Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   WOW Account wurde gehackt! (https://www.trojaner-board.de/112169-wow-account-wurde-gehackt.html)

cosinus 27.03.2012 12:36
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2778666861-3271568079-1176199834-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\ASSETUP.exe
:Files
C:\found.0??
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Engelchen1 27.03.2012 12:50
Die Daten vom OTL-Fix:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_USERS\S-1-5-21-2778666861-3271568079-1176199834-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807386e9-4c76-11e1-8f69-806e6f6e6963}\ not found.
File D:\.\Bin\ASSETUP.exe not found.
========== FILES ==========
C:\found.000\dir0000.chk\{6b81c248-9ebd-4693-ad30-338acce4c9e8} folder moved successfully.
C:\found.000\dir0000.chk folder moved successfully.
C:\found.000 folder moved successfully.
C:\found.001\dir0000.chk folder moved successfully.
C:\found.001 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Micha
->Temp folder emptied: 679991304 bytes
->Temporary Internet Files folder emptied: 453237039 bytes
->Java cache emptied: 1245488 bytes
->FireFox cache emptied: 20616416 bytes
->Google Chrome cache emptied: 7670993 bytes
->Flash cache emptied: 25895 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 503152 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 116937026 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 558 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.221,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 03272012_134527

Files\Folders moved on Reboot...
C:\Users\Micha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 27.03.2012 13:42
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Engelchen1 27.03.2012 14:02
Hier die TDSS-Killer logs:

Code:
14:59:10.0408 4892        TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
14:59:10.0518 4892        ============================================================
14:59:10.0518 4892        Current date / time: 2012/03/27 14:59:10.0518
14:59:10.0518 4892        SystemInfo:
14:59:10.0518 4892       
14:59:10.0518 4892        OS Version: 6.1.7601 ServicePack: 1.0
14:59:10.0518 4892        Product type: Workstation
14:59:10.0518 4892        ComputerName: MICHA-PC
14:59:10.0518 4892        UserName: Micha
14:59:10.0518 4892        Windows directory: C:\Windows
14:59:10.0518 4892        System windows directory: C:\Windows
14:59:10.0518 4892        Running under WOW64
14:59:10.0518 4892        Processor architecture: Intel x64
14:59:10.0518 4892        Number of processors: 6
14:59:10.0518 4892        Page size: 0x1000
14:59:10.0518 4892        Boot type: Normal boot
14:59:10.0518 4892        ============================================================
14:59:10.0783 4892        Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:59:10.0798 4892        \Device\Harddisk0\DR0:
14:59:10.0798 4892        MBR used
14:59:10.0798 4892        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x48E572B0
14:59:10.0814 4892        Initialize success
14:59:10.0814 4892        ============================================================
15:00:12.0400 3336        ============================================================
15:00:12.0400 3336        Scan started
15:00:12.0400 3336        Mode: Manual; SigCheck; TDLFS;
15:00:12.0400 3336        ============================================================
15:00:12.0821 3336        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:00:12.0930 3336        1394ohci - ok
15:00:12.0977 3336        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:00:12.0993 3336        ACPI - ok
15:00:13.0008 3336        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:00:13.0039 3336        AcpiPmi - ok
15:00:13.0071 3336        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:00:13.0086 3336        adp94xx - ok
15:00:13.0117 3336        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:00:13.0133 3336        adpahci - ok
15:00:13.0164 3336        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:00:13.0180 3336        adpu320 - ok
15:00:13.0227 3336        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:00:13.0414 3336        AeLookupSvc - ok
15:00:13.0476 3336        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:00:13.0554 3336        AFD - ok
15:00:13.0632 3336        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:00:13.0648 3336        agp440 - ok
15:00:13.0663 3336        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:00:13.0695 3336        ALG - ok
15:00:13.0710 3336        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:00:13.0726 3336        aliide - ok
15:00:13.0804 3336        AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe
15:00:13.0897 3336        AMD External Events Utility - ok
15:00:13.0944 3336        AMD FUEL Service - ok
15:00:13.0975 3336        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:00:13.0991 3336        amdide - ok
15:00:14.0007 3336        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
15:00:14.0053 3336        amdiox64 - ok
15:00:14.0069 3336        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:00:14.0100 3336        AmdK8 - ok
15:00:14.0303 3336        amdkmdag        (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:00:14.0553 3336        amdkmdag - ok
15:00:14.0584 3336        amdkmdap        (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys
15:00:14.0631 3336        amdkmdap - ok
15:00:14.0677 3336        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:00:14.0724 3336        AmdPPM - ok
15:00:14.0771 3336        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:00:14.0787 3336        amdsata - ok
15:00:14.0818 3336        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:00:14.0833 3336        amdsbs - ok
15:00:14.0849 3336        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:00:14.0865 3336        amdxata - ok
15:00:14.0880 3336        amd_sata        (2fbb00a7616106b95104574c6cd640c2) C:\Windows\system32\DRIVERS\amd_sata.sys
15:00:14.0896 3336        amd_sata - ok
15:00:14.0911 3336        amd_xata        (87d0d7645cb0d53220649bd5fe15d93e) C:\Windows\system32\DRIVERS\amd_xata.sys
15:00:14.0927 3336        amd_xata - ok
15:00:14.0974 3336        AODDriver4.01  (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:00:14.0989 3336        AODDriver4.01 - ok
15:00:15.0005 3336        AODDriver4.1    (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
15:00:15.0021 3336        AODDriver4.1 - ok
15:00:15.0052 3336        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:00:15.0099 3336        AppID - ok
15:00:15.0130 3336        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:00:15.0192 3336        AppIDSvc - ok
15:00:15.0208 3336        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:00:15.0286 3336        Appinfo - ok
15:00:15.0301 3336        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:00:15.0317 3336        arc - ok
15:00:15.0317 3336        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:00:15.0333 3336        arcsas - ok
15:00:15.0379 3336        asmthub3        (954950d11ada98ac1b7ee3c770e4622c) C:\Windows\system32\DRIVERS\asmthub3.sys
15:00:15.0379 3336        asmthub3 - ok
15:00:15.0426 3336        asmtxhci        (01dbb05db1db95803e3c9f2b49afe79c) C:\Windows\system32\DRIVERS\asmtxhci.sys
15:00:15.0457 3336        asmtxhci - ok
15:00:15.0473 3336        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:00:15.0535 3336        AsyncMac - ok
15:00:15.0567 3336        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:00:15.0582 3336        atapi - ok
15:00:15.0629 3336        AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys
15:00:15.0645 3336        AtiHDAudioService - ok
15:00:15.0676 3336        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:00:15.0754 3336        AudioEndpointBuilder - ok
15:00:15.0769 3336        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:00:15.0801 3336        AudioSrv - ok
15:00:16.0003 3336        AVP            (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
15:00:16.0019 3336        AVP - ok
15:00:16.0066 3336        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:00:16.0113 3336        AxInstSV - ok
15:00:16.0159 3336        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:00:16.0191 3336        b06bdrv - ok
15:00:16.0222 3336        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:00:16.0284 3336        b57nd60a - ok
15:00:16.0300 3336        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:00:16.0347 3336        BDESVC - ok
15:00:16.0362 3336        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:00:16.0440 3336        Beep - ok
15:00:16.0487 3336        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:00:16.0549 3336        BFE - ok
15:00:16.0690 3336        BHDrvx64        (95da658498248d5832aa240850706150) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys
15:00:16.0721 3336        BHDrvx64 - ok
15:00:16.0752 3336        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:00:16.0830 3336        BITS - ok
15:00:16.0861 3336        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:00:16.0908 3336        blbdrive - ok
15:00:16.0955 3336        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:00:17.0002 3336        bowser - ok
15:00:17.0033 3336        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:00:17.0064 3336        BrFiltLo - ok
15:00:17.0080 3336        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:00:17.0111 3336        BrFiltUp - ok
15:00:17.0158 3336        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:00:17.0220 3336        Browser - ok
15:00:17.0251 3336        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:00:17.0283 3336        Brserid - ok
15:00:17.0298 3336        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:00:17.0329 3336        BrSerWdm - ok
15:00:17.0345 3336        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:00:17.0361 3336        BrUsbMdm - ok
15:00:17.0392 3336        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:00:17.0392 3336        BrUsbSer - ok
15:00:17.0407 3336        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:00:17.0423 3336        BTHMODEM - ok
15:00:17.0454 3336        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:00:17.0485 3336        bthserv - ok
15:00:17.0501 3336        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:00:17.0548 3336        cdfs - ok
15:00:17.0579 3336        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:00:17.0595 3336        cdrom - ok
15:00:17.0626 3336        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:17.0673 3336        CertPropSvc - ok
15:00:17.0704 3336        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:00:17.0719 3336        circlass - ok
15:00:17.0735 3336        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:00:17.0751 3336        CLFS - ok
15:00:17.0829 3336        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:00:17.0844 3336        clr_optimization_v2.0.50727_32 - ok
15:00:17.0891 3336        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:00:17.0907 3336        clr_optimization_v2.0.50727_64 - ok
15:00:17.0953 3336        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:00:17.0985 3336        clr_optimization_v4.0.30319_32 - ok
15:00:17.0985 3336        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:00:18.0000 3336        clr_optimization_v4.0.30319_64 - ok
15:00:18.0031 3336        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:00:18.0047 3336        CmBatt - ok
15:00:18.0078 3336        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:00:18.0078 3336        cmdide - ok
15:00:18.0109 3336        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:00:18.0156 3336        CNG - ok
15:00:18.0172 3336        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:00:18.0172 3336        Compbatt - ok
15:00:18.0203 3336        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:00:18.0250 3336        CompositeBus - ok
15:00:18.0265 3336        COMSysApp - ok
15:00:18.0281 3336        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:00:18.0297 3336        crcdisk - ok
15:00:18.0328 3336        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:00:18.0421 3336        CryptSvc - ok
15:00:18.0453 3336        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:18.0531 3336        DcomLaunch - ok
15:00:18.0577 3336        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:00:18.0624 3336        defragsvc - ok
15:00:18.0640 3336        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:00:18.0702 3336        DfsC - ok
15:00:18.0733 3336        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:00:18.0780 3336        Dhcp - ok
15:00:18.0796 3336        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:00:18.0843 3336        discache - ok
15:00:18.0889 3336        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:00:18.0889 3336        Disk - ok
15:00:18.0921 3336        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:00:18.0967 3336        Dnscache - ok
15:00:18.0999 3336        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:00:19.0061 3336        dot3svc - ok
15:00:19.0092 3336        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:00:19.0155 3336        DPS - ok
15:00:19.0201 3336        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:00:19.0233 3336        drmkaud - ok
15:00:19.0279 3336        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:00:19.0311 3336        DXGKrnl - ok
15:00:19.0326 3336        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:00:19.0389 3336        EapHost - ok
15:00:19.0467 3336        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:00:19.0545 3336        ebdrv - ok
15:00:19.0576 3336        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:00:19.0623 3336        EFS - ok
15:00:19.0669 3336        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:00:19.0732 3336        ehRecvr - ok
15:00:19.0763 3336        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:00:19.0810 3336        ehSched - ok
15:00:19.0872 3336        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:00:19.0903 3336        elxstor - ok
15:00:19.0919 3336        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:00:19.0950 3336        ErrDev - ok
15:00:19.0981 3336        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:00:20.0028 3336        EventSystem - ok
15:00:20.0059 3336        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:00:20.0091 3336        exfat - ok
15:00:20.0106 3336        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:00:20.0153 3336        fastfat - ok
15:00:20.0184 3336        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:00:20.0215 3336        Fax - ok
15:00:20.0231 3336        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:00:20.0262 3336        fdc - ok
15:00:20.0293 3336        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:00:20.0356 3336        fdPHost - ok
15:00:20.0371 3336        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:00:20.0418 3336        FDResPub - ok
15:00:20.0434 3336        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:00:20.0449 3336        FileInfo - ok
15:00:20.0449 3336        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:00:20.0512 3336        Filetrace - ok
15:00:20.0527 3336        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:00:20.0543 3336        flpydisk - ok
15:00:20.0559 3336        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:00:20.0574 3336        FltMgr - ok
15:00:20.0605 3336        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
15:00:20.0652 3336        FontCache - ok
15:00:20.0746 3336        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:00:20.0761 3336        FontCache3.0.0.0 - ok
15:00:20.0777 3336        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:00:20.0777 3336        FsDepends - ok
15:00:20.0793 3336        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:00:20.0808 3336        Fs_Rec - ok
15:00:20.0824 3336        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:00:20.0839 3336        fvevol - ok
15:00:20.0855 3336        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:00:20.0871 3336        gagp30kx - ok
15:00:20.0902 3336        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:00:20.0964 3336        gpsvc - ok
15:00:21.0042 3336        gupdate        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:21.0058 3336        gupdate - ok
15:00:21.0073 3336        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:00:21.0089 3336        gupdatem - ok
15:00:21.0105 3336        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:00:21.0151 3336        hcw85cir - ok
15:00:21.0198 3336        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:00:21.0245 3336        HdAudAddService - ok
15:00:21.0276 3336        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:00:21.0323 3336        HDAudBus - ok
15:00:21.0339 3336        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:00:21.0385 3336        HidBatt - ok
15:00:21.0401 3336        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:00:21.0448 3336        HidBth - ok
15:00:21.0463 3336        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:00:21.0479 3336        HidIr - ok
15:00:21.0510 3336        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:00:21.0557 3336        hidserv - ok
15:00:21.0604 3336        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:00:21.0619 3336        HidUsb - ok
15:00:21.0651 3336        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:00:21.0729 3336        hkmsvc - ok
15:00:21.0744 3336        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:00:21.0760 3336        HomeGroupListener - ok
15:00:21.0775 3336        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:00:21.0807 3336        HomeGroupProvider - ok
15:00:21.0838 3336        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:00:21.0838 3336        HpSAMD - ok
15:00:21.0869 3336        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:00:21.0900 3336        HTTP - ok
15:00:21.0916 3336        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:00:21.0916 3336        hwpolicy - ok
15:00:21.0931 3336        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:00:21.0947 3336        i8042prt - ok
15:00:21.0978 3336        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:00:22.0009 3336        iaStorV - ok
15:00:22.0087 3336        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:00:22.0119 3336        idsvc - ok
15:00:22.0228 3336        IDSVia64        (c3292140bf458b46cf8abbfd7e177bbe) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys
15:00:22.0259 3336        IDSVia64 - ok
15:00:22.0306 3336        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:00:22.0321 3336        iirsp - ok
15:00:22.0353 3336        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:00:22.0415 3336        IKEEXT - ok
15:00:22.0509 3336        IntcAzAudAddService (589b94a9b73a0e819ff873743a480834) C:\Windows\system32\drivers\RTKVHD64.sys
15:00:22.0555 3336        IntcAzAudAddService - ok
15:00:22.0571 3336        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:00:22.0571 3336        intelide - ok
15:00:22.0602 3336        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
15:00:22.0649 3336        intelppm - ok
15:00:22.0665 3336        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:00:22.0743 3336        IPBusEnum - ok
15:00:22.0774 3336        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:00:22.0805 3336        IpFilterDriver - ok
15:00:22.0821 3336        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:00:22.0899 3336        iphlpsvc - ok
15:00:22.0930 3336        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:00:22.0945 3336        IPMIDRV - ok
15:00:22.0945 3336        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:00:22.0992 3336        IPNAT - ok
15:00:23.0023 3336        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:00:23.0070 3336        IRENUM - ok
15:00:23.0101 3336        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:00:23.0117 3336        isapnp - ok
15:00:23.0133 3336        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:00:23.0148 3336        iScsiPrt - ok
15:00:23.0195 3336        JRAID          (79a55e8907f34ab569029505418c35ef) C:\Windows\system32\DRIVERS\jraid.sys
15:00:23.0211 3336        JRAID - ok
15:00:23.0257 3336        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:00:23.0273 3336        kbdclass - ok
15:00:23.0289 3336        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:00:23.0320 3336        kbdhid - ok
15:00:23.0351 3336        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:23.0367 3336        KeyIso - ok
15:00:23.0429 3336        KL1            (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys
15:00:23.0445 3336        KL1 - ok
15:00:23.0460 3336        kl2            (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys
15:00:23.0476 3336        kl2 - ok
15:00:23.0538 3336        KLIF            (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys
15:00:23.0554 3336        KLIF - ok
15:00:23.0585 3336        KLIM6          (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys
15:00:23.0585 3336        KLIM6 - ok
15:00:23.0601 3336        klmouflt        (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys
15:00:23.0601 3336        klmouflt - ok
15:00:23.0632 3336        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:00:23.0632 3336        KSecDD - ok
15:00:23.0647 3336        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:00:23.0663 3336        KSecPkg - ok
15:00:23.0679 3336        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:00:23.0741 3336        ksthunk - ok
15:00:23.0772 3336        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:00:23.0850 3336        KtmRm - ok
15:00:23.0881 3336        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:00:23.0928 3336        LanmanServer - ok
15:00:23.0959 3336        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:00:24.0037 3336        LanmanWorkstation - ok
15:00:24.0069 3336        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:00:24.0131 3336        lltdio - ok
15:00:24.0178 3336        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:00:24.0240 3336        lltdsvc - ok
15:00:24.0271 3336        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:00:24.0318 3336        lmhosts - ok
15:00:24.0349 3336        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:00:24.0349 3336        LSI_FC - ok
15:00:24.0365 3336        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:00:24.0381 3336        LSI_SAS - ok
15:00:24.0381 3336        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:00:24.0396 3336        LSI_SAS2 - ok
15:00:24.0396 3336        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:00:24.0412 3336        LSI_SCSI - ok
15:00:24.0443 3336        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:00:24.0505 3336        luafv - ok
15:00:24.0537 3336        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:00:24.0583 3336        Mcx2Svc - ok
15:00:24.0615 3336        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:00:24.0615 3336        megasas - ok
15:00:24.0630 3336        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:00:24.0646 3336        MegaSR - ok
15:00:24.0661 3336        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:24.0724 3336        MMCSS - ok
15:00:24.0739 3336        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:00:24.0786 3336        Modem - ok
15:00:24.0802 3336        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:00:24.0833 3336        monitor - ok
15:00:24.0880 3336        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:00:24.0895 3336        mouclass - ok
15:00:24.0927 3336        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:00:24.0958 3336        mouhid - ok
15:00:24.0989 3336        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:00:25.0005 3336        mountmgr - ok
15:00:25.0020 3336        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:00:25.0036 3336        mpio - ok
15:00:25.0051 3336        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:00:25.0083 3336        mpsdrv - ok
15:00:25.0114 3336        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:00:25.0145 3336        MpsSvc - ok
15:00:25.0161 3336        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:00:25.0192 3336        MRxDAV - ok
15:00:25.0223 3336        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:00:25.0270 3336        mrxsmb - ok
15:00:25.0301 3336        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:00:25.0332 3336        mrxsmb10 - ok
15:00:25.0348 3336        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:00:25.0363 3336        mrxsmb20 - ok
15:00:25.0379 3336        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:00:25.0379 3336        msahci - ok
15:00:25.0426 3336        MSCamSvc        (41fb1d61df09c36ccab0b04eec66f6d5) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
15:00:25.0457 3336        MSCamSvc - ok
15:00:25.0457 3336        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:00:25.0473 3336        msdsm - ok
15:00:25.0504 3336        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:00:25.0535 3336        MSDTC - ok
15:00:25.0551 3336        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:00:25.0597 3336        Msfs - ok
15:00:25.0613 3336        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:00:25.0675 3336        mshidkmdf - ok
15:00:25.0691 3336        MSHUSBVideo    (bb590070d606ae6f008341fc9a7b2ad7) C:\Windows\system32\Drivers\nx6000.sys
15:00:25.0691 3336        MSHUSBVideo - ok
15:00:25.0707 3336        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:00:25.0707 3336        msisadrv - ok
15:00:25.0753 3336        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:00:25.0785 3336        MSiSCSI - ok
15:00:25.0785 3336        msiserver - ok
15:00:25.0816 3336        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:00:25.0878 3336        MSKSSRV - ok
15:00:25.0909 3336        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:00:25.0972 3336        MSPCLOCK - ok
15:00:25.0987 3336        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:00:26.0050 3336        MSPQM - ok
15:00:26.0081 3336        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:00:26.0097 3336        MsRPC - ok
15:00:26.0112 3336        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:00:26.0112 3336        mssmbios - ok
15:00:26.0128 3336        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:00:26.0159 3336        MSTEE - ok
15:00:26.0175 3336        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:00:26.0190 3336        MTConfig - ok
15:00:26.0206 3336        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:00:26.0206 3336        Mup - ok
15:00:26.0237 3336        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:00:26.0331 3336        napagent - ok
15:00:26.0362 3336        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:00:26.0393 3336        NativeWifiP - ok
15:00:26.0502 3336        NAVENG          (a507b7d1c5f957a1aab98794eb377654) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS
15:00:26.0518 3336        NAVENG - ok
15:00:26.0565 3336        NAVEX15        (0d7d6c0fd46f12780c3bab6af891ede3) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS
15:00:26.0627 3336        NAVEX15 - ok
15:00:26.0658 3336        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:00:26.0674 3336        NDIS - ok
15:00:26.0705 3336        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:00:26.0721 3336        NdisCap - ok
15:00:26.0752 3336        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:00:26.0799 3336        NdisTapi - ok
15:00:26.0830 3336        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:00:26.0861 3336        Ndisuio - ok
15:00:26.0877 3336        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:00:26.0908 3336        NdisWan - ok
15:00:26.0955 3336        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:00:26.0970 3336        NDProxy - ok
15:00:26.0986 3336        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:00:27.0033 3336        NetBIOS - ok
15:00:27.0033 3336        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:00:27.0064 3336        NetBT - ok
15:00:27.0111 3336        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:27.0111 3336        Netlogon - ok
15:00:27.0142 3336        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:00:27.0220 3336        Netman - ok
15:00:27.0251 3336        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:00:27.0329 3336        netprofm - ok
15:00:27.0423 3336        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:00:27.0438 3336        NetTcpPortSharing - ok
15:00:27.0454 3336        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:00:27.0469 3336        nfrd960 - ok
15:00:27.0485 3336        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:00:27.0547 3336        NlaSvc - ok
15:00:27.0563 3336        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:00:27.0594 3336        Npfs - ok
15:00:27.0610 3336        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:00:27.0657 3336        nsi - ok
15:00:27.0672 3336        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:00:27.0719 3336        nsiproxy - ok
15:00:27.0781 3336        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:00:27.0844 3336        Ntfs - ok
15:00:27.0859 3336        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:00:27.0906 3336        Null - ok
15:00:27.0953 3336        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:00:27.0953 3336        nvraid - ok
15:00:27.0984 3336        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:00:27.0984 3336        nvstor - ok
15:00:28.0015 3336        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:00:28.0031 3336        nv_agp - ok
15:00:28.0047 3336        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:00:28.0062 3336        ohci1394 - ok
15:00:28.0109 3336        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:28.0156 3336        p2pimsvc - ok
15:00:28.0203 3336        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:00:28.0234 3336        p2psvc - ok
15:00:28.0249 3336        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:00:28.0281 3336        Parport - ok
15:00:28.0296 3336        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:00:28.0312 3336        partmgr - ok
15:00:28.0343 3336        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:00:28.0405 3336        PcaSvc - ok
15:00:28.0437 3336        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:00:28.0452 3336        pci - ok
15:00:28.0468 3336        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:00:28.0468 3336        pciide - ok
15:00:28.0499 3336        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:00:28.0499 3336        pcmcia - ok
15:00:28.0515 3336        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:00:28.0530 3336        pcw - ok
15:00:28.0546 3336        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:00:28.0593 3336        PEAUTH - ok
15:00:28.0686 3336        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:00:28.0702 3336        PerfHost - ok
15:00:28.0749 3336        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:00:28.0827 3336        pla - ok
15:00:28.0858 3336        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:00:28.0905 3336        PlugPlay - ok
15:00:28.0920 3336        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:00:28.0967 3336        PNRPAutoReg - ok
15:00:28.0998 3336        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:00:29.0029 3336        PNRPsvc - ok
15:00:29.0061 3336        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:00:29.0123 3336        PolicyAgent - ok
15:00:29.0154 3336        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:00:29.0217 3336        Power - ok
15:00:29.0279 3336        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:00:29.0357 3336        PptpMiniport - ok
15:00:29.0388 3336        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:00:29.0419 3336        Processor - ok
15:00:29.0451 3336        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:00:29.0529 3336        ProfSvc - ok
15:00:29.0560 3336        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:29.0575 3336        ProtectedStorage - ok
15:00:29.0607 3336        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:00:29.0685 3336        Psched - ok
15:00:29.0731 3336        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:00:29.0794 3336        ql2300 - ok
15:00:29.0809 3336        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:00:29.0809 3336        ql40xx - ok
15:00:29.0825 3336        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:00:29.0841 3336        QWAVE - ok
15:00:29.0856 3336        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:00:29.0872 3336        QWAVEdrv - ok
15:00:29.0887 3336        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:00:29.0919 3336        RasAcd - ok
15:00:29.0950 3336        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:00:29.0997 3336        RasAgileVpn - ok
15:00:30.0043 3336        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:00:30.0106 3336        RasAuto - ok
15:00:30.0106 3336        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:00:30.0168 3336        Rasl2tp - ok
15:00:30.0199 3336        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:00:30.0231 3336        RasMan - ok
15:00:30.0246 3336        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:00:30.0293 3336        RasPppoe - ok
15:00:30.0355 3336        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:00:30.0418 3336        RasSstp - ok
15:00:30.0433 3336        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:00:30.0480 3336        rdbss - ok
15:00:30.0511 3336        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
15:00:30.0527 3336        rdpbus - ok
15:00:30.0558 3336        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:00:30.0574 3336        RDPCDD - ok
15:00:30.0605 3336        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:00:30.0667 3336        RDPENCDD - ok
15:00:30.0683 3336        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:00:30.0714 3336        RDPREFMP - ok
15:00:30.0745 3336        RDPWD          (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
15:00:30.0761 3336        RDPWD - ok
15:00:30.0777 3336        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:00:30.0792 3336        rdyboost - ok
15:00:30.0808 3336        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:00:30.0870 3336        RemoteAccess - ok
15:00:30.0901 3336        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:00:30.0948 3336        RemoteRegistry - ok
15:00:30.0964 3336        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:00:31.0026 3336        RpcEptMapper - ok
15:00:31.0073 3336        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:00:31.0104 3336        RpcLocator - ok
15:00:31.0135 3336        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:00:31.0167 3336        RpcSs - ok
15:00:31.0182 3336        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:00:31.0213 3336        rspndr - ok
15:00:31.0229 3336        RTL8167        (ee082e06a82ff630351d1e0ebbd3d8d0) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:00:31.0245 3336        RTL8167 - ok
15:00:31.0276 3336        SaiK0CEA        (bd0eddcc9d5860dddbd04b4011fd8f48) C:\Windows\system32\DRIVERS\SaiK0CEA.sys
15:00:31.0338 3336        SaiK0CEA - ok
15:00:31.0354 3336        SaiMini        (cdb5a5deac21be0a5ed0c433fbcd1aec) C:\Windows\system32\DRIVERS\SaiMini.sys
15:00:31.0369 3336        SaiMini - ok
15:00:31.0401 3336        SaiNtBus        (46b4e7bc48194e578f744c43f06ec460) C:\Windows\system32\drivers\SaiBus.sys
15:00:31.0447 3336        SaiNtBus - ok
15:00:31.0494 3336        SaiU0CEA        (1b083d5e6ebc06ead3e2c695493e9c2d) C:\Windows\system32\DRIVERS\SaiU0CEA.sys
15:00:31.0557 3336        SaiU0CEA - ok
15:00:31.0572 3336        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:31.0588 3336        SamSs - ok
15:00:31.0603 3336        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:00:31.0603 3336        sbp2port - ok
15:00:31.0635 3336        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:00:31.0666 3336        SCardSvr - ok
15:00:31.0681 3336        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:00:31.0728 3336        scfilter - ok
15:00:31.0759 3336        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:00:31.0822 3336        Schedule - ok
15:00:31.0853 3336        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:00:31.0884 3336        SCPolicySvc - ok
15:00:31.0900 3336        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:00:31.0915 3336        SDRSVC - ok
15:00:31.0962 3336        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:00:32.0040 3336        secdrv - ok
15:00:32.0056 3336        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:00:32.0087 3336        seclogon - ok
15:00:32.0118 3336        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:00:32.0165 3336        SENS - ok
15:00:32.0165 3336        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:00:32.0181 3336        SensrSvc - ok
15:00:32.0227 3336        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:00:32.0259 3336        Serenum - ok
15:00:32.0290 3336        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:00:32.0321 3336        Serial - ok
15:00:32.0368 3336        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:00:32.0415 3336        sermouse - ok
15:00:32.0446 3336        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:00:32.0508 3336        SessionEnv - ok
15:00:32.0524 3336        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:00:32.0539 3336        sffdisk - ok
15:00:32.0555 3336        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:00:32.0586 3336        sffp_mmc - ok
15:00:32.0602 3336        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:00:32.0633 3336        sffp_sd - ok
15:00:32.0680 3336        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:00:32.0711 3336        sfloppy - ok
15:00:32.0742 3336        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:00:32.0789 3336        SharedAccess - ok
15:00:32.0820 3336        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:00:32.0851 3336        ShellHWDetection - ok
15:00:32.0867 3336        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:00:32.0883 3336        SiSRaid2 - ok
15:00:32.0898 3336        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:00:32.0898 3336        SiSRaid4 - ok
15:00:32.0961 3336        SkypeUpdate    (17eab7852ff9f15fbaab4e95efc0b812) C:\Program Files (x86)\Skype\Updater\Updater.exe
15:00:32.0976 3336        SkypeUpdate - ok
15:00:33.0007 3336        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:00:33.0054 3336        Smb - ok
15:00:33.0101 3336        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:00:33.0101 3336        SNMPTRAP - ok
15:00:33.0117 3336        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:00:33.0132 3336        spldr - ok
15:00:33.0148 3336        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:00:33.0179 3336        Spooler - ok
15:00:33.0257 3336        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:00:33.0319 3336        sppsvc - ok
15:00:33.0335 3336        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:00:33.0366 3336        sppuinotify - ok
15:00:33.0413 3336        SRTSP          (0793ee947caa85e41f4606e8caca5fb3) C:\Windows\system32\drivers\NISx64\1201000.025\SRTSP64.SYS
15:00:33.0460 3336        SRTSP - ok
15:00:33.0460 3336        SRTSPX          (d22ec4fbf847d23994186b301063d4cd) C:\Windows\system32\drivers\NISx64\1201000.025\SRTSPX64.SYS
15:00:33.0475 3336        SRTSPX - ok
15:00:33.0507 3336        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:00:33.0569 3336        srv - ok
15:00:33.0600 3336        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:00:33.0647 3336        srv2 - ok
15:00:33.0678 3336        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:00:33.0709 3336        srvnet - ok
15:00:33.0725 3336        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:00:33.0756 3336        SSDPSRV - ok
15:00:33.0772 3336        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:00:33.0803 3336        SstpSvc - ok
15:00:33.0819 3336        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:00:33.0834 3336        stexstor - ok
15:00:33.0865 3336        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:00:33.0912 3336        stisvc - ok
15:00:33.0928 3336        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:00:33.0943 3336        swenum - ok
15:00:33.0975 3336        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:00:34.0053 3336        swprv - ok
15:00:34.0115 3336        SymDS          (c11f054e0bf9d233a59805d4ba17f882) C:\Windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS
15:00:34.0146 3336        SymDS - ok
15:00:34.0177 3336        SymEFA          (82d0f3950fa03116c99016e35f42c4c1) C:\Windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS
15:00:34.0193 3336        SymEFA - ok
15:00:34.0209 3336        SymEvent        (84e27ca1a5af320a705e767ea53086e5) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
15:00:34.0224 3336        SymEvent - ok
15:00:34.0240 3336        SymIRON        (53a3805411d3cec1402a315e7aab5dc8) C:\Windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS
15:00:34.0255 3336        SymIRON - ok
15:00:34.0271 3336        SymNetS        (60cc03da318435300ab2e59ad2afe2d9) C:\Windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS
15:00:34.0271 3336        SymNetS - ok
15:00:34.0318 3336        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:00:34.0443 3336        SysMain - ok
15:00:34.0458 3336        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:00:34.0489 3336        TabletInputService - ok
15:00:34.0521 3336        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:00:34.0567 3336        TapiSrv - ok
15:00:34.0599 3336        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:00:34.0630 3336        TBS - ok
15:00:34.0708 3336        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:00:34.0755 3336        Tcpip - ok
15:00:34.0786 3336        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:00:34.0817 3336        TCPIP6 - ok
15:00:34.0848 3336        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:00:34.0911 3336        tcpipreg - ok
15:00:34.0926 3336        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:00:34.0942 3336        TDPIPE - ok
15:00:34.0973 3336        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:00:35.0004 3336        TDTCP - ok
15:00:35.0035 3336        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:00:35.0082 3336        tdx - ok
15:00:35.0098 3336        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:00:35.0113 3336        TermDD - ok
15:00:35.0129 3336        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:00:35.0191 3336        TermService - ok
15:00:35.0223 3336        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:00:35.0238 3336        Themes - ok
15:00:35.0254 3336        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:00:35.0285 3336        THREADORDER - ok
15:00:35.0285 3336        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:00:35.0332 3336        TrkWks - ok
15:00:35.0379 3336        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:00:35.0441 3336        TrustedInstaller - ok
15:00:35.0472 3336        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:00:35.0519 3336        tssecsrv - ok
15:00:35.0550 3336        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:00:35.0566 3336        TsUsbFlt - ok
15:00:35.0581 3336        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:00:35.0613 3336        TsUsbGD - ok
15:00:35.0659 3336        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:00:35.0737 3336        tunnel - ok
15:00:35.0753 3336        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:00:35.0769 3336        uagp35 - ok
15:00:35.0784 3336        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:00:35.0831 3336        udfs - ok
15:00:35.0847 3336        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:00:35.0878 3336        UI0Detect - ok
15:00:35.0909 3336        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:00:35.0925 3336        uliagpkx - ok
15:00:35.0971 3336        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:00:36.0003 3336        umbus - ok
15:00:36.0018 3336        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:00:36.0049 3336        UmPass - ok
15:00:36.0096 3336        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:00:36.0174 3336        upnphost - ok
15:00:36.0205 3336        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:00:36.0252 3336        usbaudio - ok
15:00:36.0283 3336        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:00:36.0299 3336        usbccgp - ok
15:00:36.0315 3336        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:00:36.0330 3336        usbcir - ok
15:00:36.0361 3336        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:00:36.0393 3336        usbehci - ok
15:00:36.0424 3336        usbfilter      (573d192e268f0c5b486b7e96f661e538) C:\Windows\system32\DRIVERS\usbfilter.sys
15:00:36.0439 3336        usbfilter - ok
15:00:36.0486 3336        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:00:36.0533 3336        usbhub - ok
15:00:36.0564 3336        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
15:00:36.0595 3336        usbohci - ok
15:00:36.0642 3336        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:00:36.0673 3336        usbprint - ok
15:00:36.0689 3336        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:00:36.0705 3336        usbscan - ok
15:00:36.0720 3336        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:00:36.0767 3336        USBSTOR - ok
15:00:36.0783 3336        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
15:00:36.0829 3336        usbuhci - ok
15:00:36.0876 3336        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
15:00:36.0923 3336        usbvideo - ok
15:00:36.0954 3336        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:00:37.0017 3336        UxSms - ok
15:00:37.0048 3336        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:00:37.0063 3336        VaultSvc - ok
15:00:37.0110 3336        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:00:37.0126 3336        vdrvroot - ok
15:00:37.0157 3336        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:00:37.0219 3336        vds - ok
15:00:37.0251 3336        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:00:37.0282 3336        vga - ok
15:00:37.0297 3336        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:00:37.0344 3336        VgaSave - ok
15:00:37.0375 3336        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:00:37.0375 3336        vhdmp - ok
15:00:37.0391 3336        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:00:37.0407 3336        viaide - ok
15:00:37.0422 3336        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:00:37.0422 3336        volmgr - ok
15:00:37.0453 3336        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:00:37.0469 3336        volmgrx - ok
15:00:37.0500 3336        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:00:37.0531 3336        volsnap - ok
15:00:37.0547 3336        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:00:37.0547 3336        vsmraid - ok
15:00:37.0578 3336        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:00:37.0656 3336        VSS - ok
15:00:37.0687 3336        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:00:37.0719 3336        vwifibus - ok
15:00:37.0734 3336        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:00:37.0765 3336        W32Time - ok
15:00:37.0797 3336        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:00:37.0828 3336        WacomPen - ok
15:00:37.0859 3336        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:37.0921 3336        WANARP - ok
15:00:37.0953 3336        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:00:37.0968 3336        Wanarpv6 - ok
15:00:37.0999 3336        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:00:38.0046 3336        wbengine - ok
15:00:38.0062 3336        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:00:38.0077 3336        WbioSrvc - ok
15:00:38.0077 3336        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:00:38.0109 3336        wcncsvc - ok
15:00:38.0140 3336        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:00:38.0171 3336        WcsPlugInService - ok
15:00:38.0187 3336        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:00:38.0187 3336        Wd - ok
15:00:38.0218 3336        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:00:38.0233 3336        Wdf01000 - ok
15:00:38.0249 3336        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:38.0343 3336        WdiServiceHost - ok
15:00:38.0343 3336        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:00:38.0358 3336        WdiSystemHost - ok
15:00:38.0389 3336        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:00:38.0421 3336        WebClient - ok
15:00:38.0452 3336        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:00:38.0499 3336        Wecsvc - ok
15:00:38.0530 3336        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:00:38.0561 3336        wercplsupport - ok
15:00:38.0577 3336        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:00:38.0608 3336        WerSvc - ok
15:00:38.0639 3336        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:00:38.0670 3336        WfpLwf - ok
15:00:38.0686 3336        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:00:38.0686 3336        WIMMount - ok
15:00:38.0717 3336        WinDefend - ok
15:00:38.0717 3336        WinHttpAutoProxySvc - ok
15:00:38.0764 3336        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:00:38.0811 3336        Winmgmt - ok
15:00:38.0873 3336        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:00:38.0951 3336        WinRM - ok
15:00:38.0998 3336        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:00:39.0045 3336        WinUsb - ok
15:00:39.0091 3336        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:00:39.0154 3336        Wlansvc - ok
15:00:39.0169 3336        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:00:39.0185 3336        WmiAcpi - ok
15:00:39.0201 3336        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:00:39.0232 3336        wmiApSrv - ok
15:00:39.0263 3336        WMPNetworkSvc - ok
15:00:39.0263 3336        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:00:39.0294 3336        WPCSvc - ok
15:00:39.0310 3336        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:00:39.0341 3336        WPDBusEnum - ok
15:00:39.0357 3336        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:00:39.0388 3336        ws2ifsl - ok
15:00:39.0403 3336        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:00:39.0435 3336        wscsvc - ok
15:00:39.0435 3336        WSearch - ok
15:00:39.0513 3336        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:00:39.0622 3336        wuauserv - ok
15:00:39.0637 3336        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:00:39.0700 3336        WudfPf - ok
15:00:39.0731 3336        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:00:39.0778 3336        WUDFRd - ok
15:00:39.0793 3336        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:00:39.0825 3336        wudfsvc - ok
15:00:39.0840 3336        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:00:39.0871 3336        WwanSvc - ok
15:00:39.0903 3336        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:00:40.0043 3336        \Device\Harddisk0\DR0 - ok
15:00:40.0043 3336        Boot (0x1200)  (d98fdb6601e7cb4af9e01258d9aadd60) \Device\Harddisk0\DR0\Partition0
15:00:40.0059 3336        \Device\Harddisk0\DR0\Partition0 - ok
15:00:40.0059 3336        ============================================================
15:00:40.0059 3336        Scan finished
15:00:40.0059 3336        ============================================================
15:00:40.0059 4076        Detected object count: 0
15:00:40.0059 4076        Actual detected object count: 0

cosinus 27.03.2012 14:10
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Engelchen1 27.03.2012 14:34
Combofix Logfile:
Code:
ComboFix 12-03-27.02 - Micha 27.03.2012  15:19:59.1.6 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8137.6537 [GMT 2:00]
ausgeführt von:: c:\users\Micha\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Micha\AppData\Local\._Revolution_
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-02-27 bis 2012-03-27  ))))))))))))))))))))))))))))))
.
.
2012-03-27 13:24 . 2012-03-27 13:24        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-03-27 11:45 . 2012-03-27 11:45        --------        d-----w-        C:\_OTL
2012-03-27 08:36 . 2012-03-20 02:51        8669240        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B0CAC751-B76E-49BD-83CC-12BA795C221D}\mpengine.dll
2012-03-26 19:59 . 2012-03-26 19:59        --------        d-----w-        c:\program files (x86)\ESET
2012-03-26 12:24 . 2012-03-26 12:24        --------        d-----w-        c:\users\Micha\AppData\Roaming\Malwarebytes
2012-03-26 12:24 . 2012-03-26 12:24        --------        d-----w-        c:\programdata\Malwarebytes
2012-03-26 12:24 . 2011-12-10 13:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-03-26 12:24 . 2012-03-26 13:54        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-25 16:47 . 2012-03-26 13:54        --------        d-----w-        c:\program files (x86)\7-Zip
2012-03-23 17:26 . 2012-03-27 13:25        --------        d-----w-        c:\programdata\Kaspersky Lab
2012-03-23 17:26 . 2012-03-23 17:26        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2012-03-20 15:37 . 2012-03-20 15:37        --------        d-----w-        C:\Games
2012-03-17 14:27 . 2012-03-17 14:27        --------        d-----w-        c:\program files (x86)\Microsoft Silverlight
2012-03-16 14:48 . 2012-03-16 20:17        --------        d-----w-        c:\users\Micha\AppData\Roaming\gtk-2.0
2012-03-14 18:43 . 2011-11-19 15:20        5559152        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-03-14 18:43 . 2011-11-19 14:50        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 18:43 . 2011-11-19 14:50        3913584        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 15:47 . 2012-03-14 16:47        --------        d-----w-        c:\users\Micha\AppData\Roaming\dvdcss
2012-03-14 14:20 . 2012-02-03 04:34        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-03-14 14:20 . 2012-02-10 06:36        1544192        ----a-w-        c:\windows\system32\DWrite.dll
2012-03-14 14:20 . 2012-02-10 05:38        1077248        ----a-w-        c:\windows\SysWow64\DWrite.dll
2012-03-14 14:20 . 2012-02-17 06:38        1031680        ----a-w-        c:\windows\system32\rdpcore.dll
2012-03-14 14:20 . 2012-02-17 05:34        826880        ----a-w-        c:\windows\SysWow64\rdpcore.dll
2012-03-14 14:20 . 2012-02-17 04:58        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-03-14 14:20 . 2012-02-17 04:57        23552        ----a-w-        c:\windows\system32\drivers\tdtcp.sys
2012-03-14 14:20 . 2012-01-25 06:38        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-03-14 14:20 . 2012-01-25 06:38        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-03-14 14:20 . 2012-01-25 06:33        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-03-13 13:54 . 2012-03-13 13:54        --------        d-----w-        c:\programdata\ATI
2012-03-13 13:49 . 2012-03-13 13:49        --------        d-----w-        c:\program files (x86)\AMD AVT
2012-03-13 13:49 . 2012-03-13 13:49        --------        d-----w-        c:\program files\AMD
2012-03-13 13:49 . 2012-03-13 13:49        --------        d-----w-        c:\program files (x86)\AMD
2012-03-13 13:49 . 2012-03-13 13:49        --------        d-----w-        c:\program files (x86)\AMD APP
2012-03-09 18:24 . 2012-03-09 18:24        --------        d-----w-        c:\users\Micha\.thumbnails
2012-03-09 18:18 . 2012-03-25 20:42        --------        d-----w-        c:\users\Micha\.gimp-2.6
2012-03-09 18:17 . 2012-03-09 18:17        --------        d-----w-        c:\program files (x86)\GIMP-2.0
2012-03-09 18:01 . 2012-03-09 18:01        2300696        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-03-09 18:01 . 2012-03-09 18:01        42776        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-03-09 18:01 . 2012-03-09 18:01        1236816        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-29 17:31 . 2012-02-29 17:31        --------        d-----w-        C:\Cache
2012-02-29 12:34 . 2012-02-29 17:32        --------        d-----w-        C:\Logs
2012-02-29 10:15 . 2012-02-29 17:38        --------        d-----w-        C:\Data
2012-02-29 10:15 . 2012-03-02 09:50        --------        d-----w-        C:\WTF
2012-02-27 15:31 . 2012-02-29 17:29        83024        ----a-w-        C:\MovieProxy.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-27 07:50 . 2012-02-01 20:42        750488        ----a-w-        c:\windows\system32\npdeployJava1.dll
2012-03-27 07:50 . 2012-02-01 20:42        660368        ----a-w-        c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2010-11-21 03:27        279656        ------w-        c:\windows\system32\MpSigStub.exe
2012-02-18 10:08 . 2012-02-11 13:43        414368        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 14:08 . 2012-02-16 16:15        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-02-15 03:48 . 2012-02-15 03:48        10856960        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2012-02-15 03:21 . 2012-02-15 03:21        25839104        ----a-w-        c:\windows\system32\atio6axx.dll
2012-02-15 03:18 . 2012-02-15 03:18        159744        ----a-w-        c:\windows\system32\atiapfxx.exe
2012-02-15 03:18 . 2011-12-06 03:17        791040        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2012-02-15 03:17 . 2011-10-26 02:04        957952        ----a-w-        c:\windows\system32\aticfx64.dll
2012-02-15 03:13 . 2012-02-15 03:13        442368        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2012-02-15 03:13 . 2012-02-15 03:13        496128        ----a-w-        c:\windows\system32\atieclxx.exe
2012-02-15 03:13 . 2012-02-15 03:13        235520        ----a-w-        c:\windows\system32\atiesrxx.exe
2012-02-15 03:11 . 2012-02-15 03:11        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2012-02-15 03:10 . 2012-02-15 03:10        21504        ----a-w-        c:\windows\system32\atimuixx.dll
2012-02-15 03:10 . 2012-02-15 03:10        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2012-02-15 03:10 . 2012-02-15 03:10        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2012-02-15 03:07 . 2011-12-06 03:06        6200320        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2012-02-15 02:58 . 2012-02-15 02:58        19392000        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2012-02-15 02:52 . 2011-10-26 01:46        7646208        ----a-w-        c:\windows\system32\atidxx64.dll
2012-02-15 02:41 . 2012-02-15 02:41        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2012-02-15 02:40 . 2012-02-15 02:40        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2012-02-15 02:40 . 2012-02-15 02:40        4958208        ----a-w-        c:\windows\system32\atiumd6a.dll
2012-02-15 02:34 . 2012-02-15 02:34        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2012-02-15 02:34 . 2012-02-15 02:34        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2012-02-15 02:34 . 2012-02-15 02:34        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2012-02-15 02:34 . 2012-02-15 02:34        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2012-02-15 02:34 . 2011-12-06 02:33        5954048        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2012-02-15 02:34 . 2012-02-15 02:34        13859840        ----a-w-        c:\windows\system32\aticaldd64.dll
2012-02-15 02:29 . 2011-12-06 02:28        5062656        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2012-02-15 02:29 . 2012-02-15 02:29        11561984        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2012-02-15 02:25 . 2012-02-15 02:25        7551488        ----a-w-        c:\windows\system32\atiumd64.dll
2012-02-15 02:16 . 2012-01-31 19:46        58880        ----a-w-        c:\windows\system32\coinst.dll
2012-02-15 02:14 . 2012-02-15 02:14        512000        ----a-w-        c:\windows\system32\atiadlxx.dll
2012-02-15 02:13 . 2012-02-15 02:13        356352        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2012-02-15 02:13 . 2012-02-15 02:13        17408        ----a-w-        c:\windows\system32\atig6pxx.dll
2012-02-15 02:13 . 2012-02-15 02:13        14336        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13        14336        ----a-w-        c:\windows\system32\atiglpxx.dll
2012-02-15 02:13 . 2012-02-15 02:13        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2012-02-15 02:13 . 2012-02-15 02:13        33280        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2012-02-15 02:13 . 2012-02-15 02:13        327680        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2012-02-15 02:12 . 2011-10-26 01:21        43008        ----a-w-        c:\windows\system32\atiuxp64.dll
2012-02-15 02:12 . 2011-12-06 02:11        33280        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2012-02-15 02:12 . 2012-02-15 02:12        39936        ----a-w-        c:\windows\system32\atiu9p64.dll
2012-02-15 02:12 . 2011-12-06 02:11        30208        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2012-02-15 02:11 . 2012-02-15 02:11        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2012-02-15 02:11 . 2012-02-15 02:11        54784        ----a-w-        c:\windows\system32\atimpc64.dll
2012-02-15 02:11 . 2012-02-15 02:11        54784        ----a-w-        c:\windows\system32\amdpcom64.dll
2012-02-15 02:11 . 2012-02-15 02:11        53760        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2012-02-15 02:11 . 2012-02-15 02:11        53760        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2012-02-14 21:05 . 2012-02-14 21:05        69632        ----a-w-        c:\windows\system32\OpenVideo64.dll
2012-02-14 21:05 . 2012-02-14 21:05        59904        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2012-02-14 21:05 . 2012-02-14 21:05        61952        ----a-w-        c:\windows\system32\OVDecode64.dll
2012-02-14 21:05 . 2012-02-14 21:05        54784        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2012-02-14 21:05 . 2012-02-14 21:05        16507904        ----a-w-        c:\windows\system32\amdocl64.dll
2012-02-14 21:04 . 2012-02-14 21:04        13238272        ----a-w-        c:\windows\SysWow64\amdocl.dll
2012-02-14 21:03 . 2012-02-14 21:03        54272        ----a-w-        c:\windows\system32\OpenCL.dll
2012-02-14 21:03 . 2012-02-14 21:03        48128        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2012-01-31 22:20 . 2012-01-31 22:20        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-01-31 22:20 . 2012-01-31 22:20        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-01-31 22:20 . 2012-01-31 22:20        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-01-31 22:20 . 2012-01-31 22:20        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-01-31 22:20 . 2012-01-31 22:20        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-01-31 22:20 . 2012-01-31 22:20        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-01-31 22:20 . 2012-01-31 22:20        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2012-01-31 22:20 . 2012-01-31 22:20        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-01-31 22:20 . 2012-01-31 22:20        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-01-31 22:20 . 2012-01-31 22:20        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-01-31 22:20 . 2012-01-31 22:20        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-01-31 22:20 . 2012-01-31 22:20        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-01-31 22:20 . 2012-01-31 22:20        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-01-31 22:20 . 2012-01-31 22:20        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-01-31 22:20 . 2012-01-31 22:20        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-01-31 22:20 . 2012-01-31 22:20        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-01-31 22:20 . 2012-01-31 22:20        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-01-31 22:20 . 2012-01-31 22:20        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-01-31 22:20 . 2012-01-31 22:20        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-01-31 22:20 . 2012-01-31 22:20        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-01-31 22:20 . 2012-01-31 22:20        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-01-31 22:20 . 2012-01-31 22:20        603648        ----a-w-        c:\windows\system32\vbscript.dll
2012-01-31 22:20 . 2012-01-31 22:20        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-01-31 22:20 . 2012-01-31 22:20        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-01-31 22:20 . 2012-01-31 22:20        448512        ----a-w-        c:\windows\system32\html.iec
2012-01-31 22:20 . 2012-01-31 22:20        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-01-31 22:20 . 2012-01-31 22:20        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-01-31 22:20 . 2012-01-31 22:20        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-01-31 22:20 . 2012-01-31 22:20        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-01-31 22:20 . 2012-01-31 22:20        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-01-31 22:20 . 2012-01-31 22:20        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-01-31 22:20 . 2012-01-31 22:20        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-01-31 22:20 . 2012-01-31 22:20        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-01-31 22:20 . 2012-01-31 22:20        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-01-31 19:35 . 2012-01-31 19:35        174640        ----a-w-        c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-01-31 05:02 . 2012-01-31 05:02        21504        ----a-w-        c:\windows\system32\kdbsdk64.dll
2012-01-31 05:00 . 2012-01-31 05:00        16896        ----a-w-        c:\windows\SysWow64\kdbsdk32.dll
2012-01-04 10:44 . 2012-02-15 14:07        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 14:07        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2011-12-30 06:26 . 2012-02-15 14:07        515584        ----a-w-        c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 14:07        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44        69760        ----a-w-        c:\program files (x86)\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-09-07 43608]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-14 636032]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AML Device Install.lnk - c:\program files (x86)\AMD AVT\bin\kdbsync.exe [2012-1-31 10752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [2010-08-09 945200]
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-01-31 158856]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1201000.025\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1201000.025\SYMEFA64.SYS [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [2010-06-27 463408]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1201000.025\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1201000.025\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-02-14 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 SaiK0CEA;SaiK0CEA;c:\windows\system32\DRIVERS\SaiK0CEA.sys [x]
S3 SaiU0CEA;SaiU0CEA;c:\windows\system32\DRIVERS\SaiU0CEA.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 19:25]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 19:25]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}]
2012-02-13 15:44        81024        ----a-w-        c:\program files\AMD\SteadyVideo\SteadyVideo.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2007-12-07 352256]
"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2007-12-07 194560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\program files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
FF - ProfilePath - c:\users\Micha\AppData\Roaming\Mozilla\Firefox\Profiles\b2sfawmt.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-03-27  15:29:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-03-27 13:29
.
Vor Suchlauf: 19 Verzeichnis(se), 424.036.659.200 Bytes frei
Nach Suchlauf: 26 Verzeichnis(se), 423.866.777.600 Bytes frei
.
- - End Of File - - 9056A39C6562277C21FE38C7BC3B2283
--- --- ---

cosinus 27.03.2012 15:34
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Engelchen1 27.03.2012 15:53
Hier wurde was gefunden:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-03-27 16:44:11
-----------------------------
16:44:11.380    OS Version: Windows x64 6.1.7601 Service Pack 1
16:44:11.380    Number of processors: 6 586 0x102
16:44:11.396    ComputerName: MICHA-PC  UserName: Micha
16:44:13.580    Initialize success
16:45:34.441    AVAST engine defs: 12032701
16:45:41.570    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000072
16:45:41.570    Disk 0 Vendor: WDC_WD64 01.0 Size: 610480MB BusType: 11
16:45:41.585    Disk 0 MBR read successfully
16:45:41.585    Disk 0 MBR scan
16:45:41.601    Disk 0 Windows 7 default MBR code
16:45:41.601    Disk 0 Partition 1 00    27 Hidden NTFS WinRE NTFS        13312 MB offset 2048
16:45:41.617    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS      597166 MB offset 27265024
16:45:41.632    Disk 0 scanning C:\Windows\system32\drivers
16:45:48.652    Service scanning
16:46:02.333    Modules scanning
16:46:02.333    Disk 0 trace - called modules:
16:46:02.349    ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
16:46:02.349    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e01790]
16:46:02.365    3 CLASSPNP.SYS[fffff880023be43f] -> nt!IofCallDriver -> [0xfffffa8006e2f540]
16:46:02.365    5 amd_xata.sys[fffff8800110d8f7] -> nt!IofCallDriver -> \Device\00000072[0xfffffa8006e2d7a0]
16:46:04.205    AVAST engine scan C:\Windows
16:46:07.013    AVAST engine scan C:\Windows\system32
16:47:46.682    AVAST engine scan C:\Windows\system32\drivers
16:47:55.168    AVAST engine scan C:\Users\Micha
16:48:32.858    File: C:\Users\Micha\AppData\Local\Temp\_av4_\data\aswar0.dll  **INFECTED** Win32:Malware-gen
16:48:32.952    File: C:\Users\Micha\AppData\Local\Temp\_av4_\data\updldr0.bin  **INFECTED** Win32:Malware-gen
16:49:34.073    AVAST engine scan C:\ProgramData
16:50:33.665    Scan finished successfully
16:51:09.623    Disk 0 MBR has been saved successfully to "C:\Users\Micha\Desktop\MBR.dat"
16:51:09.623    The log file has been saved successfully to "C:\Users\Micha\Desktop\aswMBR.txt"

cosinus 27.03.2012 18:57
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Engelchen1 28.03.2012 10:47
Obwohl da steht "infected"? Naja, du bist der Profi:-)!

Mache wenn ich Feierabend habe die Scans, letztes mal hat sich Malwarebytes beim Vollscan immer aufgehangen, hoffentlich läuft er diesmal durch.

lg

cosinus 28.03.2012 11:49
Zitat:
Obwohl da steht "infected"?
Man muss sich auch mal anschauen was da steht
NUr weil in INFECTED da vorkommt muss man nicht gleich Panik fallen, das ist ein Fehlalarm weil Avast da anscheinend seine eigene Virussignaturen anmeckert :stirn:

Engelchen1 28.03.2012 14:21
Hey!

Malewwarebytes hat sich mal wieder bei ca 40min. aufgehangen... warum passiert das immer? (keine Rückmeldung).

Gibt es irgendeine möglichkeit den Scan zu beenden? irgendwie kann ich nur durch den Powerknopf resetten.

Ich mache erstmal den SASW Scan.

cosinus 28.03.2012 14:29
Ist das auch im abgesicherten Modus so, immer noch?

Engelchen1 28.03.2012 14:46
Im Abgesicherten Modus hatte ich Malwarebytes noch nicht laufen, mache ich dann sobald SuperAntiSpyware fertig ist.

War das F2 um in den Abgesicherten Modus zu kommen?

cosinus 28.03.2012 15:07
nein so geht das




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:19 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131