Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   CPU Auslastung 100% Firefox- und anschließender Systemabsturz. Vermutung: sychost.exe-Virus (https://www.trojaner-board.de/110047-cpu-auslastung-100-firefox-anschliessender-systemabsturz-vermutung-sychost-exe-virus.html)

cosinus 21.02.2012 18:55
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
[2011.03.28 13:10:17 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2012.02.14 18:38:05 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.23 16:01:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.31 14:49:50 | 000,000,931 | ---- | M] () -- C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\searchplugins\conduit.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
:Files
C:\Users\Verena\AppData\Roaming\50??
C:\Users\Verena\AppData\Roaming\xmldm
C:\Users\Verena\AppData\Roaming\kock
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

vivastern 21.02.2012 21:30
Code:
All processes killed
========== OTL ==========
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\modules folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\META-INF folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\defaults\preferences folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\defaults folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250} folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\modules folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Verena\AppData\Roaming\mozilla\Firefox\Profiles\lheuqom4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoLowDiskSpaceChecks deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2604564059-764910878-3552578447-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
========== FILES ==========
C:\Users\Verena\AppData\Roaming\5043\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5043 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5044\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5044 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5045\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5045 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5047\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5047 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5048\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5048 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5049\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5049 folder moved successfully.
C:\Users\Verena\AppData\Roaming\5050\components folder moved successfully.
C:\Users\Verena\AppData\Roaming\5050 folder moved successfully.
C:\Users\Verena\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Verena\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Verena
->Temp folder emptied: 17747200100 bytes
->Temporary Internet Files folder emptied: 87600151 bytes
->Java cache emptied: 11388679 bytes
->FireFox cache emptied: 58849563 bytes
->Google Chrome cache emptied: 110837984 bytes
->Flash cache emptied: 4990 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 866188903 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84962 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 232695720 bytes
 
Total Files Cleaned = 18.229,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.1 log created on 02212012_211728

Files\Folders moved on Reboot...
C:\Users\Verena\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Sind wir nun wieder komplett gesund ?

cosinus 21.02.2012 21:40
Zitat:
(Kaspersky Lab ZAO) -- C:\Users\Verena\Desktop\tdsskiller.exe
Was bitte hast du schon mit dem TDSS-Killer angestellt?! Log dazu?!

vivastern 21.02.2012 21:45
Oh ja... das war ein erster Versuch nach Selbstrecherche....

Code:
21:44:10.0985 3996        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
21:44:30.0844 3996        ============================================================
21:44:30.0844 3996        Current date / time: 2012/02/21 21:44:30.0844
21:44:30.0844 3996        SystemInfo:
21:44:30.0844 3996       
21:44:30.0844 3996        OS Version: 6.1.7601 ServicePack: 1.0
21:44:30.0844 3996        Product type: Workstation
21:44:30.0844 3996        ComputerName: VERENAS-PC
21:44:30.0844 3996        UserName: Verena
21:44:30.0844 3996        Windows directory: C:\Windows
21:44:30.0844 3996        System windows directory: C:\Windows
21:44:30.0844 3996        Running under WOW64
21:44:30.0844 3996        Processor architecture: Intel x64
21:44:30.0844 3996        Number of processors: 4
21:44:30.0844 3996        Page size: 0x1000
21:44:30.0844 3996        Boot type: Normal boot
21:44:30.0844 3996        ============================================================
21:44:31.0499 3996        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:44:31.0499 3996        \Device\Harddisk0\DR0:
21:44:31.0499 3996        MBR used
21:44:31.0499 3996        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:44:31.0499 3996        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F800
21:44:31.0499 3996        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983800, BlocksNum 0x19CE800
21:44:31.0499 3996        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:44:31.0577 3996        Initialize success
21:44:31.0577 3996        ============================================================

cosinus 21.02.2012 21:54
Das war wohl ein Satz mit X! :zunge:

Bitte richtig machen: Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

vivastern 21.02.2012 22:14
Code:
22:03:35.0423 4368        TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
22:03:35.0633 4368        ============================================================
22:03:35.0633 4368        Current date / time: 2012/02/21 22:03:35.0633
22:03:35.0633 4368        SystemInfo:
22:03:35.0633 4368       
22:03:35.0633 4368        OS Version: 6.1.7601 ServicePack: 1.0
22:03:35.0633 4368        Product type: Workstation
22:03:35.0633 4368        ComputerName: VERENAS-PC
22:03:35.0633 4368        UserName: Verena
22:03:35.0633 4368        Windows directory: C:\Windows
22:03:35.0633 4368        System windows directory: C:\Windows
22:03:35.0633 4368        Running under WOW64
22:03:35.0633 4368        Processor architecture: Intel x64
22:03:35.0633 4368        Number of processors: 4
22:03:35.0633 4368        Page size: 0x1000
22:03:35.0633 4368        Boot type: Normal boot
22:03:35.0633 4368        ============================================================
22:03:36.0383 4368        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:03:36.0383 4368        \Device\Harddisk0\DR0:
22:03:36.0393 4368        MBR used
22:03:36.0393 4368        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
22:03:36.0393 4368        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3891F800
22:03:36.0393 4368        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38983800, BlocksNum 0x19CE800
22:03:36.0393 4368        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
22:03:36.0473 4368        Initialize success
22:03:36.0473 4368        ============================================================
22:10:00.0503 3668        ============================================================
22:10:00.0503 3668        Scan started
22:10:00.0503 3668        Mode: Manual; SigCheck; TDLFS;
22:10:00.0503 3668        ============================================================
22:10:00.0768 3668        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:10:00.0924 3668        1394ohci - ok
22:10:00.0955 3668        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:10:01.0018 3668        ACPI - ok
22:10:01.0033 3668        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:10:01.0111 3668        AcpiPmi - ok
22:10:01.0158 3668        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:10:01.0205 3668        adp94xx - ok
22:10:01.0298 3668        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:10:01.0345 3668        adpahci - ok
22:10:01.0376 3668        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:10:01.0423 3668        adpu320 - ok
22:10:01.0470 3668        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:10:01.0548 3668        AFD - ok
22:10:01.0626 3668        AgereSoftModem  (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys
22:10:01.0735 3668        AgereSoftModem - ok
22:10:01.0782 3668        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:10:01.0813 3668        agp440 - ok
22:10:01.0844 3668        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:10:01.0876 3668        aliide - ok
22:10:01.0938 3668        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:10:01.0985 3668        amdide - ok
22:10:02.0016 3668        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:10:02.0063 3668        AmdK8 - ok
22:10:02.0094 3668        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:10:02.0156 3668        AmdPPM - ok
22:10:02.0188 3668        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:10:02.0234 3668        amdsata - ok
22:10:02.0266 3668        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:10:02.0312 3668        amdsbs - ok
22:10:02.0359 3668        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:10:02.0390 3668        amdxata - ok
22:10:02.0437 3668        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:10:02.0562 3668        AppID - ok
22:10:02.0609 3668        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:10:02.0640 3668        arc - ok
22:10:02.0656 3668        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:10:02.0702 3668        arcsas - ok
22:10:02.0734 3668        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:10:02.0843 3668        AsyncMac - ok
22:10:02.0905 3668        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:10:02.0936 3668        atapi - ok
22:10:02.0999 3668        athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
22:10:03.0108 3668        athr - ok
22:10:03.0186 3668        AtiHdmiService  (d481083348138b4933acfe95812db71c) C:\Windows\system32\drivers\AtiHdmi.sys
22:10:03.0280 3668        AtiHdmiService - ok
22:10:03.0436 3668        atikmdag        (19b5c61cb09bff2bd69e063ee54b56c3) C:\Windows\system32\DRIVERS\atikmdag.sys
22:10:03.0685 3668        atikmdag - ok
22:10:03.0779 3668        AVGIDSDriver    (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
22:10:03.0810 3668        AVGIDSDriver - ok
22:10:03.0841 3668        AVGIDSEH        (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
22:10:03.0872 3668        AVGIDSEH - ok
22:10:03.0888 3668        AVGIDSFilter    (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
22:10:03.0919 3668        AVGIDSFilter - ok
22:10:03.0950 3668        Avgldx64        (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
22:10:03.0997 3668        Avgldx64 - ok
22:10:04.0013 3668        Avgmfx64        (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
22:10:04.0044 3668        Avgmfx64 - ok
22:10:04.0075 3668        Avgrkx64        (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
22:10:04.0106 3668        Avgrkx64 - ok
22:10:04.0184 3668        Avgtdia        (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
22:10:04.0216 3668        Avgtdia - ok
22:10:04.0247 3668        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:10:04.0325 3668        b06bdrv - ok
22:10:04.0403 3668        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:10:04.0465 3668        b57nd60a - ok
22:10:04.0481 3668        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:10:04.0590 3668        Beep - ok
22:10:04.0621 3668        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:10:04.0668 3668        blbdrive - ok
22:10:04.0699 3668        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:10:04.0746 3668        bowser - ok
22:10:04.0777 3668        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:10:04.0824 3668        BrFiltLo - ok
22:10:04.0886 3668        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:10:04.0918 3668        BrFiltUp - ok
22:10:04.0949 3668        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:10:05.0011 3668        Brserid - ok
22:10:05.0042 3668        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:10:05.0089 3668        BrSerWdm - ok
22:10:05.0120 3668        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:10:05.0167 3668        BrUsbMdm - ok
22:10:05.0198 3668        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:10:05.0230 3668        BrUsbSer - ok
22:10:05.0292 3668        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:10:05.0339 3668        BTHMODEM - ok
22:10:05.0386 3668        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:10:05.0479 3668        cdfs - ok
22:10:05.0526 3668        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
22:10:05.0573 3668        cdrom - ok
22:10:05.0620 3668        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:10:05.0682 3668        circlass - ok
22:10:05.0744 3668        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:10:05.0776 3668        CLFS - ok
22:10:05.0822 3668        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:10:05.0869 3668        CmBatt - ok
22:10:05.0885 3668        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:10:05.0900 3668        cmdide - ok
22:10:05.0963 3668        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:10:06.0010 3668        CNG - ok
22:10:06.0072 3668        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:10:06.0103 3668        Compbatt - ok
22:10:06.0166 3668        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
22:10:06.0228 3668        CompositeBus - ok
22:10:06.0259 3668        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:10:06.0290 3668        crcdisk - ok
22:10:06.0337 3668        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:10:06.0446 3668        DfsC - ok
22:10:06.0462 3668        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:10:06.0556 3668        discache - ok
22:10:06.0602 3668        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:10:06.0618 3668        Disk - ok
22:10:06.0665 3668        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:10:06.0712 3668        drmkaud - ok
22:10:06.0758 3668        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:10:06.0821 3668        DXGKrnl - ok
22:10:06.0930 3668        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:10:07.0055 3668        ebdrv - ok
22:10:07.0133 3668        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:10:07.0164 3668        elxstor - ok
22:10:07.0195 3668        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:10:07.0242 3668        ErrDev - ok
22:10:07.0289 3668        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:10:07.0398 3668        exfat - ok
22:10:07.0445 3668        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:10:07.0554 3668        fastfat - ok
22:10:07.0585 3668        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:10:07.0632 3668        fdc - ok
22:10:07.0679 3668        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:10:07.0710 3668        FileInfo - ok
22:10:07.0726 3668        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:10:07.0835 3668        Filetrace - ok
22:10:07.0882 3668        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:10:07.0913 3668        flpydisk - ok
22:10:07.0960 3668        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:10:07.0991 3668        FltMgr - ok
22:10:08.0038 3668        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:10:08.0069 3668        FsDepends - ok
22:10:08.0084 3668        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
22:10:08.0116 3668        Fs_Rec - ok
22:10:08.0147 3668        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:10:08.0178 3668        fvevol - ok
22:10:08.0209 3668        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:10:08.0240 3668        gagp30kx - ok
22:10:08.0272 3668        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:10:08.0287 3668        GEARAspiWDM - ok
22:10:08.0318 3668        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:10:08.0381 3668        hcw85cir - ok
22:10:08.0443 3668        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:10:08.0490 3668        HdAudAddService - ok
22:10:08.0506 3668        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
22:10:08.0552 3668        HDAudBus - ok
22:10:08.0615 3668        HECIx64        (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
22:10:08.0630 3668        HECIx64 - ok
22:10:08.0646 3668        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:10:08.0693 3668        HidBatt - ok
22:10:08.0724 3668        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:10:08.0771 3668        HidBth - ok
22:10:08.0802 3668        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:10:08.0849 3668        HidIr - ok
22:10:08.0880 3668        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:10:08.0927 3668        HidUsb - ok
22:10:08.0989 3668        HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
22:10:09.0020 3668        HpqKbFiltr - ok
22:10:09.0083 3668        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:10:09.0098 3668        HpSAMD - ok
22:10:09.0161 3668        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:10:09.0286 3668        HTTP - ok
22:10:09.0364 3668        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:10:09.0379 3668        hwpolicy - ok
22:10:09.0410 3668        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
22:10:09.0442 3668        i8042prt - ok
22:10:09.0488 3668        iaStor          (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
22:10:09.0520 3668        iaStor - ok
22:10:09.0566 3668        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:10:09.0598 3668        iaStorV - ok
22:10:09.0754 3668        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:10:09.0972 3668        igfx - ok
22:10:10.0050 3668        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:10:10.0066 3668        iirsp - ok
22:10:10.0128 3668        IntcAzAudAddService (181e4ff75674a7105ecd0a02c35ef43a) C:\Windows\system32\drivers\RTKVHD64.sys
22:10:10.0237 3668        IntcAzAudAddService - ok
22:10:10.0284 3668        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:10:10.0300 3668        intelide - ok
22:10:10.0315 3668        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:10:10.0362 3668        intelppm - ok
22:10:10.0440 3668        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:10:10.0549 3668        IpFilterDriver - ok
22:10:10.0580 3668        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:10:10.0612 3668        IPMIDRV - ok
22:10:10.0643 3668        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:10:10.0752 3668        IPNAT - ok
22:10:10.0768 3668        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:10:10.0814 3668        IRENUM - ok
22:10:10.0877 3668        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:10:10.0892 3668        isapnp - ok
22:10:10.0939 3668        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:10:10.0970 3668        iScsiPrt - ok
22:10:10.0986 3668        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
22:10:11.0002 3668        kbdclass - ok
22:10:11.0033 3668        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:10:11.0048 3668        kbdhid - ok
22:10:11.0095 3668        kl1            (db449f50e5141458eb58e64ffac4863f) C:\Windows\system32\DRIVERS\kl1.sys
22:10:11.0126 3668        kl1 - ok
22:10:11.0158 3668        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:10:11.0189 3668        KSecDD - ok
22:10:11.0204 3668        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:10:11.0220 3668        KSecPkg - ok
22:10:11.0298 3668        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:10:11.0392 3668        ksthunk - ok
22:10:11.0423 3668        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:10:11.0516 3668        lltdio - ok
22:10:11.0563 3668        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:10:11.0594 3668        LSI_FC - ok
22:10:11.0641 3668        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:10:11.0657 3668        LSI_SAS - ok
22:10:11.0688 3668        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:10:11.0719 3668        LSI_SAS2 - ok
22:10:11.0750 3668        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:10:11.0766 3668        LSI_SCSI - ok
22:10:11.0828 3668        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:10:11.0938 3668        luafv - ok
22:10:11.0984 3668        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:10:12.0000 3668        megasas - ok
22:10:12.0031 3668        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:10:12.0062 3668        MegaSR - ok
22:10:12.0094 3668        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:10:12.0203 3668        Modem - ok
22:10:12.0234 3668        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:10:12.0281 3668        monitor - ok
22:10:12.0343 3668        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:10:12.0359 3668        mouclass - ok
22:10:12.0374 3668        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:10:12.0421 3668        mouhid - ok
22:10:12.0452 3668        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:10:12.0484 3668        mountmgr - ok
22:10:12.0530 3668        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:10:12.0562 3668        mpio - ok
22:10:12.0593 3668        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:10:12.0702 3668        mpsdrv - ok
22:10:12.0780 3668        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:10:12.0874 3668        MRxDAV - ok
22:10:12.0920 3668        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:10:12.0967 3668        mrxsmb - ok
22:10:13.0045 3668        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:10:13.0092 3668        mrxsmb10 - ok
22:10:13.0123 3668        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:10:13.0154 3668        mrxsmb20 - ok
22:10:13.0186 3668        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:10:13.0201 3668        msahci - ok
22:10:13.0248 3668        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:10:13.0279 3668        msdsm - ok
22:10:13.0326 3668        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:10:13.0420 3668        Msfs - ok
22:10:13.0435 3668        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:10:13.0529 3668        mshidkmdf - ok
22:10:13.0607 3668        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:10:13.0622 3668        msisadrv - ok
22:10:13.0654 3668        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:10:13.0747 3668        MSKSSRV - ok
22:10:13.0778 3668        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:10:13.0888 3668        MSPCLOCK - ok
22:10:13.0934 3668        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:10:14.0044 3668        MSPQM - ok
22:10:14.0075 3668        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:10:14.0122 3668        MsRPC - ok
22:10:14.0184 3668        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
22:10:14.0215 3668        mssmbios - ok
22:10:14.0231 3668        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:10:14.0324 3668        MSTEE - ok
22:10:14.0356 3668        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:10:14.0402 3668        MTConfig - ok
22:10:14.0449 3668        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:10:14.0465 3668        Mup - ok
22:10:14.0496 3668        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:10:14.0558 3668        NativeWifiP - ok
22:10:14.0652 3668        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:10:14.0714 3668        NDIS - ok
22:10:14.0730 3668        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:10:14.0824 3668        NdisCap - ok
22:10:14.0870 3668        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:10:14.0964 3668        NdisTapi - ok
22:10:14.0995 3668        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:10:15.0104 3668        Ndisuio - ok
22:10:15.0167 3668        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:10:15.0260 3668        NdisWan - ok
22:10:15.0323 3668        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:10:15.0416 3668        NDProxy - ok
22:10:15.0463 3668        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:10:15.0572 3668        NetBIOS - ok
22:10:15.0604 3668        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:10:15.0713 3668        NetBT - ok
22:10:15.0900 3668        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
22:10:16.0103 3668        netw5v64 - ok
22:10:16.0181 3668        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:10:16.0196 3668        nfrd960 - ok
22:10:16.0228 3668        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:10:16.0337 3668        Npfs - ok
22:10:16.0368 3668        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:10:16.0462 3668        nsiproxy - ok
22:10:16.0524 3668        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:10:16.0618 3668        Ntfs - ok
22:10:16.0680 3668        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:10:16.0789 3668        Null - ok
22:10:16.0836 3668        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:10:16.0867 3668        nvraid - ok
22:10:16.0883 3668        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:10:16.0898 3668        nvstor - ok
22:10:16.0930 3668        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:10:16.0945 3668        nv_agp - ok
22:10:16.0976 3668        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:10:17.0023 3668        ohci1394 - ok
22:10:17.0054 3668        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:10:17.0086 3668        Parport - ok
22:10:17.0148 3668        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
22:10:17.0179 3668        partmgr - ok
22:10:17.0226 3668        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:10:17.0257 3668        pci - ok
22:10:17.0273 3668        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:10:17.0288 3668        pciide - ok
22:10:17.0320 3668        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:10:17.0351 3668        pcmcia - ok
22:10:17.0382 3668        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:10:17.0398 3668        pcw - ok
22:10:17.0429 3668        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:10:17.0554 3668        PEAUTH - ok
22:10:17.0725 3668        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:10:17.0819 3668        PptpMiniport - ok
22:10:17.0866 3668        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:10:17.0897 3668        Processor - ok
22:10:17.0944 3668        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:10:18.0053 3668        Psched - ok
22:10:18.0146 3668        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:10:18.0224 3668        ql2300 - ok
22:10:18.0271 3668        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:10:18.0287 3668        ql40xx - ok
22:10:18.0334 3668        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:10:18.0380 3668        QWAVEdrv - ok
22:10:18.0427 3668        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:10:18.0521 3668        RasAcd - ok
22:10:18.0552 3668        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:10:18.0646 3668        RasAgileVpn - ok
22:10:18.0677 3668        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:10:18.0786 3668        Rasl2tp - ok
22:10:18.0833 3668        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:10:18.0926 3668        RasPppoe - ok
22:10:18.0942 3668        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:10:19.0036 3668        RasSstp - ok
22:10:19.0067 3668        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:10:19.0160 3668        rdbss - ok
22:10:19.0223 3668        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:10:19.0254 3668        rdpbus - ok
22:10:19.0285 3668        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:10:19.0394 3668        RDPCDD - ok
22:10:19.0426 3668        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:10:19.0519 3668        RDPENCDD - ok
22:10:19.0566 3668        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:10:19.0660 3668        RDPREFMP - ok
22:10:19.0691 3668        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
22:10:19.0800 3668        RDPWD - ok
22:10:19.0862 3668        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:10:19.0894 3668        rdyboost - ok
22:10:19.0972 3668        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:10:20.0065 3668        rspndr - ok
22:10:20.0096 3668        RSUSBSTOR      (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\system32\Drivers\RtsUStor.sys
22:10:20.0143 3668        RSUSBSTOR - ok
22:10:20.0190 3668        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
22:10:20.0221 3668        RTL8167 - ok
22:10:20.0284 3668        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:10:20.0299 3668        sbp2port - ok
22:10:20.0362 3668        SBRE            (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys
22:10:20.0377 3668        SBRE - ok
22:10:20.0408 3668        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:10:20.0518 3668        scfilter - ok
22:10:20.0549 3668        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
22:10:20.0596 3668        sdbus - ok
22:10:20.0642 3668        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:10:20.0736 3668        secdrv - ok
22:10:20.0798 3668        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:10:20.0814 3668        Serenum - ok
22:10:20.0861 3668        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:10:20.0892 3668        Serial - ok
22:10:20.0939 3668        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:10:20.0970 3668        sermouse - ok
22:10:21.0017 3668        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:10:21.0064 3668        sffdisk - ok
22:10:21.0095 3668        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:10:21.0126 3668        sffp_mmc - ok
22:10:21.0157 3668        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:10:21.0220 3668        sffp_sd - ok
22:10:21.0266 3668        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:10:21.0298 3668        sfloppy - ok
22:10:21.0360 3668        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:10:21.0376 3668        SiSRaid2 - ok
22:10:21.0391 3668        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:10:21.0407 3668        SiSRaid4 - ok
22:10:21.0438 3668        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:10:21.0547 3668        Smb - ok
22:10:21.0610 3668        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:10:21.0625 3668        spldr - ok
22:10:21.0688 3668        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:10:21.0750 3668        srv - ok
22:10:21.0797 3668        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:10:21.0844 3668        srv2 - ok
22:10:21.0906 3668        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
22:10:21.0968 3668        SrvHsfHDA - ok
22:10:22.0015 3668        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
22:10:22.0093 3668        SrvHsfV92 - ok
22:10:22.0187 3668        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
22:10:22.0234 3668        SrvHsfWinac - ok
22:10:22.0265 3668        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:10:22.0312 3668        srvnet - ok
22:10:22.0358 3668        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:10:22.0374 3668        stexstor - ok
22:10:22.0421 3668        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
22:10:22.0436 3668        swenum - ok
22:10:22.0514 3668        SynTP          (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
22:10:22.0546 3668        SynTP - ok
22:10:22.0639 3668        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
22:10:22.0733 3668        Tcpip - ok
22:10:22.0780 3668        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
22:10:22.0858 3668        TCPIP6 - ok
22:10:22.0889 3668        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:10:22.0982 3668        tcpipreg - ok
22:10:23.0060 3668        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:10:23.0154 3668        TDPIPE - ok
22:10:23.0170 3668        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
22:10:23.0279 3668        TDTCP - ok
22:10:23.0310 3668        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:10:23.0404 3668        tdx - ok
22:10:23.0435 3668        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
22:10:23.0466 3668        TermDD - ok
22:10:23.0528 3668        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:10:23.0606 3668        tssecsrv - ok
22:10:23.0653 3668        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:10:23.0700 3668        TsUsbFlt - ok
22:10:23.0778 3668        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:10:23.0872 3668        tunnel - ok
22:10:23.0903 3668        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:10:23.0934 3668        uagp35 - ok
22:10:23.0981 3668        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:10:24.0090 3668        udfs - ok
22:10:24.0137 3668        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:10:24.0152 3668        uliagpkx - ok
22:10:24.0199 3668        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
22:10:24.0246 3668        umbus - ok
22:10:24.0324 3668        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:10:24.0371 3668        UmPass - ok
22:10:24.0402 3668        USBAAPL64      (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
22:10:24.0402 3668        USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
22:10:24.0402 3668        USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
22:10:24.0433 3668        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:10:24.0480 3668        usbccgp - ok
22:10:24.0527 3668        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:10:24.0574 3668        usbcir - ok
22:10:24.0636 3668        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
22:10:24.0683 3668        usbehci - ok
22:10:24.0714 3668        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:10:24.0761 3668        usbhub - ok
22:10:24.0792 3668        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:10:24.0839 3668        usbohci - ok
22:10:24.0870 3668        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:10:24.0901 3668        usbprint - ok
22:10:24.0917 3668        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:10:24.0979 3668        USBSTOR - ok
22:10:25.0010 3668        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:10:25.0042 3668        usbuhci - ok
22:10:25.0120 3668        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
22:10:25.0151 3668        usbvideo - ok
22:10:25.0182 3668        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:10:25.0198 3668        vdrvroot - ok
22:10:25.0244 3668        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:10:25.0276 3668        vga - ok
22:10:25.0307 3668        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:10:25.0400 3668        VgaSave - ok
22:10:25.0432 3668        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:10:25.0463 3668        vhdmp - ok
22:10:25.0494 3668        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:10:25.0510 3668        viaide - ok
22:10:25.0525 3668        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:10:25.0541 3668        volmgr - ok
22:10:25.0588 3668        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:10:25.0619 3668        volmgrx - ok
22:10:25.0697 3668        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:10:25.0728 3668        volsnap - ok
22:10:25.0759 3668        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:10:25.0790 3668        vsmraid - ok
22:10:25.0837 3668        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:10:25.0884 3668        vwifibus - ok
22:10:25.0915 3668        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:10:25.0978 3668        vwififlt - ok
22:10:26.0009 3668        vwifimp        (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:10:26.0040 3668        vwifimp - ok
22:10:26.0118 3668        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:10:26.0149 3668        WacomPen - ok
22:10:26.0196 3668        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:26.0290 3668        WANARP - ok
22:10:26.0305 3668        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:10:26.0383 3668        Wanarpv6 - ok
22:10:26.0414 3668        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:10:26.0446 3668        Wd - ok
22:10:26.0477 3668        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:10:26.0524 3668        Wdf01000 - ok
22:10:26.0586 3668        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:10:26.0680 3668        WfpLwf - ok
22:10:26.0695 3668        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:10:26.0711 3668        WIMMount - ok
22:10:26.0773 3668        WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
22:10:26.0820 3668        WinUsb - ok
22:10:26.0867 3668        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:10:26.0914 3668        WmiAcpi - ok
22:10:26.0945 3668        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:10:27.0038 3668        ws2ifsl - ok
22:10:27.0148 3668        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:10:27.0226 3668        WudfPf - ok
22:10:27.0257 3668        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:10:27.0366 3668        WUDFRd - ok
22:10:27.0397 3668        yukonw7        (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
22:10:27.0460 3668        yukonw7 - ok
22:10:27.0491 3668        MBR (0x1B8)    (8f84284b2c573e8e1ee0154eacdd9701) \Device\Harddisk0\DR0
22:10:27.0569 3668        \Device\Harddisk0\DR0 - ok
22:10:27.0600 3668        Boot (0x1200)  (f190c2bfc5ca3e250c672d8bfbe22fe4) \Device\Harddisk0\DR0\Partition0
22:10:27.0600 3668        \Device\Harddisk0\DR0\Partition0 - ok
22:10:27.0616 3668        Boot (0x1200)  (410374bc44f434db1c134a8f959aaea6) \Device\Harddisk0\DR0\Partition1
22:10:27.0616 3668        \Device\Harddisk0\DR0\Partition1 - ok
22:10:27.0631 3668        Boot (0x1200)  (8c8b5b4d378d61089f55fad0b8e74c91) \Device\Harddisk0\DR0\Partition2
22:10:27.0631 3668        \Device\Harddisk0\DR0\Partition2 - ok
22:10:27.0662 3668        Boot (0x1200)  (0ddba10283d57d84270920fcde989bd6) \Device\Harddisk0\DR0\Partition3
22:10:27.0662 3668        \Device\Harddisk0\DR0\Partition3 - ok
22:10:27.0662 3668        ============================================================
22:10:27.0662 3668        Scan finished
22:10:27.0662 3668        ============================================================
22:10:27.0678 4284        Detected object count: 1
22:10:27.0678 4284        Actual detected object count: 1
22:11:57.0659 4284        USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
22:11:57.0659 4284        USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.02.2012 11:34
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

vivastern 22.02.2012 13:30
Zitat:
Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter
Lieber Arne, wie schon zweimal von mir gefragt:

?Wie deaktiviere ich den AVG richtig? Denn ich scheine es nur zu schaffen, die Benutzeroberfläche zu beenden und ComboFix hat nochmal extra gewarnt, dass AVG aktiv ist. Bitte gib mir doch nen Tipp. Danke!

cosinus 22.02.2012 15:12
Das Nutzen einer Suchmaschine ist nicht verboten! => AVG - Temporäres Deaktivieren von AVG | Häufig gestellte Fragen

vivastern 22.02.2012 16:40
Er scheint durch zu sein. Nur zeigt er seit mind. 30 Minuten an:
Zitat:
Fast fertig..dieses Fenster wird sich in Kürze schließen. Bitte warte ein paar Sekunden, damit das log geöffnet werden kann.
Das mit den Anwendungen und der Fehlermeldung ist eingetroffen. Soll ich also nun lieber warten oder neu starten?

vivastern 22.02.2012 17:57
Danke!
Habs geschafft...
Code:
ComboFix 12-02-22.01 - Verena 22.02.2012  15:19:28.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3958.2596 [GMT 1:00]
ausgeführt von:: C:\Users\Verena\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Install.exe
C:\Users\Verena\AppData\Roaming\AcroIEHelpe.txt
C:\Users\Verena\AppData\Roaming\srvblck2.tmp


(((((((((((((((((((((((  Dateien erstellt von 2012-01-22 bis 2012-02-22  ))))))))))))))))))))))))))))))


2012-02-22 14:31:13 . 2012-02-22 14:31:13        --------        d-----w-        C:\Users\Default\AppData\Local\temp
2012-02-21 20:17:28 . 2012-02-21 20:17:28        --------        d-----w-        C:\_OTL
2012-02-20 14:00:37 . 2012-02-20 14:00:37        --------        d-----w-        C:\Program Files (x86)\ESET
2012-02-18 13:15:30 . 2012-02-18 13:15:30        --------        d-----w-        C:\$AVG
2012-02-17 17:37:25 . 2012-02-17 17:37:25        --------        d-----w-        C:\Users\Verena\AppData\Roaming\AVG2012
2012-02-17 17:36:30 . 2012-02-17 17:36:36        --------        d-----w-        C:\ProgramData\AVG Secure Search
2012-02-17 17:36:30 . 2012-02-17 17:36:30        --------        d-----w-        C:\Program Files (x86)\Common Files\AVG Secure Search
2012-02-17 17:36:29 . 2012-02-17 17:36:35        --------        d-----w-        C:\Program Files (x86)\AVG Secure Search
2012-02-17 17:35:56 . 2012-02-22 09:58:49        --------        d-----w-        C:\Windows\system32\drivers\AVG
2012-02-17 17:35:56 . 2012-02-17 17:38:00        --------        d-----w-        C:\ProgramData\AVG2012
2012-02-17 17:34:08 . 2012-02-22 09:58:54        --------        d-----w-        C:\ProgramData\MFAData
2012-02-17 17:13:47 . 2012-01-17 03:39:42        8602168        ----a-w-        C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FD8C83BD-DC18-48B5-843B-C42DBBAFD1E7}\mpengine.dll
2012-02-17 11:45:15 . 2012-02-17 11:45:15        --------        d-----w-        C:\Users\Verena\AppData\Roaming\Malwarebytes
2012-02-17 11:44:57 . 2012-02-17 11:44:57        --------        d-----w-        C:\ProgramData\Malwarebytes
2012-02-17 11:44:56 . 2012-02-17 11:45:00        --------        d-----w-        C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-17 11:44:56 . 2011-12-10 14:24:08        23152        ----a-w-        C:\Windows\system32\drivers\mbam.sys
2012-02-16 09:16:54 . 2011-12-28 03:59:24        498688        ----a-w-        C:\Windows\system32\drivers\afd.sys
2012-02-16 09:16:54 . 2011-12-16 08:46:06        634880        ----a-w-        C:\Windows\system32\msvcrt.dll
2012-02-16 09:16:53 . 2011-12-16 07:52:58        690688        ----a-w-        C:\Windows\SysWow64\msvcrt.dll
2012-02-16 09:15:02 . 2012-01-14 04:06:27        3145728        ----a-w-        C:\Windows\system32\win32k.sys
2012-02-01 12:24:39 . 2012-02-01 12:24:39        --------        d-----w-        C:\Program Files (x86)\Audiograbber
.


((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-01-29 04:10:42 . 2010-07-01 12:03:58        279656        ------w-        C:\Windows\system32\MpSigStub.exe
2012-01-10 22:21:10 . 2011-05-13 07:53:17        414368        ----a-w-        C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 00:48:42 . 2012-01-04 00:48:42        354176        ----a-w-        C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-11-30 12:50:41 . 2009-07-14 02:36:51        175616        ----a-w-        C:\Windows\system32\msclmd.dll
2011-11-30 12:50:41 . 2009-07-14 02:36:51        152576        ----a-w-        C:\Windows\SysWow64\msclmd.dll


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-17 17:36:29        1811296        ----a-w-        C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "C:\Program Files (x86)\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-17 17:36:29 1811296]

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        94208        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        94208        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        94208        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 10:45:28 2741616]
"HPADVISOR"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 14:26:44 1685048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-24 19:24:38 98304]
"Easybits Recovery"="C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe" [2009-09-02 10:00:00 60464]
"QlbCtrl.exe"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 13:19:48 323640]
"WirelessAssistant"="C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 07:04:24 500792]
"PCMAgent"="C:\Program Files (x86)\CyberLink\PowerCinema\PCMAgent.exe" [2009-09-16 09:34:02 148776]
"CLMLServer"="C:\Program Files (x86)\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2009-09-16 09:34:20 202024]
"PlayMovie"="C:\Program Files (x86)\CyberLink\PlayMovie\PMVService.exe" [2009-09-08 16:07:24 177384]
"TVEService"="C:\Program Files (x86)\CyberLink\TV Enhance\TVEService.exe" [2009-09-29 15:56:04 226536]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 07:37:53 843712]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 12:06:06 254696]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 01:41:12 49208]
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 16:24:26 2416480]
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" [2012-02-17 17:36:30 939872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA&inst=NwA3AC0AMwA1ADgAOQA1ADgAMAAzADkALQBGAEwAKwA5AC0ARgA5AE0ANgArADEALQBYAE8AMwA2ACsAMQAtAEYAOQBNADcAQwArADUALQBYAE8AOQArADEALQBGADkATQAzACsAMQAtAEQARABUACsAMgA4ADEANgA1AC0ARABEADkAMABGACsAMQAtAFMAVAA5ADAARgBBAFAAUAArADEALQBGAFUASQArADIA&prod=90&ver=9.0.894" [?]

C:\Users\Verena\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Verena\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 12:27:14 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 13:21:32 227896]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys [2009-09-23 01:39:00 225280]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys [x]
S0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys [x]
S1 SBRE;SBRE;C:\Windows\system32\drivers\SBREdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 02:14:26 98208]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 05:25:22 4433248]
S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 05:09:08 192776]
S2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe [2009-07-14 01:39:46 27136]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVECapSvc.exe [2009-09-29 15:56:26 464224]
S2 TVESched;TVEnhance Task Scheduler (TTS));C:\Program Files (x86)\CyberLink\TV Enhance\Kernel\TV\TVESched.exe [2009-09-29 15:56:26 189792]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 04:01:32 2320920]
S2 vToolbarUpdater;vToolbarUpdater;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [2012-02-17 17:36:30 909152]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [x]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - WS2IFSL

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29:54        451872        ----a-w-        C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Inhalt des "geplante Tasks" Ordners

2012-02-18 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604564059-764910878-3552578447-1001Core.job
- C:\Users\Verena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 09:28:35 . 2010-09-09 09:28:32]

2012-02-22 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2604564059-764910878-3552578447-1001UA.job
- C:\Users\Verena\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-09 09:28:35 . 2010-09-09 09:28:32]

2012-02-17 C:\Windows\Tasks\HPCeeScheduleForVerena.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22:28 . 2009-10-07 03:22:28]


--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        97792        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        97792        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20        97792        ----a-w-        C:\Users\Verena\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2009-12-22 19:32:18 5977600]
"RtkOSD"="C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2009-10-13 18:33:00 995840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: Free YouTube to Mp3 Converter - C:\Users\Verena\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - C:\Users\Verena\AppData\Roaming\Mozilla\Firefox\Profiles\lheuqom4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B9403eeb4-0520-49ea-b0c1-62b1eb9e3793%7D&mid=5b0d75e38c0da276cb56abf84b374079-831f635ca31915cbf27df9f3e079de75575703db&ds=AVG&v=10.0.0.7&lang=de&pr=fr&d=2012-02-17%2018%3A36%3A31&sap=ku&q=

- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - C:\Windows\system32\ezMDUninstall.exe

cosinus 22.02.2012 19:51
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

vivastern 23.02.2012 09:55
Sorry, hab beim ersten Scan nicht auf die success-Nachricht gewartet....also hier dann beide logs:

Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 09:22:46
-----------------------------
09:22:46.312    OS Version: Windows x64 6.1.7601 Service Pack 1
09:22:46.312    Number of processors: 4 586 0x2502
09:22:46.312    ComputerName: VERENAS-PC  UserName: Verena
09:22:47.794    Initialize success
09:23:42.733    AVAST engine defs: 12022201
09:24:47.333    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:24:47.349    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
09:24:47.364    Disk 0 MBR read successfully
09:24:47.364    Disk 0 MBR scan
09:24:47.364    Disk 0 unknown MBR code
09:24:47.380    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:24:47.396    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463423 MB offset 409600
09:24:47.427    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13213 MB offset 949499904
09:24:47.458    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
09:24:47.505    Disk 0 scanning C:\Windows\system32\drivers
09:24:58.628    Service scanning
09:25:38.704    Modules scanning
09:25:38.720    Disk 0 trace - called modules:
09:25:39.234    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:25:39.250    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
09:25:39.250    3 CLASSPNP.SYS[fffff8800110b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494c050]
09:25:40.451    AVAST engine scan C:\Windows
09:25:44.226    AVAST engine scan C:\Windows\system32
09:29:26.995    AVAST engine scan C:\Windows\system32\drivers
09:29:45.450    AVAST engine scan C:\Users\Verena
09:33:31.447    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
09:33:31.463    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR.txt"
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 09:36:17
-----------------------------
09:36:17.373    OS Version: Windows x64 6.1.7601 Service Pack 1
09:36:17.373    Number of processors: 4 586 0x2502
09:36:17.373    ComputerName: VERENAS-PC  UserName: Verena
09:36:18.917    Initialize success
09:36:26.608    AVAST engine defs: 12022201
09:36:33.971    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
09:36:33.971    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
09:36:34.002    Disk 0 MBR read successfully
09:36:34.002    Disk 0 MBR scan
09:36:34.018    Disk 0 unknown MBR code
09:36:34.018    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
09:36:34.049    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463423 MB offset 409600
09:36:34.080    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13213 MB offset 949499904
09:36:34.096    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
09:36:34.143    Disk 0 scanning C:\Windows\system32\drivers
09:36:49.056    Service scanning
09:37:16.185    Modules scanning
09:37:16.200    Disk 0 trace - called modules:
09:37:16.731    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
09:37:16.731    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c02060]
09:37:16.746    3 CLASSPNP.SYS[fffff8800110b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800494c050]
09:37:18.197    AVAST engine scan C:\Windows
09:37:23.111    AVAST engine scan C:\Windows\system32
09:40:41.840    AVAST engine scan C:\Windows\system32\drivers
09:40:56.972    AVAST engine scan C:\Users\Verena
09:46:29.238    AVAST engine scan C:\ProgramData
09:47:16.521    Scan finished successfully
09:48:17.580    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
09:48:17.595    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR2.txt"

cosinus 23.02.2012 12:54
MBR ist immer noch unbekannt. Bitte wiederholen

vivastern 23.02.2012 19:42
Soweit ich das sehen kann, hat sich leider nichts verändert....außer, dass es einen Absturz gab, als ich das Programm hab laufen lassen...
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-23 18:50:40
-----------------------------
18:50:40.400    OS Version: Windows x64 6.1.7601 Service Pack 1
18:50:40.400    Number of processors: 4 586 0x2502
18:50:40.400    ComputerName: VERENAS-PC  UserName: Verena
18:50:41.663    Initialize success
18:50:53.082    AVAST engine defs: 12022201
18:51:01.850    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:51:01.850    Disk 0 Vendor: Hitachi_ PC4O Size: 476940MB BusType: 3
18:51:01.865    Disk 0 MBR read successfully
18:51:01.881    Disk 0 MBR scan
18:51:01.881    Disk 0 unknown MBR code
18:51:01.896    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
18:51:01.943    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463423 MB offset 409600
18:51:01.990    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13213 MB offset 949499904
18:51:02.006    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
18:51:02.052    Disk 0 scanning C:\Windows\system32\drivers
18:51:13.924    Service scanning
18:51:47.620    Modules scanning
18:51:47.636    Disk 0 trace - called modules:
18:51:48.166    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
18:51:48.166    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bf9060]
18:51:48.182    3 CLASSPNP.SYS[fffff8800115243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004978050]
18:51:49.289    AVAST engine scan C:\Windows
18:51:52.612    AVAST engine scan C:\Windows\system32
19:07:13.419    AVAST engine scan C:\Windows\system32\drivers
19:08:42.948    AVAST engine scan C:\Users\Verena
19:18:11.569    AVAST engine scan C:\ProgramData
19:19:33.126    Scan finished successfully
19:39:16.341    Disk 0 MBR has been saved successfully to "C:\Users\Verena\Desktop\MBR.dat"
19:39:16.341    The log file has been saved successfully to "C:\Users\Verena\Desktop\aswMBR3.txt"


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:35 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22