Laptop infiziert mit "Windows-Verschlüsselungs Trojaner", Trojaner eingesendet

RobinSword · 21.05.2012, 23:20

Hallo liebe Trojaner-Jäger!

Da bei Befall ein neues Thema eröffnet werden soll, mach ich dies hiermit und bitte um Hilfe.

Mein Vater hat am 16.05. eine E-Mail mit Betreff "Rechnung ID 5063206 vom 17.05.2012" erhalten und dummerweise den Anhang "Lieferung.zip" sowie die darin enthaltene exe geöffnet. Der Microsoft Security Essentials hat leider nicht die Ausführung des Trojaners verhindert (vermutlich lag noch keine aktuelle Signatur vor), und nun ist das System infiziert. Die Meldung ist exakt diejenige, die auch aktuell oben im Forum abgebildet wird.

Ich habe euch den Trojaner an hxxp://markusg.trojaner-board.de gesendet mit dem Betreff: "RobinSword, Verschlüsselungs-Trojaner im Anhang".

Der nun gesperrte Laptop liegt mir vor.
Ich bitte nun um Instruktionen, wie ich den Schädling bekämpfen kann.

Das OS ist Windows 7 HP 32-Bit.

Vielen Dank!
RobinSword

cosinus · 22.05.2012, 14:04

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

RobinSword · 22.05.2012, 14:30

Zitat:

Zitat von cosinus

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Ja, funktioniert! Und ich komme sogar via LAN-Kabel ins Internet!

cosinus · 22.05.2012, 14:48

na wenn der Modus geht wirst du erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

RobinSword · 22.05.2012, 14:58

Zitat:

Zitat von cosinus

Außerdem müssen alle Funde entfernt werden.

Heißt das, dass ich vor dem Scan evtl. vorhandene frühere Funde entfernen soll oder dass ich alle durch den jetzt folgenden Scan gefundene Funde entfernen soll?
Letzteres würde bedeuten, dass ich nach der Bereinigung nochmal mit ESET scanne - findet der dann überhaupt noch was?

cosinus · 22.05.2012, 15:29

Zitat:

Heißt das, dass ich vor dem Scan evtl. vorhandene frühere Funde entfernen soll oder dass ich alle durch den jetzt folgenden Scan gefundene Funde entfernen soll?

Was für frühere Funde? Warum postest du nicht die schon vorhandenen Logs?

Zitat:

- findet der dann überhaupt noch was?

Soll das jetzt eine Grundsatzdiskission werden? Wenn MBAM und ESET die gleichen Signaturen verwenden würde wäre es ziemlich sinnfrei mit beiden zu scannen

RobinSword · 22.05.2012, 16:23

Sorry, falls ich falsch rübergekommen bin - wollte dich nicht verärgern. Es gibt keine früheren Funde. War mir nur nicht sicher.

Hier kommen die Logfiles:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.22.02

Windows 7 Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Edgar :: INSPIRON [Administrator]

Schutz: Deaktiviert

22.05.2012 15:52:27
mbam-log-2012-05-22 (15-52-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256692
Laufzeit: 20 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegedit (Hijack.Regedit) -> Daten: 1 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Trojan.Agent.H) -> Bösartig: (C:\Windows\system32\750D0BD55637ABF71BFD.exe) Gut: () -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Windows\System32\750D0BD55637ABF71BFD.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Edgar\AppData\Local\Temp\fpeaojnugv.pre (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Edgar\AppData\Roaming\Ugvrftdl\01E4BD1C5637ABF78574.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6e62b5b8c9ac2e4e92663bd64c5ab0b4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-22 03:15:36
# local_time=2012-05-22 05:15:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 24379515 89329161 0 0
# compatibility_mode=8192 67108863 100 0 154 154 0 0
# scanned=74078
# found=3
# cleaned=0
# scan_time=1786
C:\Users\Edgar\AppData\Local\Temp\8539fa4d-3127.tmp	Win32/Simda.E trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Edgar\AppData\Local\Temp\bfa5e4f8-3127.tmp	Win32/Simda.E trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Edgar\AppData\Local\Temp\Lieferung.zip	a variant of Win32/Injector.RLN trojan (unable to clean)	00000000000000000000000000000000	I

cosinus · 22.05.2012, 19:06

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

RobinSword · 22.05.2012, 21:55

Der normale Modus funktioniert wieder - aber nicht uneingeschränkt.
Das Startmenü sieht gut aus, allerdings sind einige andere Dinge auffällig:
- Eigene Dateien: Alles verschlüsselt (Dokumente, Bilder, Favoriten, etc.)
- Task Manager aufrufen geht nicht (ausgegraut)
- Security Essentials deaktiviert und lässt sich nicht aktivieren

cosinus · 23.05.2012, 09:04

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

RobinSword · 23.05.2012, 19:58

Hier das OTL-Logfile:

Code:

ATTFilter

OTL logfile created on: 23.05.2012 20:33:03 - Run 1
OTL by OldTimer - Version 3.2.43.1     Folder = C:\Users\Edgar\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1022,44 Mb Total Physical Memory | 386,83 Mb Available Physical Memory | 37,83% Memory free
2,00 Gb Paging File | 1,04 Gb Available in Paging File | 52,14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,87 Gb Total Space | 111,77 Gb Free Space | 75,08% Space Free | Partition Type: NTFS
 
Computer Name: INSPIRON | User Name: Edgar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.23 20:30:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Edgar\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.08.14 13:36:45 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 23:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxbvcoms.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.05.04 23:37:23 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.02.29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.09.05 10:14:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.06.01 14:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.04.25 13:18:48 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxbvcoms.exe -- (lxbv_device)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C60B0431-F333-4361-861C-743CE5466E25}\MpKslf84de644.sys -- (MpKslf84de644)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{592413AE-DF26-45C4-81AB-6DA36633974B}\MpKslf5d15e18.sys -- (MpKslf5d15e18)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E2CB1D3-07AB-4D4C-9CC6-ADD6A935080D}\MpKslf5897cb9.sys -- (MpKslf5897cb9)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B82440F4-33D6-4553-B952-52B05B86ED0F}\MpKslf4f459cd.sys -- (MpKslf4f459cd)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C60B0431-F333-4361-861C-743CE5466E25}\MpKslf31bcdb7.sys -- (MpKslf31bcdb7)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6E2CB1D3-07AB-4D4C-9CC6-ADD6A935080D}\MpKsle8f15516.sys -- (MpKsle8f15516)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B346EFA3-0BBD-44F5-8629-CC2728C40DD0}\MpKsle8bf5a09.sys -- (MpKsle8bf5a09)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2DB4B8CB-DDE4-43F4-ABB3-62E715E0FA90}\MpKsle8ae1f90.sys -- (MpKsle8ae1f90)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63C1D59D-857E-489D-9246-AA7998BC33E4}\MpKsle5f78071.sys -- (MpKsle5f78071)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{05855875-9BBA-482E-AABE-B71155D18751}\MpKsle0fb2813.sys -- (MpKsle0fb2813)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B43B8583-AA71-4A5A-9336-008419A6565F}\MpKsld6c6bf3a.sys -- (MpKsld6c6bf3a)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EED8ECA5-FF84-47D0-824E-47D58C17CF54}\MpKsld602adf4.sys -- (MpKsld602adf4)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F376E159-051C-41D9-BBE4-B959351D798E}\MpKslcebb19e6.sys -- (MpKslcebb19e6)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{589EB1FA-3CBD-40B5-B221-65C3A868A250}\MpKslc7f04f45.sys -- (MpKslc7f04f45)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E80ACB54-11B0-4D55-86B9-F190488CE3C4}\MpKslc69b546d.sys -- (MpKslc69b546d)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{34C28E65-79CD-4086-AB37-AFA91605432D}\MpKslb9ef0e3f.sys -- (MpKslb9ef0e3f)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D13D2956-9851-44EB-B0F1-62714512BEFD}\MpKslb93c4f4b.sys -- (MpKslb93c4f4b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC8A1F22-7732-45EA-ADBF-C1592F85E38B}\MpKslae407ed6.sys -- (MpKslae407ed6)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{590579FB-5C56-4B98-9928-E45796330F9C}\MpKslad74d53f.sys -- (MpKslad74d53f)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{28A9E4DB-FDD7-4A3F-8036-4873C880EC5C}\MpKsla981743e.sys -- (MpKsla981743e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{867D5FD8-1B81-40CD-BE34-40992E580CA1}\MpKsla83fffea.sys -- (MpKsla83fffea)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E45D938-8D41-4F81-91E8-D9F26B6F409F}\MpKsla66fe6ed.sys -- (MpKsla66fe6ed)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4FA6F3DA-0D03-4D9A-9F63-C5FED264CD09}\MpKsla39c0462.sys -- (MpKsla39c0462)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A386B715-E9D3-4008-94EF-56572D0AFDEA}\MpKsla0729ebf.sys -- (MpKsla0729ebf)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7C90D3BF-A3D7-4006-A338-69C2C442091D}\MpKsl9cd5cab7.sys -- (MpKsl9cd5cab7)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EB01D4AD-0243-4A4E-A103-89DF0588C707}\MpKsl9be90b0b.sys -- (MpKsl9be90b0b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{224FCBD3-3491-4C76-893C-F5B3CCA33119}\MpKsl91d51284.sys -- (MpKsl91d51284)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9C55AC3B-422B-4E29-B3AD-B6492B894DB3}\MpKsl88ae9423.sys -- (MpKsl88ae9423)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0ED8092-72F9-41D4-9F99-11CE1FC60127}\MpKsl821e5e8b.sys -- (MpKsl821e5e8b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5E45D938-8D41-4F81-91E8-D9F26B6F409F}\MpKsl7ee9d11e.sys -- (MpKsl7ee9d11e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7398CC76-C2C3-481A-9DC8-E1DFA0C06DC5}\MpKsl79210c54.sys -- (MpKsl79210c54)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{63C1D59D-857E-489D-9246-AA7998BC33E4}\MpKsl76c4adb9.sys -- (MpKsl76c4adb9)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B0ED8092-72F9-41D4-9F99-11CE1FC60127}\MpKsl75f0937e.sys -- (MpKsl75f0937e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C2F5D7E4-09FF-498C-AC40-71DE704B9D3B}\MpKsl711fd036.sys -- (MpKsl711fd036)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0A24DCC0-B41A-4869-8D5F-ED2AA14C651E}\MpKsl5f56b1a8.sys -- (MpKsl5f56b1a8)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CA61F44E-B129-43C5-8042-DC4B521ACF43}\MpKsl5f17517b.sys -- (MpKsl5f17517b)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D44FB28F-3EC7-4554-BBFB-652FF946BD83}\MpKsl5bc66e31.sys -- (MpKsl5bc66e31)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{12AC4CEB-9019-4736-8D4E-1965835850C4}\MpKsl5b9dd0c2.sys -- (MpKsl5b9dd0c2)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{293A1373-B121-427E-A236-2E24D2DCC8FD}\MpKsl572775cf.sys -- (MpKsl572775cf)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE58F9A4-D867-42F1-85A3-46813AC6C511}\MpKsl52d0d06d.sys -- (MpKsl52d0d06d)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DFF7E62A-CC8C-40C7-9D98-CD42648787D6}\MpKsl4ce444d2.sys -- (MpKsl4ce444d2)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DE1D3404-E586-493D-9D5E-2B54C7F0DF5F}\MpKsl4a176cf3.sys -- (MpKsl4a176cf3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{625DB139-A954-41AA-B2C7-7500EAD29290}\MpKsl3d5f099d.sys -- (MpKsl3d5f099d)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{EE58F9A4-D867-42F1-85A3-46813AC6C511}\MpKsl22483a6f.sys -- (MpKsl22483a6f)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB59959A-4D4E-4B6D-8F13-55455E533E99}\MpKsl217f1b47.sys -- (MpKsl217f1b47)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8F68F223-0BAE-44C7-89EF-562AA56F257F}\MpKsl1d5e61c3.sys -- (MpKsl1d5e61c3)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1C772D01-49E8-4452-9140-6CE28E618598}\MpKsl1be15072.sys -- (MpKsl1be15072)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4AC23148-3C8A-484C-B93E-D6E5FE87DDF1}\MpKsl12541273.sys -- (MpKsl12541273)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D03CC849-B803-4D71-B41D-217C8027E426}\MpKsl0ca67ad0.sys -- (MpKsl0ca67ad0)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B3036722-0746-4B6B-BB9D-FB08D2B0A3B2}\MpKsl02caf41e.sys -- (MpKsl02caf41e)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BB59959A-4D4E-4B6D-8F13-55455E533E99}\MpKsl015f247f.sys -- (MpKsl015f247f)
DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,046,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007.03.14 22:04:28 | 002,427,392 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2006.11.14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 AD 93 EE 1E 38 CD 01  [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 AD 93 EE 1E 38 CD 01  [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.focus.de/
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 26 ED 0C 6E 5A CC 01  [binary data]
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.05.03 17:18:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2011.08.14 15:38:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Edgar\AppData\Roaming\mozilla\Extensions
[2012.05.03 17:18:13 | 000,564,732 | ---- | M] () (No name found) -- C:\USERS\EDGAR\APPDATA\ROAMING\THUNDERBIRD\PROFILES\A0VIALGP.DEFAULT\EXTENSIONS\TBTESTPILOT@LABS.MOZILLA.COM.XPI
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [5637ABF7] C:\Windows\system32\750D0BD55637ABF71BFD.exe File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [hlpcnwin] "C:\Users\Edgar\AppData\Roaming\hlpcnwin.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [windvhlp] "C:\Users\Edgar\AppData\Roaming\windvhlp.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [wink] "C:\Users\Edgar\AppData\Roaming\wink.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [winvq] "C:\Users\Edgar\AppData\Roaming\winvq.exe" -autorun File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{283C3FD2-1C02-4A3C-919E-689FF8EB2D8A}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B92439FF-BA31-4410-82E5-5A9FBFBE4115}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.23 20:30:23 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Edgar\Desktop\OTL.exe
[2012.05.22 16:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.05.22 16:37:02 | 000,000,000 | ---D | C] -- C:\Temp
[2012.05.22 15:50:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.22 15:50:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.05.22 15:50:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.16 22:55:10 | 000,000,000 | ---D | C] -- C:\Users\Edgar\AppData\Roaming\Ugvrftdl
[2012.05.09 23:29:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.09 23:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.05.02 19:31:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.05.02 19:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.23 20:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.23 20:33:56 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 20:33:56 | 000,022,064 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.23 20:33:53 | 000,645,966 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.05.23 20:33:53 | 000,609,290 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.23 20:33:53 | 000,127,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.05.23 20:33:53 | 000,104,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.23 20:30:51 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Edgar\Desktop\OTL.exe
[2012.05.23 20:26:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.23 20:26:08 | 804,077,568 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.22 15:50:11 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.16 21:11:54 | 000,000,449 | ---- | M] () -- C:\Windows\Lexstat.ini
[2012.05.16 11:40:07 | 000,013,967 | ---- | M] () -- C:\Users\Edgar\Documents\AEqnvgufxUaepqLj
[2012.05.15 23:56:27 | 000,142,676 | ---- | M] () -- C:\Users\Edgar\Documents\dsvOQEyLpladtfguN
[2012.05.12 14:16:08 | 000,302,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh320
[2012.05.09 23:29:33 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.07 21:51:18 | 001,295,482 | ---- | M] () -- C:\Users\Edgar\Documents\xUTspqLjgurxdtel
[2012.05.02 21:01:43 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.05.01 10:48:26 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh325
[2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh324
 
========== Files Created - No Company Name ==========
 
[2012.05.22 15:50:11 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh325
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh324
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh323
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh322
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh321
[2012.05.16 22:55:45 | 000,481,078 | ---- | C] () -- C:\Windows\System32\winsh320
[2012.05.09 23:29:33 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.05.02 21:01:43 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.05.02 21:01:43 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.05.01 10:48:24 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.01.12 17:51:14 | 000,560,404 | ---- | C] () -- C:\Windows\System32\C4dll.dll
[2012.01.12 17:51:14 | 000,000,086 | ---- | C] () -- C:\Windows\mspen.ini
[2011.08.15 20:33:48 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2011.08.14 21:01:31 | 000,000,449 | ---- | C] () -- C:\Windows\Lexstat.ini
[2011.08.14 21:00:51 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxbvserv.dll
[2011.08.14 21:00:51 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\lxbvusb1.dll
[2011.08.14 21:00:51 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxbvpmui.dll
[2011.08.14 21:00:51 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxbvlmpm.dll
[2011.08.14 21:00:51 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxbvutil.dll
[2011.08.14 21:00:51 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxbvinpa.dll
[2011.08.14 21:00:51 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxbviesc.dll
[2011.08.14 21:00:51 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXBVhcp.dll
[2011.08.14 21:00:51 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXBVinst.dll
[2011.08.14 21:00:51 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxbvprox.dll
[2011.08.14 21:00:51 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxbvpplc.dll
[2011.08.14 21:00:50 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxbvhbn3.dll
[2011.08.14 21:00:50 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomc.dll
[2011.08.14 21:00:50 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxbvcoms.exe
[2011.08.14 21:00:50 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxbvcomm.dll
[2011.08.14 21:00:50 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxbvih.exe
[2011.08.14 21:00:50 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxbvcfg.exe
[2011.08.14 13:29:00 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2011.08.14 13:29:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2011.08.14 13:28:59 | 000,143,676 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.07 23:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011.04.12 03:30:05 | 000,645,966 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,127,394 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012.01.27 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Canneverbe Limited
[2011.08.26 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Foxit Software
[2011.08.14 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Thunderbird
[2012.05.22 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Ugvrftdl
[2011.08.14 14:57:45 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Watchtower
[2012.04.11 12:22:05 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.14 14:41:07 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Adobe
[2012.01.27 23:11:05 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Canneverbe Limited
[2011.08.26 22:17:43 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Foxit Software
[2011.08.14 12:28:00 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Identities
[2011.08.14 14:41:07 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Macromedia
[2011.04.12 03:38:49 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Media Center Programs
[2012.01.27 23:12:14 | 000,000,000 | --SD | M] -- C:\Users\Edgar\AppData\Roaming\Microsoft
[2011.08.14 15:38:08 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Mozilla
[2012.05.23 20:27:20 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Skype
[2011.08.14 15:35:13 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Thunderbird
[2012.05.22 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Ugvrftdl
[2012.05.22 22:52:47 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\vlc
[2011.08.14 14:57:45 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Watchtower
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\Edgar\Documents\Vorträge:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Edgar\Documents\Versammlung:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Edgar\Documents\OTC:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Edgar\Documents\Abrechnungen:Roxio EMC Stream

< End of report >

cosinus · 23.05.2012, 21:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [5637ABF7] C:\Windows\system32\750D0BD55637ABF71BFD.exe File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [hlpcnwin] "C:\Users\Edgar\AppData\Roaming\hlpcnwin.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [windvhlp] "C:\Users\Edgar\AppData\Roaming\windvhlp.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [wink] "C:\Users\Edgar\AppData\Roaming\wink.exe" -autorun File not found
O4 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000..\Run: [winvq] "C:\Users\Edgar\AppData\Roaming\winvq.exe" -autorun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:  = 
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 1
O7 - HKU\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O27 - HKLM IFEO\taskmgr.exe: Debugger - P9KDMF.EXE File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2012.05.11 21:50:50 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh323
[2012.05.11 21:50:40 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh322
[2012.05.11 21:50:32 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh321
[2012.05.11 21:50:22 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh320
[2012.04.26 18:38:10 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh325
[2012.04.26 18:37:48 | 000,481,078 | ---- | M] () -- C:\Windows\System32\winsh324
[2012.05.22 16:37:45 | 000,000,000 | ---D | M] -- C:\Users\Edgar\AppData\Roaming\Ugvrftdl
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

RobinSword · 23.05.2012, 22:00

OTL-Fix durchgeführt. Hier das Logfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\5637ABF7 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\hlpcnwin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\windvhlp deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\wink deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\Software\Microsoft\Windows\CurrentVersion\Run\\winvq deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegedit deleted successfully.
Registry value HKEY_USERS\S-1-5-21-531811599-1205080660-4136200008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Windows\System32\winsh323 moved successfully.
C:\Windows\System32\winsh322 moved successfully.
C:\Windows\System32\winsh321 moved successfully.
C:\Windows\System32\winsh320 moved successfully.
C:\Windows\System32\winsh325 moved successfully.
C:\Windows\System32\winsh324 moved successfully.
C:\Users\Edgar\AppData\Roaming\Ugvrftdl folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35062 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Edgar
->Temp folder emptied: 1287680894 bytes
->Temporary Internet Files folder emptied: 556183320 bytes
->Java cache emptied: 244916 bytes
->Flash cache emptied: 82087 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11298298 bytes
RecycleBin emptied: 4383274 bytes

Total Files Cleaned = 1.774,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: Edgar
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.43.1 log created on 05232012_225536

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus · 24.05.2012, 20:16

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

RobinSword · 24.05.2012, 20:56

TDSSKiller: 0 threats found.

Logfile:

Code:

ATTFilter

21:52:25.0206 2204	TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30
21:52:25.0315 2204	============================================================
21:52:25.0315 2204	Current date / time: 2012/05/24 21:52:25.0315
21:52:25.0315 2204	SystemInfo:
21:52:25.0315 2204	
21:52:25.0315 2204	OS Version: 6.1.7601 ServicePack: 1.0
21:52:25.0315 2204	Product type: Workstation
21:52:25.0315 2204	ComputerName: INSPIRON
21:52:25.0315 2204	UserName: Edgar
21:52:25.0315 2204	Windows directory: C:\Windows
21:52:25.0315 2204	System windows directory: C:\Windows
21:52:25.0315 2204	Processor architecture: Intel x86
21:52:25.0315 2204	Number of processors: 2
21:52:25.0315 2204	Page size: 0x1000
21:52:25.0315 2204	Boot type: Normal boot
21:52:25.0315 2204	============================================================
21:52:26.0656 2204	Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:52:26.0656 2204	============================================================
21:52:26.0656 2204	\Device\Harddisk0\DR0:
21:52:26.0672 2204	MBR partitions:
21:52:26.0672 2204	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B800, BlocksNum 0x32000
21:52:26.0672 2204	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x5D800, BlocksNum 0x129BB800
21:52:26.0672 2204	============================================================
21:52:26.0703 2204	C: <-> \Device\Harddisk0\DR0\Partition1
21:52:26.0703 2204	============================================================
21:52:26.0703 2204	Initialize success
21:52:26.0703 2204	============================================================
21:53:29.0478 1396	============================================================
21:53:29.0478 1396	Scan started
21:53:29.0478 1396	Mode: Manual; SigCheck; TDLFS; 
21:53:29.0478 1396	============================================================
21:53:31.0006 1396	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:53:31.0162 1396	1394ohci - ok
21:53:31.0225 1396	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:53:31.0240 1396	ACPI - ok
21:53:31.0272 1396	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:53:31.0365 1396	AcpiPmi - ok
21:53:31.0506 1396	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:53:31.0521 1396	AdobeFlashPlayerUpdateSvc - ok
21:53:31.0568 1396	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
21:53:31.0599 1396	adp94xx - ok
21:53:31.0646 1396	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
21:53:31.0693 1396	adpahci - ok
21:53:31.0724 1396	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
21:53:31.0740 1396	adpu320 - ok
21:53:31.0786 1396	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:53:31.0849 1396	AeLookupSvc - ok
21:53:31.0942 1396	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:53:32.0005 1396	AFD - ok
21:53:32.0020 1396	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:53:32.0036 1396	agp440 - ok
21:53:32.0098 1396	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
21:53:32.0114 1396	aic78xx - ok
21:53:32.0161 1396	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:53:32.0239 1396	ALG - ok
21:53:32.0286 1396	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:53:32.0301 1396	aliide - ok
21:53:32.0317 1396	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:53:32.0332 1396	amdagp - ok
21:53:32.0332 1396	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:53:32.0348 1396	amdide - ok
21:53:32.0379 1396	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
21:53:32.0426 1396	AmdK8 - ok
21:53:32.0442 1396	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
21:53:32.0473 1396	AmdPPM - ok
21:53:32.0535 1396	amdsata         (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys
21:53:32.0551 1396	amdsata - ok
21:53:32.0582 1396	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
21:53:32.0598 1396	amdsbs - ok
21:53:32.0613 1396	amdxata         (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys
21:53:32.0644 1396	amdxata - ok
21:53:32.0676 1396	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:53:32.0738 1396	AppID - ok
21:53:32.0785 1396	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:53:32.0847 1396	AppIDSvc - ok
21:53:32.0894 1396	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:53:32.0956 1396	Appinfo - ok
21:53:32.0988 1396	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
21:53:33.0003 1396	arc - ok
21:53:33.0019 1396	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
21:53:33.0050 1396	arcsas - ok
21:53:33.0081 1396	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:33.0237 1396	AsyncMac - ok
21:53:33.0268 1396	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:53:33.0284 1396	atapi - ok
21:53:33.0362 1396	Ati External Event Utility (c74d9a831b523ef5a66f4f13b2ddea2e) C:\Windows\system32\Ati2evxx.exe
21:53:33.0456 1396	Ati External Event Utility - ok
21:53:33.0690 1396	atikmdag        (184e2b47542badbe5ca606f0fc9a90cc) C:\Windows\system32\DRIVERS\atikmdag.sys
21:53:33.0783 1396	atikmdag - ok
21:53:33.0986 1396	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:53:34.0048 1396	AudioEndpointBuilder - ok
21:53:34.0064 1396	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:53:34.0095 1396	Audiosrv - ok
21:53:34.0173 1396	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:53:34.0282 1396	AxInstSV - ok
21:53:34.0376 1396	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
21:53:34.0454 1396	b06bdrv - ok
21:53:34.0501 1396	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:53:34.0579 1396	b57nd60x - ok
21:53:34.0626 1396	bcm4sbxp        (82dd21bfa8bbe0a3a3833a1bd8e86158) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
21:53:34.0688 1396	bcm4sbxp - ok
21:53:34.0750 1396	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:53:34.0828 1396	BDESVC - ok
21:53:34.0844 1396	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:53:34.0906 1396	Beep - ok
21:53:34.0984 1396	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:53:35.0047 1396	BFE - ok
21:53:35.0140 1396	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:53:35.0203 1396	BITS - ok
21:53:35.0234 1396	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:53:35.0265 1396	blbdrive - ok
21:53:35.0312 1396	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:53:35.0374 1396	bowser - ok
21:53:35.0406 1396	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
21:53:35.0437 1396	BrFiltLo - ok
21:53:35.0452 1396	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
21:53:35.0499 1396	BrFiltUp - ok
21:53:35.0562 1396	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:53:35.0624 1396	Browser - ok
21:53:35.0686 1396	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:53:35.0733 1396	Brserid - ok
21:53:35.0733 1396	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:53:35.0796 1396	BrSerWdm - ok
21:53:35.0811 1396	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:53:35.0842 1396	BrUsbMdm - ok
21:53:35.0842 1396	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:53:35.0874 1396	BrUsbSer - ok
21:53:35.0967 1396	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
21:53:36.0014 1396	BTHMODEM - ok
21:53:36.0061 1396	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:53:36.0123 1396	bthserv - ok
21:53:36.0170 1396	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:53:36.0232 1396	cdfs - ok
21:53:36.0295 1396	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
21:53:36.0326 1396	cdrom - ok
21:53:36.0388 1396	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:53:36.0451 1396	CertPropSvc - ok
21:53:36.0466 1396	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
21:53:36.0529 1396	circlass - ok
21:53:36.0576 1396	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:53:36.0591 1396	CLFS - ok
21:53:36.0700 1396	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:53:36.0716 1396	clr_optimization_v2.0.50727_32 - ok
21:53:36.0732 1396	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:53:36.0778 1396	CmBatt - ok
21:53:36.0810 1396	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:53:36.0825 1396	cmdide - ok
21:53:36.0919 1396	CNG             (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
21:53:36.0966 1396	CNG - ok
21:53:37.0012 1396	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:53:37.0028 1396	Compbatt - ok
21:53:37.0059 1396	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:53:37.0106 1396	CompositeBus - ok
21:53:37.0137 1396	COMSysApp - ok
21:53:37.0153 1396	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
21:53:37.0168 1396	crcdisk - ok
21:53:37.0215 1396	CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll
21:53:37.0278 1396	CryptSvc - ok
21:53:37.0340 1396	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:53:37.0402 1396	DcomLaunch - ok
21:53:37.0449 1396	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:53:37.0527 1396	defragsvc - ok
21:53:37.0590 1396	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:53:37.0636 1396	DfsC - ok
21:53:37.0714 1396	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:53:37.0777 1396	Dhcp - ok
21:53:37.0808 1396	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:53:37.0870 1396	discache - ok
21:53:37.0933 1396	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
21:53:37.0964 1396	Disk - ok
21:53:37.0995 1396	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:53:38.0073 1396	Dnscache - ok
21:53:38.0120 1396	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:53:38.0151 1396	dot3svc - ok
21:53:38.0182 1396	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:53:38.0260 1396	DPS - ok
21:53:38.0323 1396	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:53:38.0370 1396	drmkaud - ok
21:53:38.0463 1396	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:53:38.0510 1396	DXGKrnl - ok
21:53:38.0526 1396	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:53:38.0588 1396	EapHost - ok
21:53:38.0853 1396	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
21:53:38.0962 1396	ebdrv - ok
21:53:39.0134 1396	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:53:39.0196 1396	EFS - ok
21:53:39.0321 1396	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
21:53:39.0337 1396	elxstor - ok
21:53:39.0368 1396	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:53:39.0399 1396	ErrDev - ok
21:53:39.0477 1396	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:53:39.0555 1396	EventSystem - ok
21:53:39.0586 1396	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:53:39.0633 1396	exfat - ok
21:53:39.0664 1396	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:53:39.0727 1396	fastfat - ok
21:53:39.0820 1396	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:53:39.0898 1396	Fax - ok
21:53:39.0914 1396	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
21:53:39.0961 1396	fdc - ok
21:53:39.0992 1396	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:53:40.0054 1396	fdPHost - ok
21:53:40.0086 1396	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:53:40.0117 1396	FDResPub - ok
21:53:40.0148 1396	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:53:40.0164 1396	FileInfo - ok
21:53:40.0195 1396	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:53:40.0226 1396	Filetrace - ok
21:53:40.0242 1396	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
21:53:40.0273 1396	flpydisk - ok
21:53:40.0335 1396	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:53:40.0366 1396	FltMgr - ok
21:53:40.0429 1396	FontCache       (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll
21:53:40.0507 1396	FontCache - ok
21:53:40.0600 1396	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:53:40.0616 1396	FontCache3.0.0.0 - ok
21:53:40.0647 1396	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:53:40.0663 1396	FsDepends - ok
21:53:40.0725 1396	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:40.0741 1396	Fs_Rec - ok
21:53:40.0788 1396	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:53:40.0803 1396	fvevol - ok
21:53:40.0834 1396	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
21:53:40.0850 1396	gagp30kx - ok
21:53:40.0928 1396	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:53:41.0006 1396	gpsvc - ok
21:53:41.0053 1396	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:53:41.0256 1396	hcw85cir - ok
21:53:41.0334 1396	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:53:41.0380 1396	HdAudAddService - ok
21:53:41.0443 1396	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:53:41.0458 1396	HDAudBus - ok
21:53:41.0490 1396	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
21:53:41.0521 1396	HidBatt - ok
21:53:41.0536 1396	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
21:53:41.0568 1396	HidBth - ok
21:53:41.0583 1396	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
21:53:41.0630 1396	HidIr - ok
21:53:41.0677 1396	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:53:41.0739 1396	hidserv - ok
21:53:41.0802 1396	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
21:53:41.0848 1396	HidUsb - ok
21:53:41.0911 1396	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:53:41.0942 1396	hkmsvc - ok
21:53:41.0973 1396	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:53:42.0051 1396	HomeGroupListener - ok
21:53:42.0098 1396	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:53:42.0160 1396	HomeGroupProvider - ok
21:53:42.0207 1396	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:53:42.0223 1396	HpSAMD - ok
21:53:42.0332 1396	HSF_DPV         (e8ec1767ea315a39a0dd8989952ca0e9) C:\Windows\system32\DRIVERS\HSX_DPV.sys
21:53:42.0426 1396	HSF_DPV - ok
21:53:42.0472 1396	HSXHWAZL        (61478fa42ee04562e7f11f4dca87e9c8) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
21:53:42.0504 1396	HSXHWAZL - ok
21:53:42.0566 1396	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:53:42.0613 1396	HTTP - ok
21:53:42.0628 1396	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:53:42.0644 1396	hwpolicy - ok
21:53:42.0706 1396	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
21:53:42.0753 1396	i8042prt - ok
21:53:42.0831 1396	iaStorV         (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys
21:53:42.0847 1396	iaStorV - ok
21:53:43.0003 1396	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:53:43.0050 1396	idsvc - ok
21:53:43.0081 1396	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
21:53:43.0096 1396	iirsp - ok
21:53:43.0174 1396	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:53:43.0252 1396	IKEEXT - ok
21:53:43.0284 1396	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:53:43.0299 1396	intelide - ok
21:53:43.0330 1396	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:43.0346 1396	intelppm - ok
21:53:43.0393 1396	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:53:43.0424 1396	IPBusEnum - ok
21:53:43.0440 1396	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:43.0502 1396	IpFilterDriver - ok
21:53:43.0580 1396	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:53:43.0642 1396	iphlpsvc - ok
21:53:43.0642 1396	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:53:43.0674 1396	IPMIDRV - ok
21:53:43.0674 1396	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:53:43.0720 1396	IPNAT - ok
21:53:43.0767 1396	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:53:43.0814 1396	IRENUM - ok
21:53:43.0845 1396	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:53:43.0861 1396	isapnp - ok
21:53:43.0908 1396	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:53:43.0923 1396	iScsiPrt - ok
21:53:43.0986 1396	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
21:53:44.0001 1396	kbdclass - ok
21:53:44.0032 1396	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:53:44.0079 1396	kbdhid - ok
21:53:44.0110 1396	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:53:44.0126 1396	KeyIso - ok
21:53:44.0142 1396	KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
21:53:44.0157 1396	KSecDD - ok
21:53:44.0188 1396	KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
21:53:44.0204 1396	KSecPkg - ok
21:53:44.0266 1396	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:53:44.0344 1396	KtmRm - ok
21:53:44.0407 1396	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:53:44.0469 1396	LanmanServer - ok
21:53:44.0516 1396	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:53:44.0563 1396	LanmanWorkstation - ok
21:53:44.0610 1396	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:44.0672 1396	lltdio - ok
21:53:44.0719 1396	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:53:44.0766 1396	lltdsvc - ok
21:53:44.0781 1396	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:53:44.0844 1396	lmhosts - ok
21:53:44.0922 1396	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
21:53:44.0937 1396	LSI_FC - ok
21:53:44.0953 1396	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
21:53:44.0968 1396	LSI_SAS - ok
21:53:45.0015 1396	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
21:53:45.0031 1396	LSI_SAS2 - ok
21:53:45.0046 1396	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
21:53:45.0062 1396	LSI_SCSI - ok
21:53:45.0109 1396	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:53:45.0140 1396	luafv - ok
21:53:45.0171 1396	lxbv_device - ok
21:53:45.0249 1396	MBAMProtector   (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
21:53:45.0280 1396	MBAMProtector - ok
21:53:45.0390 1396	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:53:45.0421 1396	MBAMService - ok
21:53:45.0452 1396	mdmxsdk         (e246a32c445056996074a397da56e815) C:\Windows\system32\DRIVERS\mdmxsdk.sys
21:53:45.0483 1396	mdmxsdk - ok
21:53:45.0530 1396	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
21:53:45.0546 1396	megasas - ok
21:53:45.0608 1396	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
21:53:45.0624 1396	MegaSR - ok
21:53:45.0655 1396	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:53:45.0717 1396	MMCSS - ok
21:53:45.0748 1396	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:53:45.0811 1396	Modem - ok
21:53:45.0858 1396	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:53:45.0889 1396	monitor - ok
21:53:45.0936 1396	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
21:53:45.0951 1396	mouclass - ok
21:53:45.0967 1396	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:46.0014 1396	mouhid - ok
21:53:46.0060 1396	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:53:46.0076 1396	mountmgr - ok
21:53:46.0170 1396	MpFilter        (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
21:53:46.0185 1396	MpFilter - ok
21:53:46.0216 1396	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:53:46.0232 1396	mpio - ok
21:53:46.0341 1396	MpKsl015f247f - ok
21:53:46.0372 1396	MpKsl02caf41e - ok
21:53:46.0388 1396	MpKsl0ca67ad0 - ok
21:53:46.0404 1396	MpKsl12541273 - ok
21:53:46.0404 1396	MpKsl1be15072 - ok
21:53:46.0419 1396	MpKsl1d5e61c3 - ok
21:53:46.0419 1396	MpKsl217f1b47 - ok
21:53:46.0435 1396	MpKsl22483a6f - ok
21:53:46.0450 1396	MpKsl3d5f099d - ok
21:53:46.0466 1396	MpKsl4a176cf3 - ok
21:53:46.0497 1396	MpKsl4ce444d2 - ok
21:53:46.0513 1396	MpKsl52d0d06d - ok
21:53:46.0528 1396	MpKsl572775cf - ok
21:53:46.0528 1396	MpKsl5b9dd0c2 - ok
21:53:46.0544 1396	MpKsl5bc66e31 - ok
21:53:46.0544 1396	MpKsl5f17517b - ok
21:53:46.0560 1396	MpKsl5f56b1a8 - ok
21:53:46.0560 1396	MpKsl711fd036 - ok
21:53:46.0575 1396	MpKsl75f0937e - ok
21:53:46.0591 1396	MpKsl76c4adb9 - ok
21:53:46.0606 1396	MpKsl79210c54 - ok
21:53:46.0606 1396	MpKsl7ee9d11e - ok
21:53:46.0622 1396	MpKsl821e5e8b - ok
21:53:46.0622 1396	MpKsl88ae9423 - ok
21:53:46.0638 1396	MpKsl91d51284 - ok
21:53:46.0653 1396	MpKsl9be90b0b - ok
21:53:46.0653 1396	MpKsl9cd5cab7 - ok
21:53:46.0669 1396	MpKsla0729ebf - ok
21:53:46.0700 1396	MpKsla39c0462 - ok
21:53:46.0716 1396	MpKsla66fe6ed - ok
21:53:46.0716 1396	MpKsla83fffea - ok
21:53:46.0731 1396	MpKsla981743e - ok
21:53:46.0731 1396	MpKslad74d53f - ok
21:53:46.0747 1396	MpKslae407ed6 - ok
21:53:46.0747 1396	MpKslb93c4f4b - ok
21:53:46.0762 1396	MpKslb9ef0e3f - ok
21:53:46.0762 1396	MpKslc69b546d - ok
21:53:46.0778 1396	MpKslc7f04f45 - ok
21:53:46.0794 1396	MpKslcebb19e6 - ok
21:53:46.0794 1396	MpKsld602adf4 - ok
21:53:46.0809 1396	MpKsld6c6bf3a - ok
21:53:46.0825 1396	MpKsle0fb2813 - ok
21:53:46.0825 1396	MpKsle5f78071 - ok
21:53:46.0840 1396	MpKsle8ae1f90 - ok
21:53:46.0840 1396	MpKsle8bf5a09 - ok
21:53:46.0856 1396	MpKsle8f15516 - ok
21:53:46.0872 1396	MpKslf31bcdb7 - ok
21:53:46.0872 1396	MpKslf4f459cd - ok
21:53:46.0887 1396	MpKslf5897cb9 - ok
21:53:46.0887 1396	MpKslf5d15e18 - ok
21:53:46.0903 1396	MpKslf84de644 - ok
21:53:46.0934 1396	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:53:46.0965 1396	mpsdrv - ok
21:53:47.0043 1396	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:53:47.0121 1396	MpsSvc - ok
21:53:47.0168 1396	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:53:47.0215 1396	MRxDAV - ok
21:53:47.0262 1396	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:47.0293 1396	mrxsmb - ok
21:53:47.0340 1396	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:47.0386 1396	mrxsmb10 - ok
21:53:47.0418 1396	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:47.0464 1396	mrxsmb20 - ok
21:53:47.0496 1396	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:53:47.0511 1396	msahci - ok
21:53:47.0542 1396	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:53:47.0574 1396	msdsm - ok
21:53:47.0605 1396	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:53:47.0667 1396	MSDTC - ok
21:53:47.0698 1396	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:53:47.0730 1396	Msfs - ok
21:53:47.0745 1396	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:53:47.0792 1396	mshidkmdf - ok
21:53:47.0808 1396	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:53:47.0823 1396	msisadrv - ok
21:53:47.0870 1396	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:53:47.0917 1396	MSiSCSI - ok
21:53:47.0932 1396	msiserver - ok
21:53:47.0964 1396	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:47.0995 1396	MSKSSRV - ok
21:53:48.0088 1396	MsMpSvc         (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:53:48.0104 1396	MsMpSvc - ok
21:53:48.0135 1396	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:48.0198 1396	MSPCLOCK - ok
21:53:48.0229 1396	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:53:48.0276 1396	MSPQM - ok
21:53:48.0322 1396	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:53:48.0338 1396	MsRPC - ok
21:53:48.0354 1396	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
21:53:48.0369 1396	mssmbios - ok
21:53:48.0385 1396	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:53:48.0416 1396	MSTEE - ok
21:53:48.0432 1396	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
21:53:48.0478 1396	MTConfig - ok
21:53:48.0525 1396	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:53:48.0541 1396	Mup - ok
21:53:48.0603 1396	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:53:48.0650 1396	napagent - ok
21:53:48.0712 1396	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:48.0775 1396	NativeWifiP - ok
21:53:48.0853 1396	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:53:48.0884 1396	NDIS - ok
21:53:48.0915 1396	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:53:48.0978 1396	NdisCap - ok
21:53:49.0024 1396	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:49.0087 1396	NdisTapi - ok
21:53:49.0118 1396	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:49.0149 1396	Ndisuio - ok
21:53:49.0165 1396	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:49.0227 1396	NdisWan - ok
21:53:49.0258 1396	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:53:49.0290 1396	NDProxy - ok
21:53:49.0321 1396	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:53:49.0383 1396	NetBIOS - ok
21:53:49.0430 1396	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:53:49.0492 1396	NetBT - ok
21:53:49.0524 1396	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:53:49.0539 1396	Netlogon - ok
21:53:49.0617 1396	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:53:49.0648 1396	Netman - ok
21:53:49.0695 1396	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:53:49.0773 1396	netprofm - ok
21:53:49.0883 1396	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:53:49.0898 1396	NetTcpPortSharing - ok
21:53:50.0226 1396	netw5v32        (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
21:53:50.0397 1396	netw5v32 - ok
21:53:50.0600 1396	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
21:53:50.0616 1396	nfrd960 - ok
21:53:50.0647 1396	NisDrv          (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:53:50.0663 1396	NisDrv - ok
21:53:50.0772 1396	NisSrv          (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:53:50.0803 1396	NisSrv - ok
21:53:50.0850 1396	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:53:50.0912 1396	NlaSvc - ok
21:53:50.0975 1396	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:53:51.0021 1396	Npfs - ok
21:53:51.0053 1396	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:53:51.0131 1396	nsi - ok
21:53:51.0177 1396	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:53:51.0209 1396	nsiproxy - ok
21:53:51.0318 1396	Ntfs            (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys
21:53:51.0365 1396	Ntfs - ok
21:53:51.0443 1396	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:53:51.0521 1396	Null - ok
21:53:51.0645 1396	nvraid          (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys
21:53:51.0677 1396	nvraid - ok
21:53:51.0708 1396	nvstor          (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys
21:53:51.0723 1396	nvstor - ok
21:53:51.0739 1396	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:53:51.0770 1396	nv_agp - ok
21:53:51.0911 1396	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:53:51.0942 1396	odserv - ok
21:53:51.0957 1396	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:53:52.0004 1396	ohci1394 - ok
21:53:52.0082 1396	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:53:52.0098 1396	ose - ok
21:53:52.0160 1396	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:53:52.0238 1396	p2pimsvc - ok
21:53:52.0285 1396	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:53:52.0316 1396	p2psvc - ok
21:53:52.0332 1396	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
21:53:52.0347 1396	Parport - ok
21:53:52.0410 1396	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:53:52.0425 1396	partmgr - ok
21:53:52.0457 1396	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
21:53:52.0472 1396	Parvdm - ok
21:53:52.0488 1396	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:53:52.0519 1396	PcaSvc - ok
21:53:52.0550 1396	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:53:52.0566 1396	pci - ok
21:53:52.0581 1396	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:53:52.0597 1396	pciide - ok
21:53:52.0628 1396	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
21:53:52.0659 1396	pcmcia - ok
21:53:52.0675 1396	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:53:52.0691 1396	pcw - ok
21:53:52.0753 1396	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:53:52.0815 1396	PEAUTH - ok
21:53:52.0987 1396	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:53:53.0081 1396	pla - ok
21:53:53.0252 1396	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:53:53.0330 1396	PlugPlay - ok
21:53:53.0361 1396	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:53:53.0408 1396	PNRPAutoReg - ok
21:53:53.0455 1396	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:53:53.0471 1396	PNRPsvc - ok
21:53:53.0533 1396	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:53:53.0595 1396	PolicyAgent - ok
21:53:53.0658 1396	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:53:53.0736 1396	Power - ok
21:53:53.0829 1396	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:53.0892 1396	PptpMiniport - ok
21:53:53.0939 1396	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
21:53:53.0985 1396	Processor - ok
21:53:54.0048 1396	ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll
21:53:54.0095 1396	ProfSvc - ok
21:53:54.0141 1396	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:53:54.0157 1396	ProtectedStorage - ok
21:53:54.0188 1396	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:53:54.0251 1396	Psched - ok
21:53:54.0375 1396	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
21:53:54.0422 1396	ql2300 - ok
21:53:54.0578 1396	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
21:53:54.0594 1396	ql40xx - ok
21:53:54.0641 1396	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:53:54.0687 1396	QWAVE - ok
21:53:54.0719 1396	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:53:54.0750 1396	QWAVEdrv - ok
21:53:54.0765 1396	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:54.0812 1396	RasAcd - ok
21:53:54.0875 1396	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:53:54.0937 1396	RasAgileVpn - ok
21:53:54.0968 1396	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:53:55.0046 1396	RasAuto - ok
21:53:55.0077 1396	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:55.0140 1396	Rasl2tp - ok
21:53:55.0218 1396	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:53:55.0280 1396	RasMan - ok
21:53:55.0327 1396	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:55.0374 1396	RasPppoe - ok
21:53:55.0405 1396	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:55.0467 1396	RasSstp - ok
21:53:55.0514 1396	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:55.0577 1396	rdbss - ok
21:53:55.0608 1396	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
21:53:55.0623 1396	rdpbus - ok
21:53:55.0639 1396	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:55.0701 1396	RDPCDD - ok
21:53:55.0748 1396	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:53:55.0811 1396	RDPENCDD - ok
21:53:55.0811 1396	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:53:55.0857 1396	RDPREFMP - ok
21:53:55.0920 1396	RDPWD           (244c83332f44589ae98fc347f11b2693) C:\Windows\system32\drivers\RDPWD.sys
21:53:55.0967 1396	RDPWD - ok
21:53:56.0013 1396	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:53:56.0045 1396	rdyboost - ok
21:53:56.0076 1396	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:53:56.0107 1396	RemoteAccess - ok
21:53:56.0138 1396	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:53:56.0201 1396	RemoteRegistry - ok
21:53:56.0263 1396	rismxdp         (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys
21:53:56.0310 1396	rismxdp - ok
21:53:56.0341 1396	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:53:56.0419 1396	RpcEptMapper - ok
21:53:56.0450 1396	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:53:56.0497 1396	RpcLocator - ok
21:53:56.0544 1396	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:53:56.0591 1396	RpcSs - ok
21:53:56.0637 1396	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:56.0700 1396	rspndr - ok
21:53:56.0778 1396	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:53:56.0809 1396	SamSs - ok
21:53:56.0840 1396	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:53:56.0856 1396	sbp2port - ok
21:53:56.0903 1396	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:53:56.0965 1396	SCardSvr - ok
21:53:56.0981 1396	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:53:57.0043 1396	scfilter - ok
21:53:57.0121 1396	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:53:57.0199 1396	Schedule - ok
21:53:57.0261 1396	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:53:57.0293 1396	SCPolicySvc - ok
21:53:57.0324 1396	sdbus           (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\DRIVERS\sdbus.sys
21:53:57.0371 1396	sdbus - ok
21:53:57.0402 1396	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:53:57.0480 1396	SDRSVC - ok
21:53:57.0511 1396	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:53:57.0558 1396	secdrv - ok
21:53:57.0573 1396	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:53:57.0636 1396	seclogon - ok
21:53:57.0683 1396	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:53:57.0745 1396	SENS - ok
21:53:57.0776 1396	SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:53:57.0854 1396	SensrSvc - ok
21:53:57.0870 1396	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
21:53:57.0885 1396	Serenum - ok
21:53:57.0917 1396	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
21:53:57.0979 1396	Serial - ok
21:53:57.0979 1396	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
21:53:57.0995 1396	sermouse - ok
21:53:58.0041 1396	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:53:58.0104 1396	SessionEnv - ok
21:53:58.0135 1396	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
21:53:58.0182 1396	sffdisk - ok
21:53:58.0197 1396	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:53:58.0213 1396	sffp_mmc - ok
21:53:58.0244 1396	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:53:58.0291 1396	sffp_sd - ok
21:53:58.0307 1396	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
21:53:58.0338 1396	sfloppy - ok
21:53:58.0400 1396	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:53:58.0463 1396	SharedAccess - ok
21:53:58.0541 1396	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:53:58.0603 1396	ShellHWDetection - ok
21:53:58.0619 1396	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:53:58.0634 1396	sisagp - ok
21:53:58.0665 1396	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
21:53:58.0681 1396	SiSRaid2 - ok
21:53:58.0712 1396	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
21:53:58.0728 1396	SiSRaid4 - ok
21:53:58.0868 1396	SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe
21:53:58.0884 1396	SkypeUpdate - ok
21:53:58.0915 1396	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:53:58.0993 1396	Smb - ok
21:53:59.0040 1396	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:53:59.0055 1396	SNMPTRAP - ok
21:53:59.0071 1396	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:53:59.0087 1396	spldr - ok
21:53:59.0118 1396	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:53:59.0165 1396	Spooler - ok
21:53:59.0414 1396	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:53:59.0523 1396	sppsvc - ok
21:53:59.0648 1396	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:53:59.0711 1396	sppuinotify - ok
21:53:59.0804 1396	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:53:59.0882 1396	srv - ok
21:53:59.0913 1396	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:53:59.0976 1396	srv2 - ok
21:54:00.0054 1396	SrvHsfHDA       (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
21:54:00.0085 1396	SrvHsfHDA - ok
21:54:00.0194 1396	SrvHsfV92       (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
21:54:00.0257 1396	SrvHsfV92 - ok
21:54:00.0335 1396	SrvHsfWinac     (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
21:54:00.0366 1396	SrvHsfWinac - ok
21:54:00.0428 1396	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:54:00.0475 1396	srvnet - ok
21:54:00.0522 1396	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:54:00.0569 1396	SSDPSRV - ok
21:54:00.0584 1396	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:54:00.0647 1396	SstpSvc - ok
21:54:00.0693 1396	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
21:54:00.0709 1396	stexstor - ok
21:54:00.0787 1396	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:54:00.0849 1396	StiSvc - ok
21:54:00.0881 1396	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
21:54:00.0896 1396	swenum - ok
21:54:00.0927 1396	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:54:01.0005 1396	swprv - ok
21:54:01.0099 1396	SynTP           (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
21:54:01.0115 1396	SynTP - ok
21:54:01.0208 1396	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:54:01.0255 1396	SysMain - ok
21:54:01.0286 1396	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:54:01.0349 1396	TabletInputService - ok
21:54:01.0395 1396	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:54:01.0458 1396	TapiSrv - ok
21:54:01.0505 1396	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:54:01.0567 1396	TBS - ok
21:54:01.0754 1396	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:54:01.0817 1396	Tcpip - ok
21:54:01.0879 1396	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:54:01.0910 1396	TCPIP6 - ok
21:54:02.0035 1396	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:54:02.0097 1396	tcpipreg - ok
21:54:02.0129 1396	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:54:02.0144 1396	TDPIPE - ok
21:54:02.0175 1396	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:54:02.0207 1396	TDTCP - ok
21:54:02.0238 1396	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:54:02.0269 1396	tdx - ok
21:54:02.0565 1396	TeamViewer6     (8a9828975a857e477efef5a61ba45ac0) C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
21:54:02.0643 1396	TeamViewer6 - ok
21:54:02.0924 1396	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
21:54:03.0018 1396	TeamViewer7 - ok
21:54:03.0189 1396	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
21:54:03.0205 1396	TermDD - ok
21:54:03.0299 1396	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:54:03.0345 1396	TermService - ok
21:54:03.0377 1396	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:54:03.0423 1396	Themes - ok
21:54:03.0470 1396	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:54:03.0501 1396	THREADORDER - ok
21:54:03.0533 1396	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:54:03.0611 1396	TrkWks - ok
21:54:03.0689 1396	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:54:03.0751 1396	TrustedInstaller - ok
21:54:03.0782 1396	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:54:03.0845 1396	tssecsrv - ok
21:54:03.0876 1396	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:54:03.0938 1396	TsUsbFlt - ok
21:54:03.0969 1396	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
21:54:03.0985 1396	TsUsbGD - ok
21:54:04.0032 1396	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:54:04.0063 1396	tunnel - ok
21:54:04.0079 1396	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
21:54:04.0094 1396	uagp35 - ok
21:54:04.0125 1396	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:54:04.0188 1396	udfs - ok
21:54:04.0235 1396	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:54:04.0281 1396	UI0Detect - ok
21:54:04.0328 1396	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:54:04.0344 1396	uliagpkx - ok
21:54:04.0375 1396	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:54:04.0406 1396	umbus - ok
21:54:04.0422 1396	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
21:54:04.0437 1396	UmPass - ok
21:54:04.0500 1396	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:54:04.0562 1396	upnphost - ok
21:54:04.0609 1396	usbccgp         (7e72e7d7e0757d59481d530fd2b0bfae) C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:04.0640 1396	usbccgp - ok
21:54:04.0656 1396	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:54:04.0687 1396	usbcir - ok
21:54:04.0718 1396	usbehci         (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\DRIVERS\usbehci.sys
21:54:04.0765 1396	usbehci - ok
21:54:04.0827 1396	usbhub          (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\DRIVERS\usbhub.sys
21:54:04.0859 1396	usbhub - ok
21:54:04.0874 1396	usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys
21:54:04.0921 1396	usbohci - ok
21:54:04.0952 1396	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:04.0999 1396	usbprint - ok
21:54:05.0077 1396	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:54:05.0093 1396	usbscan - ok
21:54:05.0108 1396	USBSTOR         (bf63ebfc6979fefb2bc03df7989a0c1a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:05.0139 1396	USBSTOR - ok
21:54:05.0155 1396	usbuhci         (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:05.0202 1396	usbuhci - ok
21:54:05.0233 1396	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:54:05.0295 1396	UxSms - ok
21:54:05.0327 1396	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:54:05.0373 1396	VaultSvc - ok
21:54:05.0405 1396	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:54:05.0420 1396	vdrvroot - ok
21:54:05.0467 1396	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:54:05.0545 1396	vds - ok
21:54:05.0592 1396	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:05.0639 1396	vga - ok
21:54:05.0670 1396	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:54:05.0701 1396	VgaSave - ok
21:54:05.0717 1396	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:54:05.0732 1396	vhdmp - ok
21:54:05.0779 1396	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:54:05.0795 1396	viaagp - ok
21:54:05.0795 1396	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
21:54:05.0841 1396	ViaC7 - ok
21:54:05.0873 1396	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:54:05.0888 1396	viaide - ok
21:54:05.0904 1396	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:54:05.0919 1396	volmgr - ok
21:54:05.0966 1396	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:54:05.0982 1396	volmgrx - ok
21:54:06.0013 1396	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:54:06.0029 1396	volsnap - ok
21:54:06.0075 1396	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
21:54:06.0091 1396	vsmraid - ok
21:54:06.0200 1396	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:54:06.0278 1396	VSS - ok
21:54:06.0309 1396	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
21:54:06.0356 1396	vwifibus - ok
21:54:06.0403 1396	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:54:06.0465 1396	W32Time - ok
21:54:06.0528 1396	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
21:54:06.0575 1396	WacomPen - ok
21:54:06.0668 1396	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:06.0731 1396	WANARP - ok
21:54:06.0731 1396	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:06.0762 1396	Wanarpv6 - ok
21:54:06.0965 1396	WatAdminSvc     (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
21:54:07.0011 1396	WatAdminSvc - ok
21:54:07.0214 1396	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:54:07.0277 1396	wbengine - ok
21:54:07.0323 1396	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:54:07.0370 1396	WbioSrvc - ok
21:54:07.0417 1396	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:54:07.0448 1396	wcncsvc - ok
21:54:07.0479 1396	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:54:07.0542 1396	WcsPlugInService - ok
21:54:07.0604 1396	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
21:54:07.0620 1396	Wd - ok
21:54:07.0713 1396	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:54:07.0729 1396	Wdf01000 - ok
21:54:07.0760 1396	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:54:07.0901 1396	WdiServiceHost - ok
21:54:07.0901 1396	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:54:07.0932 1396	WdiSystemHost - ok
21:54:07.0994 1396	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:54:08.0041 1396	WebClient - ok
21:54:08.0088 1396	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:54:08.0135 1396	Wecsvc - ok
21:54:08.0150 1396	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:54:08.0213 1396	wercplsupport - ok
21:54:08.0244 1396	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:54:08.0275 1396	WerSvc - ok
21:54:08.0306 1396	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:08.0337 1396	WfpLwf - ok
21:54:08.0353 1396	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:54:08.0369 1396	WIMMount - ok
21:54:08.0462 1396	winachsf        (ba6b6fb242a6ba4068c8b763063beb63) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
21:54:08.0525 1396	winachsf - ok
21:54:08.0665 1396	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:54:08.0727 1396	WinDefend - ok
21:54:08.0743 1396	WinHttpAutoProxySvc - ok
21:54:08.0930 1396	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:54:08.0977 1396	Winmgmt - ok
21:54:09.0102 1396	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:54:09.0195 1396	WinRM - ok
21:54:09.0289 1396	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:54:09.0367 1396	Wlansvc - ok
21:54:09.0445 1396	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:54:09.0461 1396	WmiAcpi - ok
21:54:09.0507 1396	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:54:09.0570 1396	wmiApSrv - ok
21:54:09.0773 1396	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:54:09.0866 1396	WMPNetworkSvc - ok
21:54:09.0913 1396	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:54:09.0975 1396	WPCSvc - ok
21:54:09.0991 1396	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:54:10.0085 1396	WPDBusEnum - ok
21:54:10.0131 1396	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:10.0194 1396	ws2ifsl - ok
21:54:10.0225 1396	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:54:10.0241 1396	wscsvc - ok
21:54:10.0256 1396	WSearch - ok
21:54:10.0428 1396	wuauserv        (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
21:54:10.0490 1396	wuauserv - ok
21:54:10.0631 1396	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:54:10.0709 1396	WudfPf - ok
21:54:10.0755 1396	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:10.0833 1396	WUDFRd - ok
21:54:10.0880 1396	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:54:10.0911 1396	wudfsvc - ok
21:54:10.0958 1396	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:54:11.0005 1396	WwanSvc - ok
21:54:11.0067 1396	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:54:11.0535 1396	\Device\Harddisk0\DR0 - ok
21:54:11.0582 1396	Boot (0x1200)   (7737d3d589eb96854696b4622dce595a) \Device\Harddisk0\DR0\Partition0
21:54:11.0582 1396	\Device\Harddisk0\DR0\Partition0 - ok
21:54:11.0598 1396	Boot (0x1200)   (c5cce80547e592d774ab4df00dbdd9a7) \Device\Harddisk0\DR0\Partition1
21:54:11.0613 1396	\Device\Harddisk0\DR0\Partition1 - ok
21:54:11.0613 1396	============================================================
21:54:11.0613 1396	Scan finished
21:54:11.0613 1396	============================================================
21:54:11.0660 4012	Detected object count: 0
21:54:11.0676 4012	Actual detected object count: 0

22.05.2012, 14:04	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Laptop infiziert mit "Windows-Verschlüsselungs Trojaner", Trojaner eingesendet Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung? Abgesicherter Modus zur Bereinigung Windows mit F8-Taste beim Start in den abgesicherten Modus bringen. Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern: __________________ __________________

22.05.2012, 19:06	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Laptop infiziert mit "Windows-Verschlüsselungs Trojaner", Trojaner eingesendet Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus wieder uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Laptop infiziert mit "Windows-Verschlüsselungs Trojaner", Trojaner eingesendet

Plagegeister aller Art und deren Bekämpfung: Laptop infiziert mit "Windows-Verschlüsselungs Trojaner", Trojaner eingesendet