GVU-Trojaner mit Cam und 100€

cosinus · 11.07.2012, 14:05

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache
E:\Exploits
C:\Program Files (x86)\BabylonToolbar
C:\ProgramData\l_u0_0.pad
C:\Windows\SysNative\drivers\lvuvc.hs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

booth · 11.07.2012, 14:17

und nochmal ein Log

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3963999717-2235169476-1634751954-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
E:\Exploits folder moved successfully.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Windows\SysNative\drivers\lvuvc.hs moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: x
->Temp folder emptied: 41065723 bytes
->Temporary Internet Files folder emptied: 760307209 bytes
->FireFox cache emptied: 135561126 bytes
->Flash cache emptied: 37606 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 388464120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.264,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: x
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07112012_150957

Files\Folders moved on Reboot...
C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2009.10.07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
[2009.10.07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus · 11.07.2012, 14:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

booth · 11.07.2012, 14:52

hab ich ausgeführt, TDSS Killer hat auch nichts bemängelt.

Code:

ATTFilter

15:49:27.0462 0640	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
15:49:27.0573 0640	============================================================
15:49:27.0573 0640	Current date / time: 2012/07/11 15:49:27.0573
15:49:27.0573 0640	SystemInfo:
15:49:27.0573 0640	
15:49:27.0573 0640	OS Version: 6.1.7601 ServicePack: 1.0
15:49:27.0573 0640	Product type: Workstation
15:49:27.0573 0640	ComputerName: MARTIN-PC
15:49:27.0574 0640	UserName: Martin
15:49:27.0574 0640	Windows directory: C:\Windows
15:49:27.0574 0640	System windows directory: C:\Windows
15:49:27.0574 0640	Running under WOW64
15:49:27.0574 0640	Processor architecture: Intel x64
15:49:27.0574 0640	Number of processors: 2
15:49:27.0574 0640	Page size: 0x1000
15:49:27.0574 0640	Boot type: Normal boot
15:49:27.0574 0640	============================================================
15:49:28.0242 0640	Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:28.0246 0640	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:28.0249 0640	============================================================
15:49:28.0249 0640	\Device\Harddisk1\DR1:
15:49:28.0250 0640	MBR partitions:
15:49:28.0250 0640	\Device\Harddisk0\DR0:
15:49:28.0250 0640	MBR partitions:
15:49:28.0250 0640	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
15:49:28.0263 0640	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0xA7F6A8D
15:49:28.0275 0640	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF422FBE, BlocksNum 0xDD9D702
15:49:28.0275 0640	============================================================
15:49:28.0300 0640	C: <-> \Device\Harddisk0\DR0\Partition0
15:49:28.0344 0640	E: <-> \Device\Harddisk0\DR0\Partition1
15:49:28.0367 0640	F: <-> \Device\Harddisk0\DR0\Partition2
15:49:28.0367 0640	============================================================
15:49:28.0367 0640	Initialize success
15:49:28.0367 0640	============================================================
15:49:57.0632 4972	============================================================
15:49:57.0632 4972	Scan started
15:49:57.0632 4972	Mode: Manual; SigCheck; TDLFS; 
15:49:57.0632 4972	============================================================
15:49:57.0896 4972	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:49:57.0975 4972	1394ohci - ok
15:49:58.0031 4972	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:49:58.0048 4972	ACPI - ok
15:49:58.0093 4972	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:49:58.0151 4972	AcpiPmi - ok
15:49:58.0270 4972	AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:58.0279 4972	AdobeARMservice - ok
15:49:58.0334 4972	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:49:58.0354 4972	adp94xx - ok
15:49:58.0369 4972	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:49:58.0382 4972	adpahci - ok
15:49:58.0401 4972	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:49:58.0412 4972	adpu320 - ok
15:49:58.0436 4972	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:49:58.0558 4972	AeLookupSvc - ok
15:49:58.0613 4972	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:49:58.0669 4972	AFD - ok
15:49:58.0709 4972	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:49:58.0721 4972	agp440 - ok
15:49:58.0737 4972	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:49:58.0789 4972	ALG - ok
15:49:58.0808 4972	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:49:58.0819 4972	aliide - ok
15:49:58.0823 4972	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:49:58.0834 4972	amdide - ok
15:49:58.0880 4972	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:49:58.0923 4972	AmdK8 - ok
15:49:58.0930 4972	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:49:58.0951 4972	AmdPPM - ok
15:49:58.0968 4972	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:49:58.0980 4972	amdsata - ok
15:49:59.0001 4972	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:49:59.0015 4972	amdsbs - ok
15:49:59.0025 4972	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:49:59.0033 4972	amdxata - ok
15:49:59.0059 4972	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:49:59.0107 4972	androidusb - ok
15:49:59.0166 4972	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:49:59.0288 4972	AppID - ok
15:49:59.0317 4972	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:49:59.0359 4972	AppIDSvc - ok
15:49:59.0405 4972	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:49:59.0448 4972	Appinfo - ok
15:49:59.0497 4972	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:49:59.0537 4972	AppMgmt - ok
15:49:59.0568 4972	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:49:59.0580 4972	arc - ok
15:49:59.0592 4972	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:49:59.0604 4972	arcsas - ok
15:49:59.0623 4972	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:59.0677 4972	AsyncMac - ok
15:49:59.0710 4972	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:49:59.0718 4972	atapi - ok
15:49:59.0752 4972	AtcL001         (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
15:49:59.0790 4972	AtcL001 - ok
15:49:59.0848 4972	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:59.0899 4972	AudioEndpointBuilder - ok
15:49:59.0906 4972	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:59.0938 4972	AudioSrv - ok
15:49:59.0982 4972	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:50:00.0039 4972	AxInstSV - ok
15:50:00.0088 4972	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:00.0138 4972	b06bdrv - ok
15:50:00.0173 4972	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:00.0217 4972	b57nd60a - ok
15:50:00.0257 4972	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:50:00.0278 4972	BDESVC - ok
15:50:00.0286 4972	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:50:00.0332 4972	Beep - ok
15:50:00.0430 4972	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:50:00.0472 4972	BFE - ok
15:50:00.0554 4972	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:50:00.0618 4972	BITS - ok
15:50:00.0673 4972	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:00.0701 4972	blbdrive - ok
15:50:00.0746 4972	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:50:00.0792 4972	bowser - ok
15:50:00.0823 4972	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:00.0881 4972	BrFiltLo - ok
15:50:00.0884 4972	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:00.0900 4972	BrFiltUp - ok
15:50:00.0937 4972	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:50:00.0996 4972	Browser - ok
15:50:01.0031 4972	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:50:01.0085 4972	Brserid - ok
15:50:01.0090 4972	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:01.0120 4972	BrSerWdm - ok
15:50:01.0124 4972	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:01.0141 4972	BrUsbMdm - ok
15:50:01.0144 4972	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:01.0160 4972	BrUsbSer - ok
15:50:01.0165 4972	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:01.0185 4972	BTHMODEM - ok
15:50:01.0220 4972	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:50:01.0262 4972	bthserv - ok
15:50:01.0278 4972	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:50:01.0307 4972	cdfs - ok
15:50:01.0356 4972	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:50:01.0379 4972	cdrom - ok
15:50:01.0430 4972	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:01.0473 4972	CertPropSvc - ok
15:50:01.0519 4972	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:50:01.0567 4972	circlass - ok
15:50:01.0651 4972	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:50:01.0667 4972	CLFS - ok
15:50:01.0733 4972	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:01.0743 4972	clr_optimization_v2.0.50727_32 - ok
15:50:01.0787 4972	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:01.0796 4972	clr_optimization_v2.0.50727_64 - ok
15:50:01.0871 4972	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:01.0880 4972	clr_optimization_v4.0.30319_32 - ok
15:50:01.0911 4972	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:01.0921 4972	clr_optimization_v4.0.30319_64 - ok
15:50:01.0959 4972	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:01.0972 4972	CmBatt - ok
15:50:01.0993 4972	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:50:02.0003 4972	cmdide - ok
15:50:02.0038 4972	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:50:02.0064 4972	CNG - ok
15:50:02.0081 4972	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:50:02.0092 4972	Compbatt - ok
15:50:02.0130 4972	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:50:02.0160 4972	CompositeBus - ok
15:50:02.0171 4972	COMSysApp - ok
15:50:02.0214 4972	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:02.0225 4972	crcdisk - ok
15:50:02.0276 4972	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:50:02.0325 4972	CryptSvc - ok
15:50:02.0365 4972	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:50:02.0406 4972	CSC - ok
15:50:02.0444 4972	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:50:02.0475 4972	CscService - ok
15:50:02.0547 4972	ctxusbm         (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:50:02.0555 4972	ctxusbm - ok
15:50:02.0579 4972	CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
15:50:02.0586 4972	CVirtA - ok
15:50:02.0671 4972	CVPND           (66257cb4e4fb69887cddc71663741435) E:\cvpnd.exe
15:50:02.0708 4972	CVPND - ok
15:50:02.0759 4972	CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
15:50:02.0770 4972	CVPNDRVA - ok
15:50:02.0831 4972	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:02.0891 4972	DcomLaunch - ok
15:50:02.0926 4972	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:50:02.0962 4972	defragsvc - ok
15:50:03.0006 4972	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:50:03.0050 4972	DfsC - ok
15:50:03.0063 4972	dgderdrv - ok
15:50:03.0070 4972	DgiVecp - ok
15:50:03.0112 4972	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:50:03.0162 4972	Dhcp - ok
15:50:03.0183 4972	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:50:03.0231 4972	discache - ok
15:50:03.0257 4972	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:50:03.0265 4972	Disk - ok
15:50:03.0297 4972	DNE             (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
15:50:03.0304 4972	DNE - ok
15:50:03.0340 4972	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:50:03.0389 4972	Dnscache - ok
15:50:03.0422 4972	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:50:03.0471 4972	dot3svc - ok
15:50:03.0505 4972	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:50:03.0543 4972	DPS - ok
15:50:03.0587 4972	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:50:03.0603 4972	drmkaud - ok
15:50:03.0676 4972	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:03.0700 4972	DXGKrnl - ok
15:50:03.0737 4972	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:50:03.0788 4972	EapHost - ok
15:50:03.0935 4972	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:50:04.0005 4972	ebdrv - ok
15:50:04.0095 4972	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:50:04.0137 4972	EFS - ok
15:50:04.0212 4972	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:50:04.0258 4972	ehRecvr - ok
15:50:04.0281 4972	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:50:04.0321 4972	ehSched - ok
15:50:04.0377 4972	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:50:04.0399 4972	elxstor - ok
15:50:04.0430 4972	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:50:04.0457 4972	ErrDev - ok
15:50:04.0506 4972	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:50:04.0560 4972	EventSystem - ok
15:50:04.0590 4972	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:50:04.0629 4972	exfat - ok
15:50:04.0653 4972	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:50:04.0697 4972	fastfat - ok
15:50:04.0757 4972	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:50:04.0801 4972	Fax - ok
15:50:04.0814 4972	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:50:04.0824 4972	fdc - ok
15:50:04.0840 4972	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:50:04.0880 4972	fdPHost - ok
15:50:04.0892 4972	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:50:04.0932 4972	FDResPub - ok
15:50:04.0950 4972	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:50:04.0958 4972	FileInfo - ok
15:50:04.0978 4972	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:50:05.0024 4972	Filetrace - ok
15:50:05.0082 4972	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:05.0095 4972	flpydisk - ok
15:50:05.0139 4972	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:50:05.0155 4972	FltMgr - ok
15:50:05.0228 4972	FontCache       (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:50:05.0292 4972	FontCache - ok
15:50:05.0356 4972	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:05.0365 4972	FontCache3.0.0.0 - ok
15:50:05.0400 4972	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:50:05.0411 4972	FsDepends - ok
15:50:05.0423 4972	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:05.0433 4972	Fs_Rec - ok
15:50:05.0486 4972	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:50:05.0504 4972	fvevol - ok
15:50:05.0526 4972	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:05.0534 4972	gagp30kx - ok
15:50:05.0587 4972	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:50:05.0636 4972	gpsvc - ok
15:50:05.0652 4972	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:50:05.0690 4972	hcw85cir - ok
15:50:05.0747 4972	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:50:05.0767 4972	HdAudAddService - ok
15:50:05.0816 4972	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:50:05.0841 4972	HDAudBus - ok
15:50:05.0845 4972	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:05.0865 4972	HidBatt - ok
15:50:05.0885 4972	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:50:05.0899 4972	HidBth - ok
15:50:05.0903 4972	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:50:05.0930 4972	HidIr - ok
15:50:05.0954 4972	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:50:05.0998 4972	hidserv - ok
15:50:06.0039 4972	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:06.0049 4972	HidUsb - ok
15:50:06.0082 4972	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:50:06.0121 4972	hkmsvc - ok
15:50:06.0153 4972	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:50:06.0188 4972	HomeGroupListener - ok
15:50:06.0218 4972	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:50:06.0244 4972	HomeGroupProvider - ok
15:50:06.0293 4972	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:50:06.0304 4972	HpSAMD - ok
15:50:06.0371 4972	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:50:06.0434 4972	HTTP - ok
15:50:06.0461 4972	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:50:06.0468 4972	hwpolicy - ok
15:50:06.0504 4972	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:50:06.0515 4972	i8042prt - ok
15:50:06.0554 4972	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:50:06.0569 4972	iaStorV - ok
15:50:06.0671 4972	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:06.0697 4972	idsvc - ok
15:50:06.0717 4972	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:50:06.0726 4972	iirsp - ok
15:50:06.0772 4972	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:50:06.0824 4972	IKEEXT - ok
15:50:06.0845 4972	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:50:06.0853 4972	intelide - ok
15:50:06.0879 4972	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:06.0890 4972	intelppm - ok
15:50:06.0918 4972	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:50:06.0947 4972	IPBusEnum - ok
15:50:06.0976 4972	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:07.0017 4972	IpFilterDriver - ok
15:50:07.0064 4972	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:50:07.0098 4972	iphlpsvc - ok
15:50:07.0128 4972	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:50:07.0138 4972	IPMIDRV - ok
15:50:07.0162 4972	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:50:07.0213 4972	IPNAT - ok
15:50:07.0248 4972	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:50:07.0274 4972	IRENUM - ok
15:50:07.0309 4972	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:50:07.0320 4972	isapnp - ok
15:50:07.0343 4972	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:50:07.0359 4972	iScsiPrt - ok
15:50:07.0396 4972	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:07.0406 4972	kbdclass - ok
15:50:07.0426 4972	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:07.0452 4972	kbdhid - ok
15:50:07.0479 4972	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:07.0492 4972	KeyIso - ok
15:50:07.0503 4972	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:50:07.0515 4972	KSecDD - ok
15:50:07.0545 4972	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:07.0557 4972	KSecPkg - ok
15:50:07.0569 4972	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:50:07.0610 4972	ksthunk - ok
15:50:07.0647 4972	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:50:07.0689 4972	KtmRm - ok
15:50:07.0733 4972	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:50:07.0787 4972	LanmanServer - ok
15:50:07.0811 4972	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:50:07.0850 4972	LanmanWorkstation - ok
15:50:07.0967 4972	LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:50:07.0983 4972	LBTServ - ok
15:50:08.0014 4972	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:50:08.0020 4972	LHidFilt - ok
15:50:08.0052 4972	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:08.0090 4972	lltdio - ok
15:50:08.0121 4972	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:50:08.0168 4972	lltdsvc - ok
15:50:08.0188 4972	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:50:08.0216 4972	lmhosts - ok
15:50:08.0236 4972	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:50:08.0243 4972	LMouFilt - ok
15:50:08.0274 4972	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:08.0284 4972	LSI_FC - ok
15:50:08.0297 4972	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:08.0306 4972	LSI_SAS - ok
15:50:08.0323 4972	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:08.0332 4972	LSI_SAS2 - ok
15:50:08.0354 4972	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:08.0363 4972	LSI_SCSI - ok
15:50:08.0395 4972	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:50:08.0433 4972	luafv - ok
15:50:08.0479 4972	LVPr2M64        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:50:08.0486 4972	LVPr2M64 - ok
15:50:08.0500 4972	LVPr2Mon        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:50:08.0506 4972	LVPr2Mon - ok
15:50:08.0576 4972	LVPrcS64        (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:50:08.0585 4972	LVPrcS64 - ok
15:50:08.0632 4972	LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
15:50:08.0643 4972	LVRS64 - ok
15:50:08.0916 4972	LVUVC64         (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:50:09.0006 4972	LVUVC64 - ok
15:50:09.0135 4972	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:50:09.0144 4972	MBAMProtector - ok
15:50:09.0226 4972	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:09.0243 4972	MBAMService - ok
15:50:09.0278 4972	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:50:09.0299 4972	Mcx2Svc - ok
15:50:09.0322 4972	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:50:09.0331 4972	megasas - ok
15:50:09.0357 4972	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:09.0369 4972	MegaSR - ok
15:50:09.0400 4972	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:09.0442 4972	MMCSS - ok
15:50:09.0469 4972	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:50:09.0510 4972	Modem - ok
15:50:09.0530 4972	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:50:09.0552 4972	monitor - ok
15:50:09.0594 4972	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:09.0605 4972	mouclass - ok
15:50:09.0639 4972	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:09.0665 4972	mouhid - ok
15:50:09.0694 4972	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:50:09.0705 4972	mountmgr - ok
15:50:09.0738 4972	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:50:09.0751 4972	mpio - ok
15:50:09.0762 4972	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:50:09.0798 4972	mpsdrv - ok
15:50:09.0858 4972	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:50:09.0914 4972	MpsSvc - ok
15:50:09.0943 4972	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:50:09.0958 4972	MRxDAV - ok
15:50:09.0987 4972	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:10.0029 4972	mrxsmb - ok
15:50:10.0082 4972	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:10.0109 4972	mrxsmb10 - ok
15:50:10.0129 4972	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:10.0143 4972	mrxsmb20 - ok
15:50:10.0172 4972	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:50:10.0181 4972	msahci - ok
15:50:10.0215 4972	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:50:10.0228 4972	msdsm - ok
15:50:10.0255 4972	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:50:10.0271 4972	MSDTC - ok
15:50:10.0303 4972	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:50:10.0338 4972	Msfs - ok
15:50:10.0349 4972	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:10.0389 4972	mshidkmdf - ok
15:50:10.0407 4972	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:50:10.0415 4972	msisadrv - ok
15:50:10.0457 4972	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:50:10.0513 4972	MSiSCSI - ok
15:50:10.0516 4972	msiserver - ok
15:50:10.0547 4972	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:10.0588 4972	MSKSSRV - ok
15:50:10.0603 4972	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:10.0643 4972	MSPCLOCK - ok
15:50:10.0661 4972	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:10.0704 4972	MSPQM - ok
15:50:10.0744 4972	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:50:10.0758 4972	MsRPC - ok
15:50:10.0775 4972	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:50:10.0783 4972	mssmbios - ok
15:50:10.0800 4972	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:10.0848 4972	MSTEE - ok
15:50:10.0874 4972	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:10.0883 4972	MTConfig - ok
15:50:10.0916 4972	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
15:50:10.0949 4972	MTsensor - ok
15:50:10.0976 4972	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:10.0987 4972	Mup - ok
15:50:11.0039 4972	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:50:11.0090 4972	napagent - ok
15:50:11.0132 4972	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:11.0149 4972	NativeWifiP - ok
15:50:11.0202 4972	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:50:11.0224 4972	NDIS - ok
15:50:11.0236 4972	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:11.0275 4972	NdisCap - ok
15:50:11.0299 4972	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:11.0340 4972	NdisTapi - ok
15:50:11.0368 4972	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:11.0415 4972	Ndisuio - ok
15:50:11.0442 4972	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:11.0486 4972	NdisWan - ok
15:50:11.0537 4972	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:50:11.0578 4972	NDProxy - ok
15:50:11.0600 4972	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:11.0638 4972	NetBIOS - ok
15:50:11.0798 4972	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:50:11.0850 4972	NetBT - ok
15:50:11.0875 4972	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:11.0888 4972	Netlogon - ok
15:50:11.0931 4972	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:50:11.0988 4972	Netman - ok
15:50:12.0029 4972	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:50:12.0075 4972	netprofm - ok
15:50:12.0147 4972	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:12.0157 4972	NetTcpPortSharing - ok
15:50:12.0185 4972	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:12.0194 4972	nfrd960 - ok
15:50:12.0242 4972	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:50:12.0295 4972	NlaSvc - ok
15:50:12.0311 4972	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:12.0348 4972	Npfs - ok
15:50:12.0358 4972	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:50:12.0400 4972	nsi - ok
15:50:12.0417 4972	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:12.0454 4972	nsiproxy - ok
15:50:12.0541 4972	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:50:12.0585 4972	Ntfs - ok
15:50:12.0680 4972	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:12.0725 4972	Null - ok
15:50:13.0295 4972	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:50:13.0466 4972	nvlddmkm - ok
15:50:13.0594 4972	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:50:13.0607 4972	nvraid - ok
15:50:13.0615 4972	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:50:13.0628 4972	nvstor - ok
15:50:13.0710 4972	NVSvc           (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe
15:50:13.0731 4972	NVSvc - ok
15:50:13.0870 4972	nvUpdatusService (4472183de09f80cb1b56f217d8e0ab9b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:50:13.0910 4972	nvUpdatusService - ok
15:50:13.0995 4972	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:50:14.0007 4972	nv_agp - ok
15:50:14.0035 4972	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:50:14.0061 4972	ohci1394 - ok
15:50:14.0107 4972	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:14.0117 4972	ose - ok
15:50:14.0350 4972	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:50:14.0424 4972	osppsvc - ok
15:50:14.0504 4972	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:14.0544 4972	p2pimsvc - ok
15:50:14.0573 4972	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:50:14.0592 4972	p2psvc - ok
15:50:14.0631 4972	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:50:14.0645 4972	Parport - ok
15:50:14.0670 4972	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:50:14.0681 4972	partmgr - ok
15:50:14.0697 4972	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:50:14.0728 4972	PcaSvc - ok
15:50:14.0756 4972	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:50:14.0769 4972	pci - ok
15:50:14.0781 4972	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:50:14.0788 4972	pciide - ok
15:50:14.0798 4972	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:14.0809 4972	pcmcia - ok
15:50:14.0820 4972	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:14.0828 4972	pcw - ok
15:50:14.0870 4972	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:14.0929 4972	PEAUTH - ok
15:50:15.0005 4972	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:50:15.0073 4972	PeerDistSvc - ok
15:50:15.0154 4972	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:50:15.0179 4972	PerfHost - ok
15:50:15.0315 4972	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:50:15.0385 4972	pla - ok
15:50:15.0442 4972	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:50:15.0475 4972	PlugPlay - ok
15:50:15.0498 4972	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:50:15.0523 4972	PNRPAutoReg - ok
15:50:15.0550 4972	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:15.0566 4972	PNRPsvc - ok
15:50:15.0611 4972	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:50:15.0666 4972	PolicyAgent - ok
15:50:15.0698 4972	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:50:15.0753 4972	Power - ok
15:50:15.0827 4972	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:15.0873 4972	PptpMiniport - ok
15:50:15.0897 4972	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:50:15.0919 4972	Processor - ok
15:50:15.0968 4972	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:50:16.0011 4972	ProfSvc - ok
15:50:16.0038 4972	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:16.0048 4972	ProtectedStorage - ok
15:50:16.0086 4972	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:50:16.0115 4972	Psched - ok
15:50:16.0185 4972	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:50:16.0218 4972	ql2300 - ok
15:50:16.0314 4972	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:50:16.0327 4972	ql40xx - ok
15:50:16.0356 4972	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:50:16.0384 4972	QWAVE - ok
15:50:16.0401 4972	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:50:16.0429 4972	QWAVEdrv - ok
15:50:16.0448 4972	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:16.0489 4972	RasAcd - ok
15:50:16.0523 4972	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:50:16.0552 4972	RasAgileVpn - ok
15:50:16.0567 4972	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:50:16.0597 4972	RasAuto - ok
15:50:16.0631 4972	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:16.0680 4972	Rasl2tp - ok
15:50:16.0718 4972	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:50:16.0759 4972	RasMan - ok
15:50:16.0780 4972	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:16.0817 4972	RasPppoe - ok
15:50:16.0848 4972	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:16.0886 4972	RasSstp - ok
15:50:16.0941 4972	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:16.0977 4972	rdbss - ok
15:50:16.0988 4972	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:50:17.0009 4972	rdpbus - ok
15:50:17.0034 4972	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:17.0076 4972	RDPCDD - ok
15:50:17.0104 4972	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:50:17.0125 4972	RDPDR - ok
15:50:17.0140 4972	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:50:17.0183 4972	RDPENCDD - ok
15:50:17.0203 4972	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:50:17.0230 4972	RDPREFMP - ok
15:50:17.0269 4972	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:50:17.0304 4972	RDPWD - ok
15:50:17.0340 4972	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:50:17.0351 4972	rdyboost - ok
15:50:17.0377 4972	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:50:17.0420 4972	RemoteAccess - ok
15:50:17.0451 4972	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:50:17.0495 4972	RemoteRegistry - ok
15:50:17.0514 4972	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:50:17.0554 4972	RpcEptMapper - ok
15:50:17.0565 4972	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:50:17.0587 4972	RpcLocator - ok
15:50:17.0620 4972	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:17.0652 4972	RpcSs - ok
15:50:17.0683 4972	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:17.0721 4972	rspndr - ok
15:50:17.0749 4972	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:50:17.0782 4972	s3cap - ok
15:50:17.0805 4972	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:17.0817 4972	SamSs - ok
15:50:17.0832 4972	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:50:17.0844 4972	sbp2port - ok
15:50:17.0873 4972	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:50:17.0908 4972	SCardSvr - ok
15:50:17.0940 4972	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:50:17.0988 4972	scfilter - ok
15:50:18.0060 4972	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:50:18.0121 4972	Schedule - ok
15:50:18.0150 4972	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:18.0178 4972	SCPolicySvc - ok
15:50:18.0213 4972	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:50:18.0246 4972	SDRSVC - ok
15:50:18.0295 4972	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:18.0345 4972	secdrv - ok
15:50:18.0359 4972	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:50:18.0389 4972	seclogon - ok
15:50:18.0419 4972	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:50:18.0448 4972	SENS - ok
15:50:18.0462 4972	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:50:18.0493 4972	SensrSvc - ok
15:50:18.0512 4972	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:50:18.0522 4972	Serenum - ok
15:50:18.0534 4972	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:50:18.0553 4972	Serial - ok
15:50:18.0570 4972	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:50:18.0594 4972	sermouse - ok
15:50:18.0630 4972	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:50:18.0671 4972	SessionEnv - ok
15:50:18.0691 4972	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:50:18.0722 4972	sffdisk - ok
15:50:18.0726 4972	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:18.0748 4972	sffp_mmc - ok
15:50:18.0761 4972	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:50:18.0787 4972	sffp_sd - ok
15:50:18.0800 4972	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:50:18.0825 4972	sfloppy - ok
15:50:18.0861 4972	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:50:18.0894 4972	SharedAccess - ok
15:50:18.0923 4972	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:50:18.0955 4972	ShellHWDetection - ok
15:50:18.0972 4972	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:50:18.0980 4972	SiSRaid2 - ok
15:50:18.0998 4972	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:50:19.0007 4972	SiSRaid4 - ok
15:50:19.0037 4972	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:50:19.0082 4972	Smb - ok
15:50:19.0116 4972	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:50:19.0127 4972	SNMPTRAP - ok
15:50:19.0138 4972	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:50:19.0145 4972	spldr - ok
15:50:19.0186 4972	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:50:19.0221 4972	Spooler - ok
15:50:19.0390 4972	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:50:19.0463 4972	sppsvc - ok
15:50:19.0554 4972	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:50:19.0605 4972	sppuinotify - ok
15:50:19.0664 4972	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:50:19.0746 4972	srv - ok
15:50:19.0784 4972	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:50:19.0819 4972	srv2 - ok
15:50:19.0841 4972	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:19.0871 4972	srvnet - ok
15:50:19.0905 4972	ssadbus         (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:50:19.0945 4972	ssadbus - ok
15:50:19.0967 4972	ssadmdfl        (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:50:19.0998 4972	ssadmdfl - ok
15:50:20.0022 4972	ssadmdm         (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:50:20.0047 4972	ssadmdm - ok
15:50:20.0094 4972	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:50:20.0104 4972	sscdbus - ok
15:50:20.0125 4972	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:50:20.0132 4972	sscdmdfl - ok
15:50:20.0158 4972	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:50:20.0167 4972	sscdmdm - ok
15:50:20.0205 4972	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:50:20.0260 4972	SSDPSRV - ok
15:50:20.0285 4972	SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
15:50:20.0291 4972	SSPORT - ok
15:50:20.0313 4972	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:50:20.0343 4972	SstpSvc - ok
15:50:20.0437 4972	Stereo Service  (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:50:20.0447 4972	Stereo Service - ok
15:50:20.0464 4972	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:50:20.0473 4972	stexstor - ok
15:50:20.0533 4972	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:50:20.0571 4972	stisvc - ok
15:50:20.0623 4972	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:50:20.0633 4972	storflt - ok
15:50:20.0661 4972	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:50:20.0695 4972	StorSvc - ok
15:50:20.0720 4972	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:50:20.0730 4972	storvsc - ok
15:50:20.0755 4972	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:50:20.0765 4972	swenum - ok
15:50:20.0806 4972	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:50:20.0862 4972	swprv - ok
15:50:20.0951 4972	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:50:21.0000 4972	SysMain - ok
15:50:21.0104 4972	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:50:21.0134 4972	TabletInputService - ok
15:50:21.0165 4972	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:50:21.0222 4972	TapiSrv - ok
15:50:21.0250 4972	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:50:21.0309 4972	TBS - ok
15:50:21.0435 4972	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:50:21.0478 4972	Tcpip - ok
15:50:21.0614 4972	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:21.0651 4972	TCPIP6 - ok
15:50:21.0703 4972	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:50:21.0751 4972	tcpipreg - ok
15:50:21.0779 4972	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:50:21.0807 4972	TDPIPE - ok
15:50:21.0810 4972	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:50:21.0847 4972	TDTCP - ok
15:50:21.0895 4972	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:50:21.0928 4972	tdx - ok
15:50:22.0129 4972	TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe
15:50:22.0175 4972	TeamViewer7 - ok
15:50:22.0273 4972	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:50:22.0283 4972	TermDD - ok
15:50:22.0324 4972	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:50:22.0385 4972	TermService - ok
15:50:22.0413 4972	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:50:22.0448 4972	Themes - ok
15:50:22.0471 4972	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:22.0508 4972	THREADORDER - ok
15:50:22.0540 4972	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:50:22.0580 4972	TrkWks - ok
15:50:22.0632 4972	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:50:22.0676 4972	TrustedInstaller - ok
15:50:22.0700 4972	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:22.0727 4972	tssecsrv - ok
15:50:22.0766 4972	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:50:22.0808 4972	TsUsbFlt - ok
15:50:22.0850 4972	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:22.0902 4972	tunnel - ok
15:50:22.0932 4972	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:50:22.0941 4972	uagp35 - ok
15:50:22.0990 4972	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:50:23.0036 4972	udfs - ok
15:50:23.0078 4972	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:50:23.0106 4972	UI0Detect - ok
15:50:23.0145 4972	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:50:23.0156 4972	uliagpkx - ok
15:50:23.0206 4972	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:50:23.0219 4972	umbus - ok
15:50:23.0222 4972	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:50:23.0245 4972	UmPass - ok
15:50:23.0274 4972	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:50:23.0298 4972	UmRdpService - ok
15:50:23.0401 4972	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:50:23.0443 4972	upnphost - ok
15:50:23.0475 4972	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:50:23.0488 4972	usbaudio - ok
15:50:23.0503 4972	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:23.0533 4972	usbccgp - ok
15:50:23.0569 4972	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:50:23.0582 4972	usbcir - ok
15:50:23.0594 4972	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:23.0619 4972	usbehci - ok
15:50:23.0662 4972	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:23.0692 4972	usbhub - ok
15:50:23.0719 4972	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:50:23.0744 4972	usbohci - ok
15:50:23.0776 4972	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:50:23.0806 4972	usbprint - ok
15:50:23.0828 4972	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:23.0867 4972	USBSTOR - ok
15:50:23.0888 4972	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:50:23.0916 4972	usbuhci - ok
15:50:23.0942 4972	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:50:23.0989 4972	UxSms - ok
15:50:24.0017 4972	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:24.0027 4972	VaultSvc - ok
15:50:24.0052 4972	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:24.0060 4972	vdrvroot - ok
15:50:24.0109 4972	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:50:24.0164 4972	vds - ok
15:50:24.0181 4972	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:24.0194 4972	vga - ok
15:50:24.0212 4972	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:24.0249 4972	VgaSave - ok
15:50:24.0278 4972	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:24.0289 4972	vhdmp - ok
15:50:24.0304 4972	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:24.0312 4972	viaide - ok
15:50:24.0345 4972	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:50:24.0359 4972	vmbus - ok
15:50:24.0387 4972	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:50:24.0411 4972	VMBusHID - ok
15:50:24.0431 4972	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:24.0442 4972	volmgr - ok
15:50:24.0483 4972	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:24.0501 4972	volmgrx - ok
15:50:24.0540 4972	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:24.0556 4972	volsnap - ok
15:50:24.0571 4972	vpnva - ok
15:50:24.0603 4972	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:50:24.0617 4972	vsmraid - ok
15:50:24.0708 4972	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:50:24.0783 4972	VSS - ok
15:50:24.0873 4972	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:50:24.0896 4972	vwifibus - ok
15:50:24.0940 4972	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:50:24.0981 4972	W32Time - ok
15:50:25.0000 4972	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:50:25.0026 4972	WacomPen - ok
15:50:25.0077 4972	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:25.0126 4972	WANARP - ok
15:50:25.0128 4972	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:25.0156 4972	Wanarpv6 - ok
15:50:25.0237 4972	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:50:25.0275 4972	wbengine - ok
15:50:25.0355 4972	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:50:25.0376 4972	WbioSrvc - ok
15:50:25.0419 4972	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:50:25.0443 4972	wcncsvc - ok
15:50:25.0461 4972	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:50:25.0485 4972	WcsPlugInService - ok
15:50:25.0527 4972	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:50:25.0537 4972	Wd - ok
15:50:25.0581 4972	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:25.0605 4972	Wdf01000 - ok
15:50:25.0618 4972	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:25.0680 4972	WdiServiceHost - ok
15:50:25.0683 4972	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:25.0700 4972	WdiSystemHost - ok
15:50:25.0735 4972	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:50:25.0765 4972	WebClient - ok
15:50:25.0786 4972	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:50:25.0837 4972	Wecsvc - ok
15:50:25.0852 4972	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:50:25.0882 4972	wercplsupport - ok
15:50:25.0908 4972	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:50:25.0938 4972	WerSvc - ok
15:50:25.0993 4972	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:26.0028 4972	WfpLwf - ok
15:50:26.0040 4972	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:26.0049 4972	WIMMount - ok
15:50:26.0072 4972	WinDefend - ok
15:50:26.0077 4972	WinHttpAutoProxySvc - ok
15:50:26.0133 4972	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:50:26.0166 4972	Winmgmt - ok
15:50:26.0263 4972	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:50:26.0318 4972	WinRM - ok
15:50:26.0416 4972	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:50:26.0443 4972	WinUsb - ok
15:50:26.0502 4972	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:50:26.0549 4972	Wlansvc - ok
15:50:26.0586 4972	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:50:26.0598 4972	WmiAcpi - ok
15:50:26.0653 4972	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:50:26.0683 4972	wmiApSrv - ok
15:50:26.0727 4972	WMPNetworkSvc - ok
15:50:26.0742 4972	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:50:26.0768 4972	WPCSvc - ok
15:50:26.0806 4972	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:50:26.0823 4972	WPDBusEnum - ok
15:50:26.0860 4972	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:26.0906 4972	ws2ifsl - ok
15:50:26.0928 4972	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:50:26.0953 4972	wscsvc - ok
15:50:26.0956 4972	WSearch - ok
15:50:27.0082 4972	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:50:27.0170 4972	wuauserv - ok
15:50:27.0255 4972	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:27.0300 4972	WudfPf - ok
15:50:27.0320 4972	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:27.0363 4972	WUDFRd - ok
15:50:27.0385 4972	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:50:27.0414 4972	wudfsvc - ok
15:50:27.0451 4972	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:50:27.0492 4972	WwanSvc - ok
15:50:27.0515 4972	MBR (0x1B8)     (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:50:27.0790 4972	\Device\Harddisk1\DR1 - ok
15:50:27.0803 4972	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:28.0389 4972	\Device\Harddisk0\DR0 - ok
15:50:28.0392 4972	Boot (0x1200)   (f1c432d3024b43ccf054647569d83ec5) \Device\Harddisk0\DR0\Partition0
15:50:28.0393 4972	\Device\Harddisk0\DR0\Partition0 - ok
15:50:28.0396 4972	Boot (0x1200)   (4819214da170bfb43ad0d455e06fc66e) \Device\Harddisk0\DR0\Partition1
15:50:28.0398 4972	\Device\Harddisk0\DR0\Partition1 - ok
15:50:28.0414 4972	Boot (0x1200)   (723f5836c958e6c728d3cd50cabc1e9e) \Device\Harddisk0\DR0\Partition2
15:50:28.0416 4972	\Device\Harddisk0\DR0\Partition2 - ok
15:50:28.0416 4972	============================================================
15:50:28.0416 4972	Scan finished
15:50:28.0416 4972	============================================================
15:50:28.0427 4996	Detected object count: 0
15:50:28.0427 4996	Actual detected object count: 0

cosinus · 11.07.2012, 14:59

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

booth · 11.07.2012, 15:25

combo fix done

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-07-11.03 - Martin 11.07.2012  16:08:28.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2800 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\SysWow64\muzapp.exe
E:\setup.exe
F:\install.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-11 13:09 . 2012-07-11 13:09	--------	dc----w-	C:\_OTL
2012-07-10 11:10 . 2012-07-10 11:10	--------	dc----w-	C:\NVIDIA
2012-07-09 14:03 . 2012-07-09 14:03	--------	d-----w-	c:\program files (x86)\ESET
2012-07-05 18:23 . 2012-07-05 18:23	--------	d-----w-	c:\users\Martin\AppData\Roaming\Malwarebytes
2012-07-05 18:23 . 2012-07-05 18:23	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-05 18:23 . 2012-07-05 18:23	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 18:23 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-04 18:06 . 2012-07-04 18:06	--------	d-----w-	c:\programdata\Citrix
2012-07-04 18:06 . 2012-07-04 18:10	--------	d-----w-	c:\users\Martin\AppData\Roaming\ICAClient
2012-07-04 18:06 . 2012-07-04 18:06	--------	d-----w-	c:\users\Martin\AppData\Local\Citrix
2012-07-04 18:06 . 2012-07-04 18:06	--------	d-----w-	c:\program files (x86)\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDFPrint"="e:\pdf24\pdf24.exe" [2011-12-16 220744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TeamViewer7;TeamViewer 7;c:\users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - e:\office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - e:\office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesPDLR - c:\windows\system32\External\FirmwareUpdate\KiesPDLR.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*C*]
@=multi:"\00ÿÿ\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
E:\cvpnd.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\users\Martin\temp\TeamViewer\Version7\TeamViewer.exe
c:\users\Martin\temp\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-11  16:18:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-11 14:18
.
Vor Suchlauf: 1.235.206.144 Bytes frei
Nach Suchlauf: 1.117.290.496 Bytes frei
.
- - End Of File - - B453EA9A4789BD5C3D55A54ECE0654F4

--- --- ---

cosinus · 11.07.2012, 21:40

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

booth · 12.07.2012, 16:28

und hier das adw log

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : x - x-PC
# Running from : C:\Users\x\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0 (de)

Profile name : default 
File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]
AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]
AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

cosinus · 12.07.2012, 18:55

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

booth · 12.07.2012, 20:01

so anbei schonmal das mgr und osam log. beim ausführen von aswMBR trat nach einer zeit ein Fehler auf " avast! Antirootkit funktioniert nicht mehr... Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen udn Sie werden benachrichtigt, wenn eien Lösung verfügbar ist."

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : x - x-PC
# Running from : C:\Users\x\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0 (de)

Profile name : default 
File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]
AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]
AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

und osam

[code]
OSAM Logfile:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:46:36 on 12.07.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - E:\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva64.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - E:\7-Zip\7-zip.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - E:\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\Office14\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -   (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\Office14\ONBttnIE.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - E:\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - E:\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDFPrint" - "Geek Software GmbH" - E:\PDF24\pdf24.exe
"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - E:\cvpnd.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Process Monitor" (LVPrcS64) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus · 12.07.2012, 21:04

Du hast das adwCleaner Log nochmal gepostet, es fehlt das von aswMBR
Ganz unten zu aswMBR hab ich übrigens noch einen Hinweis gepostet

booth · 12.07.2012, 21:20

ha...

wer lesen kann..

jap sorry

hier jetzt das aswMBR log

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 22:18:05
-----------------------------
22:18:05.170    OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:05.170    Number of processors: 2 586 0xF0B
22:18:05.171    ComputerName: MARTIN-PC  UserName: Martin
22:18:05.408    Initialize success
22:18:09.197    AVAST engine defs: 12071201
22:18:19.675    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:18:19.678    Disk 0 Vendor: SAMSUNG_HD252KJ CM100-12 Size: 238475MB BusType: 3
22:18:19.680    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
22:18:19.683    Disk 1 Vendor: WDC_WD1600BB-22GUC0 08.02D08 Size: 152627MB BusType: 3
22:18:19.700    Disk 0 MBR read successfully
22:18:19.703    Disk 0 MBR scan
22:18:19.707    Disk 0 Windows 7 default MBR code
22:18:19.710    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        24999 MB offset 63
22:18:19.715    Disk 0 Partition - 00     0F Extended LBA            213465 MB offset 51199155
22:18:19.734    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        85997 MB offset 51199218
22:18:19.739    Disk 0 Partition - 00     05     Extended            113466 MB offset 255995775
22:18:19.755    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       113466 MB offset 255995838
22:18:19.789    Disk 0 scanning C:\Windows\system32\drivers
22:18:27.648    Service scanning
22:18:43.871    Modules scanning
22:18:43.877    Disk 0 trace - called modules:
22:18:43.917    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 
22:18:43.922    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004926060]
22:18:43.927    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80047c7e40]
22:18:43.932    5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004472680]
22:18:43.938    Scan finished successfully
22:19:10.875    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
22:19:10.880    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

cosinus · 13.07.2012, 10:51

Was ist mit GMER? Ging das auch nicht?

booth · 13.07.2012, 16:13

Hallo Arne,

GEMR läuft zwar durch und meldet danach no modifications found... aber das log file lässt sich nicht darstellen bzw es ist einfach leer, kopiert auch nichts in die zwischenablage wenn ich auf copy klicke. das selbe im abgesicherten Modus...

gruß

cosinus · 13.07.2012, 21:16

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

12.07.2012, 21:04	#26
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU-Trojaner mit Cam und 100€ Du hast das adwCleaner Log nochmal gepostet, es fehlt das von aswMBR Ganz unten zu aswMBR hab ich übrigens noch einen Hinweis gepostet __________________ Logfiles bitte immer in CODE-Tags posten

13.07.2012, 10:51	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU-Trojaner mit Cam und 100€ Was ist mit GMER? Ging das auch nicht? __________________ Logfiles bitte immer in CODE-Tags posten

13.07.2012, 21:16	#30
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	GVU-Trojaner mit Cam und 100€ Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

13.07.2012, 16:13	#29
booth	GVU-Trojaner mit Cam und 100€ Hallo Arne, GEMR läuft zwar durch und meldet danach no modifications found... aber das log file lässt sich nicht darstellen bzw es ist einfach leer, kopiert auch nichts in die zwischenablage wenn ich auf copy klicke. das selbe im abgesicherten Modus... gruß

GVU-Trojaner mit Cam und 100€

Log-Analyse und Auswertung: GVU-Trojaner mit Cam und 100€