehci - ok
15:00:49.0153 3324 [ EE6EF93CCFA94FAE8C6AB298273D8AE2 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:00:49.0184 3324 usbhub - ok
15:00:49.0200 3324 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
15:00:49.0246 3324 usbohci - ok
15:00:49.0278 3324 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:00:49.0324 3324 usbprint - ok
15:00:49.0356 3324 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:49.0387 3324 USBSTOR - ok
15:00:49.0387 3324 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
15:00:49.0434 3324 usbuhci - ok
15:00:49.0480 3324 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:00:49.0543 3324 usbvideo - ok
15:00:49.0574 3324 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
15:00:49.0621 3324 UxSms - ok
15:00:49.0636 3324 [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc C:\Windows\system32\lsass.exe
15:00:49.0652 3324 VaultSvc - ok
15:00:49.0699 3324 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
15:00:49.0714 3324 vdrvroot - ok
15:00:49.0746 3324 [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds C:\Windows\System32\vds.exe
15:00:49.0824 3324 vds - ok
15:00:49.0839 3324 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:49.0870 3324 vga - ok
15:00:49.0886 3324 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
15:00:49.0964 3324 VgaSave - ok
15:00:50.0011 3324 [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
15:00:50.0026 3324 vhdmp - ok
15:00:50.0042 3324 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\DRIVERS\viaagp.sys
15:00:50.0058 3324 viaagp - ok
15:00:50.0073 3324 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
15:00:50.0120 3324 ViaC7 - ok
15:00:50.0151 3324 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\DRIVERS\viaide.sys
15:00:50.0167 3324 viaide - ok
15:00:50.0198 3324 [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
15:00:50.0214 3324 volmgr - ok
15:00:50.0245 3324 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:00:50.0276 3324 volmgrx - ok
15:00:50.0307 3324 [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
15:00:50.0338 3324 volsnap - ok
15:00:50.0370 3324 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:00:50.0401 3324 vsmraid - ok
15:00:50.0463 3324 [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS C:\Windows\system32\vssvc.exe
15:00:50.0557 3324 VSS - ok
15:00:50.0572 3324 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
15:00:50.0604 3324 vwifibus - ok
15:00:50.0635 3324 [ 7090D3436EEB4E7DA3373090A23448F7 ] VWiFiFlt C:\Windows\system32\DRIVERS\vwififlt.sys
15:00:50.0666 3324 VWiFiFlt - ok
15:00:50.0666 3324 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
15:00:50.0713 3324 vwifimp - ok
15:00:50.0760 3324 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
15:00:50.0806 3324 W32Time - ok
15:00:50.0822 3324 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:00:50.0822 3324 WacomPen - ok
15:00:50.0853 3324 [ 692A712062146E96D28BA0B7D75DE31B ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:00:50.0916 3324 WANARP - ok
15:00:50.0931 3324 [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:00:50.0962 3324 Wanarpv6 - ok
15:00:51.0056 3324 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:00:51.0150 3324 WatAdminSvc - ok
15:00:51.0196 3324 [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine C:\Windows\system32\wbengine.exe
15:00:51.0337 3324 wbengine - ok
15:00:51.0352 3324 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:00:51.0399 3324 WbioSrvc - ok
15:00:51.0446 3324 [ D0F88AA11EE1A62BCC6D6A8A7783CA11 ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:00:51.0508 3324 wcncsvc - ok
15:00:51.0540 3324 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:00:51.0571 3324 WcsPlugInService - ok
15:00:51.0602 3324 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:00:51.0618 3324 Wd - ok
15:00:51.0633 3324 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:00:51.0680 3324 Wdf01000 - ok
15:00:51.0696 3324 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:00:51.0742 3324 WdiServiceHost - ok
15:00:51.0758 3324 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:00:51.0789 3324 WdiSystemHost - ok
15:00:51.0836 3324 [ D87C7D2C517F82A5AB7A73E203063D9E ] WebClient C:\Windows\System32\webclnt.dll
15:00:51.0898 3324 WebClient - ok
15:00:51.0930 3324 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:00:51.0992 3324 Wecsvc - ok
15:00:51.0992 3324 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:00:52.0054 3324 wercplsupport - ok
15:00:52.0086 3324 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
15:00:52.0148 3324 WerSvc - ok
15:00:52.0210 3324 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:52.0288 3324 WfpLwf - ok
15:00:52.0320 3324 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:00:52.0335 3324 WIMMount - ok
15:00:52.0398 3324 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
15:00:52.0491 3324 WinDefend - ok
15:00:52.0491 3324 WinHttpAutoProxySvc - ok
15:00:52.0569 3324 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:00:52.0647 3324 Winmgmt - ok
15:00:52.0725 3324 [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM C:\Windows\system32\WsmSvc.dll
15:00:52.0819 3324 WinRM - ok
15:00:52.0866 3324 [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:52.0912 3324 WinUsb - ok
15:00:52.0975 3324 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
15:00:53.0053 3324 Wlansvc - ok
15:00:53.0068 3324 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:53.0084 3324 WmiAcpi - ok
15:00:53.0115 3324 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:00:53.0178 3324 wmiApSrv - ok
15:00:53.0256 3324 [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
15:00:53.0349 3324 WMPNetworkSvc - ok
15:00:53.0380 3324 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:00:53.0443 3324 WPCSvc - ok
15:00:53.0458 3324 [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:00:53.0521 3324 WPDBusEnum - ok
15:00:53.0552 3324 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:00:53.0614 3324 ws2ifsl - ok
15:00:53.0630 3324 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
15:00:53.0661 3324 wscsvc - ok
15:00:53.0661 3324 WSearch - ok
15:00:53.0755 3324 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
15:00:53.0895 3324 wuauserv - ok
15:00:53.0911 3324 [ 6F9B6C0C93232CFF47D0F72D6DB1D21E ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:00:53.0989 3324 WudfPf - ok
15:00:54.0036 3324 [ F91FF1E51FCA30B3C3981DB7D5924252 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:54.0098 3324 WUDFRd - ok
15:00:54.0129 3324 [ DDEE3682FE97037C45F4D7AB467CB8B6 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:00:54.0192 3324 wudfsvc - ok
15:00:54.0223 3324 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
15:00:54.0285 3324 WwanSvc - ok
15:00:54.0426 3324 [ 24FB8DB6D1D55E2C5D0A53DFE48E6AF8 ] Yontoo Desktop Updater C:\Program Files\Yontoo\Y2Desktop.Updater.exe
15:00:54.0441 3324 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - warning
15:00:54.0441 3324 Yontoo Desktop Updater - detected UnsignedFile.Multi.Generic (1)
15:00:54.0488 3324 ================ Scan global ===============================
15:00:54.0519 3324 [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
15:00:54.0582 3324 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
15:00:54.0597 3324 [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
15:00:54.0628 3324 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
15:00:54.0675 3324 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
15:00:54.0691 3324 [Global] - ok
15:00:54.0691 3324 ================ Scan MBR ==================================
15:00:54.0691 3324 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:00:54.0956 3324 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
15:00:54.0956 3324 \Device\Harddisk0\DR0 - detected TDSS File System (1)
15:00:54.0972 3324 [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk1\DR1
15:00:55.0159 3324 \Device\Harddisk1\DR1 - ok
15:00:55.0159 3324 ================ Scan VBR ==================================
15:00:55.0159 3324 [ 4E4FAACCFC9B0AB503031FCA80331195 ] \Device\Harddisk0\DR0\Partition1
15:00:55.0159 3324 \Device\Harddisk0\DR0\Partition1 - ok
15:00:55.0206 3324 [ 19D82606CCD617B68FB9066D5967FC6B ] \Device\Harddisk0\DR0\Partition2
15:00:55.0206 3324 \Device\Harddisk0\DR0\Partition2 - ok
15:00:55.0206 3324 [ 13E40243626253E58505B57C94C400BB ] \Device\Harddisk1\DR1\Partition1
15:00:55.0221 3324 \Device\Harddisk1\DR1\Partition1 - ok
15:00:55.0221 3324 ============================================================
15:00:55.0221 3324 Scan finished
15:00:55.0221 3324 ============================================================
15:00:55.0237 3316 Detected object count: 3
15:00:55.0237 3316 Actual detected object count: 3
15:01:12.0475 3316 atapi ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:12.0475 3316 atapi ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:12.0475 3316 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - skipped by user
15:01:12.0475 3316 Yontoo Desktop Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:01:12.0475 3316 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
15:01:12.0475 3316 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
15:01:44.0997 0308 Deinitialize success
|
|
28.06.2013, 16:50
| #10 | |
| /// TB-Ausbilder | Weißer Bildschirm Hallo, ja da liegt noch mehr im Argen... Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
__________________ cheers, Leo |
|
03.07.2013, 17:26
| #11 |
| | Weißer Bildschirm Danke für die große Hilfe, aber der "Kunde" (ein Bekannter eines Bekannten) wollte sein Notebook unbedingt wieder zurück haben. Ich hab ihn darauf hingewiesen, dass das Problem noch nicht beseitigt sei, aber er lies nicht mit sich reden. Was soll man machen, wenn jemanden nicht geholfen werden will?!  Danke vielmals und noch einen schönen Tag |
|
03.07.2013, 17:31
| #12 |
| /// TB-Ausbilder | Weißer Bildschirm Ja man kann die Leute nicht zu ihrem Glück zwingen. Danke für die Mitteilung. Du kannst dem "Kunden" ausrichten, dass sein Laptop weiterhin infiziert und unsicher ist und wohl auch bald wieder "sichtbare" Symptome auftreten werden. Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schicke mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
|
| Themen zu Weißer Bildschirm |
| .dll, acer aspire, autorun, besitzer, bildschirm, dll, error, explorer, firewall, format, ftp, geld, homepage, iexplore.exe, install.exe, logfile, microsoft, neu, notebook, problem, registry, rundll, scan, security, software, system, vista, windows, windows 7 weißer bildschirm |
Linear-Darstellung
