Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.10.2012, 20:33   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
F3 - HKU\S-1-5-21-488982243-929877786-3048713109-1000 WinNT: Load - (C:\Users\Jan\LOCALS~1\Temp\msjdqxi.com) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.27 13:12:48 | 000,000,693 | RH-- | M] () - D:\autoexec.bat -- [ FAT32 ]
:Files
C:\Users\Jan\AppData\Roaming\gema
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.10.2012, 16:19   #17
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



jap, Computer hat sich neu gestartet, dann ist dieser Log erschienen:

Code:
ATTFilter
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jan
->Temp folder emptied: 554592974 bytes
->Temporary Internet Files folder emptied: 316760346 bytes
->Java cache emptied: 1 bytes
->Opera cache emptied: 21956451 bytes
->Flash cache emptied: 105494 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41464857 bytes
RecycleBin emptied: 235750 bytes
 
Total Files Cleaned = 892,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_170417

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Edit.:Hab jetzt mal nen Quickscan mit Malewarebytes gemacht... es wird kein Trojaner mehr angezeigt, vieelen vielen Dank für den Support cosinus!!
Code:
ATTFilter
 Malwarebytes Anti-Malware  (PRO) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.12.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Jan :: JAN-PC [Administrator]

Schutz: Aktiviert

13.10.2012 17:42:43
mbam-log-2012-10-13 (17-42-43).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191130
Laufzeit: 33 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
__________________


Geändert von Slowmotion (13.10.2012 um 17:19 Uhr)

Alt 13.10.2012, 18:51   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Das Fixlog ist leider unvollständig
__________________
__________________

Alt 13.10.2012, 19:20   #19
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Oh, weist du zufällig, wo der Fixlog gesperichert wird, kann ihn nicht finden..

Alt 13.10.2012, 21:42   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Innerhalb von C:\_OTL

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.10.2012, 22:00   #21
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Ok, jetzt der ganze Log^^

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-488982243-929877786-3048713109-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jan\LOCALS~1\Temp\msjdqxi.com deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
D:\autoexec.bat moved successfully.
========== FILES ==========
C:\Users\Jan\AppData\Roaming\gema folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jan\Desktop\cmd.bat deleted successfully.
C:\Users\Jan\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jan
->Temp folder emptied: 554592974 bytes
->Temporary Internet Files folder emptied: 316760346 bytes
->Java cache emptied: 1 bytes
->Opera cache emptied: 21956451 bytes
->Flash cache emptied: 105494 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 41464857 bytes
RecycleBin emptied: 235750 bytes
 
Total Files Cleaned = 892,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 10132012_170417

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 14.10.2012, 15:53   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.10.2012, 17:36   #23
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Ok, habs über den Channel hochgeladen

Alt 14.10.2012, 19:59   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



ok, danke!

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 14.10.2012, 20:23   #25
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Bitte:
Code:
ATTFilter
21:16:43.0014 2836  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
21:16:44.0686 2836  ============================================================
21:16:44.0686 2836  Current date / time: 2012/10/14 21:16:44.0686
21:16:44.0686 2836  SystemInfo:
21:16:44.0686 2836  
21:16:44.0686 2836  OS Version: 6.1.7601 ServicePack: 1.0
21:16:44.0686 2836  Product type: Workstation
21:16:44.0686 2836  ComputerName: JAN-PC
21:16:44.0686 2836  UserName: Jan
21:16:44.0686 2836  Windows directory: C:\Windows
21:16:44.0686 2836  System windows directory: C:\Windows
21:16:44.0686 2836  Processor architecture: Intel x86
21:16:44.0686 2836  Number of processors: 2
21:16:44.0686 2836  Page size: 0x1000
21:16:44.0686 2836  Boot type: Normal boot
21:16:44.0686 2836  ============================================================
21:16:48.0279 2836  Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:16:48.0654 2836  ============================================================
21:16:48.0654 2836  \Device\Harddisk0\DR0:
21:16:48.0654 2836  MBR partitions:
21:16:48.0654 2836  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:16:48.0654 2836  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x10BA0000
21:16:48.0654 2836  \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x10BD2909, BlocksNum 0x1E461B8
21:16:48.0654 2836  ============================================================
21:16:48.0920 2836  C: <-> \Device\Harddisk0\DR0\Partition2
21:16:48.0998 2836  D: <-> \Device\Harddisk0\DR0\Partition3
21:16:49.0217 2836  H: <-> \Device\Harddisk0\DR0\Partition1
21:16:49.0639 2836  ============================================================
21:16:49.0639 2836  Initialize success
21:16:49.0639 2836  ============================================================
21:17:43.0514 3492  ============================================================
21:17:43.0514 3492  Scan started
21:17:43.0514 3492  Mode: Manual; SigCheck; TDLFS; 
21:17:43.0514 3492  ============================================================
21:17:46.0326 3492  ================ Scan system memory ========================
21:17:46.0326 3492  System memory - ok
21:17:46.0342 3492  ================ Scan services =============================
21:17:46.0576 3492  [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
21:17:47.0154 3492  1394ohci - ok
21:17:47.0201 3492  [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
21:17:47.0264 3492  ACPI - ok
21:17:47.0311 3492  [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
21:17:47.0576 3492  AcpiPmi - ok
21:17:47.0701 3492  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:17:47.0748 3492  AdobeARMservice - ok
21:17:47.0811 3492  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
21:17:47.0889 3492  adp94xx - ok
21:17:47.0920 3492  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
21:17:47.0967 3492  adpahci - ok
21:17:47.0998 3492  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
21:17:48.0045 3492  adpu320 - ok
21:17:48.0107 3492  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
21:17:48.0295 3492  AeLookupSvc - ok
21:17:48.0373 3492  [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD             C:\Windows\system32\drivers\afd.sys
21:17:48.0498 3492  AFD - ok
21:17:48.0545 3492  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\drivers\agp440.sys
21:17:48.0576 3492  agp440 - ok
21:17:48.0639 3492  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
21:17:48.0670 3492  aic78xx - ok
21:17:48.0732 3492  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
21:17:48.0873 3492  ALG - ok
21:17:48.0889 3492  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\drivers\aliide.sys
21:17:48.0936 3492  aliide - ok
21:17:48.0967 3492  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
21:17:48.0998 3492  amdagp - ok
21:17:49.0029 3492  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\drivers\amdide.sys
21:17:49.0061 3492  amdide - ok
21:17:49.0123 3492  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
21:17:49.0248 3492  AmdK8 - ok
21:17:49.0279 3492  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
21:17:49.0357 3492  AmdPPM - ok
21:17:49.0404 3492  [ D320BF87125326F996D4904FE24300FC ] amdsata         C:\Windows\system32\drivers\amdsata.sys
21:17:49.0436 3492  amdsata - ok
21:17:49.0467 3492  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
21:17:49.0514 3492  amdsbs - ok
21:17:49.0545 3492  [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
21:17:49.0576 3492  amdxata - ok
21:17:49.0654 3492  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:17:49.0717 3492  AntiVirSchedulerService - ok
21:17:49.0764 3492  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:17:49.0795 3492  AntiVirService - ok
21:17:49.0842 3492  [ AEA177F783E20150ACE5383EE368DA19 ] AppID           C:\Windows\system32\drivers\appid.sys
21:17:50.0029 3492  AppID - ok
21:17:50.0076 3492  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
21:17:50.0170 3492  AppIDSvc - ok
21:17:50.0201 3492  [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo         C:\Windows\System32\appinfo.dll
21:17:50.0357 3492  Appinfo - ok
21:17:50.0420 3492  [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt         C:\Windows\System32\appmgmts.dll
21:17:50.0576 3492  AppMgmt - ok
21:17:50.0639 3492  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
21:17:50.0686 3492  arc - ok
21:17:50.0717 3492  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
21:17:50.0748 3492  arcsas - ok
21:17:50.0873 3492  [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state    C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:17:50.0998 3492  aspnet_state - ok
21:17:51.0045 3492  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
21:17:51.0264 3492  AsyncMac - ok
21:17:51.0311 3492  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\drivers\atapi.sys
21:17:51.0342 3492  atapi - ok
21:17:51.0404 3492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:17:51.0498 3492  AudioEndpointBuilder - ok
21:17:51.0529 3492  [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
21:17:51.0607 3492  Audiosrv - ok
21:17:51.0701 3492  [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
21:17:51.0764 3492  avgntflt - ok
21:17:51.0826 3492  [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
21:17:51.0873 3492  avipbb - ok
21:17:51.0889 3492  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
21:17:51.0920 3492  avkmgr - ok
21:17:51.0982 3492  [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
21:17:52.0154 3492  AxInstSV - ok
21:17:52.0217 3492  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
21:17:52.0326 3492  b06bdrv - ok
21:17:52.0404 3492  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
21:17:52.0498 3492  b57nd60x - ok
21:17:52.0904 3492  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
21:17:53.0076 3492  BDESVC - ok
21:17:53.0139 3492  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
21:17:53.0264 3492  Beep - ok
21:17:53.0342 3492  [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE             C:\Windows\System32\bfe.dll
21:17:53.0451 3492  BFE - ok
21:17:53.0498 3492  [ E585445D5021971FAE10393F0F1C3961 ] BITS            C:\Windows\System32\qmgr.dll
21:17:53.0795 3492  BITS - ok
21:17:53.0857 3492  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
21:17:53.0920 3492  blbdrive - ok
21:17:53.0967 3492  [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
21:17:54.0029 3492  bowser - ok
21:17:54.0061 3492  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:17:54.0279 3492  BrFiltLo - ok
21:17:54.0342 3492  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:17:54.0404 3492  BrFiltUp - ok
21:17:54.0467 3492  [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser         C:\Windows\System32\browser.dll
21:17:54.0592 3492  Browser - ok
21:17:54.0607 3492  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
21:17:54.0779 3492  Brserid - ok
21:17:54.0811 3492  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
21:17:54.0873 3492  BrSerWdm - ok
21:17:54.0904 3492  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
21:17:55.0014 3492  BrUsbMdm - ok
21:17:55.0045 3492  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
21:17:55.0107 3492  BrUsbSer - ok
21:17:55.0170 3492  [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
21:17:55.0482 3492  BthEnum - ok
21:17:55.0498 3492  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
21:17:55.0623 3492  BTHMODEM - ok
21:17:55.0654 3492  [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
21:17:55.0717 3492  BthPan - ok
21:17:55.0779 3492  [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
21:17:55.0842 3492  BTHPORT - ok
21:17:55.0904 3492  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
21:17:55.0998 3492  bthserv - ok
21:17:56.0045 3492  [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
21:17:56.0092 3492  BTHUSB - ok
21:17:56.0154 3492  [ FD785638D097A4BED11953FFC8E22755 ] btwampfl        C:\Windows\system32\drivers\btwampfl.sys
21:17:56.0279 3492  btwampfl - ok
21:17:56.0326 3492  [ A7C9E9B312036EC0EAF2CED52C7FC66F ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
21:17:56.0357 3492  btwaudio - ok
21:17:56.0404 3492  [ C8D1ADEFD6D5FEAF95C6C7A2CC6B4B97 ] btwavdt         C:\Windows\system32\DRIVERS\btwavdt.sys
21:17:56.0436 3492  btwavdt - ok
21:17:56.0545 3492  [ C0C4CC503702AD3922FCE6A393A5BAAB ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:17:56.0639 3492  btwdins - ok
21:17:56.0670 3492  [ E26610D44609574E13BAAD367AB34967 ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
21:17:56.0701 3492  btwl2cap - ok
21:17:56.0732 3492  [ C49CC9B5E06FBDC87137BA24018B6EDE ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
21:17:56.0779 3492  btwrchid - ok
21:17:56.0842 3492  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
21:17:56.0951 3492  cdfs - ok
21:17:56.0998 3492  [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
21:17:57.0061 3492  cdrom - ok
21:17:57.0107 3492  [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc     C:\Windows\System32\certprop.dll
21:17:57.0186 3492  CertPropSvc - ok
21:17:57.0217 3492  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
21:17:57.0248 3492  circlass - ok
21:17:57.0311 3492  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
21:17:57.0389 3492  CLFS - ok
21:17:57.0514 3492  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:17:57.0561 3492  clr_optimization_v2.0.50727_32 - ok
21:17:57.0592 3492  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:17:57.0748 3492  clr_optimization_v4.0.30319_32 - ok
21:17:57.0811 3492  [ 125C828BF3673406DFD642D7BEE8434F ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
21:17:57.0842 3492  clwvd - ok
21:17:57.0873 3492  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
21:17:57.0920 3492  CmBatt - ok
21:17:57.0951 3492  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
21:17:57.0982 3492  cmdide - ok
21:17:58.0045 3492  [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG             C:\Windows\system32\Drivers\cng.sys
21:17:58.0123 3492  CNG - ok
21:17:58.0170 3492  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
21:17:58.0201 3492  Compbatt - ok
21:17:58.0248 3492  [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
21:17:58.0311 3492  CompositeBus - ok
21:17:58.0342 3492  COMSysApp - ok
21:17:58.0373 3492  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
21:17:58.0404 3492  crcdisk - ok
21:17:58.0482 3492  [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc        C:\Windows\system32\cryptsvc.dll
21:17:58.0561 3492  CryptSvc - ok
21:17:58.0623 3492  [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC             C:\Windows\system32\drivers\csc.sys
21:17:58.0732 3492  CSC - ok
21:17:58.0779 3492  [ 15F93B37F6801943360D9EB42485D5D3 ] CscService      C:\Windows\System32\cscsvc.dll
21:17:58.0904 3492  CscService - ok
21:17:58.0951 3492  [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch      C:\Windows\system32\rpcss.dll
21:17:59.0076 3492  DcomLaunch - ok
21:17:59.0123 3492  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
21:17:59.0232 3492  defragsvc - ok
21:17:59.0264 3492  [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
21:17:59.0373 3492  DfsC - ok
21:17:59.0436 3492  [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp            C:\Windows\system32\dhcpcore.dll
21:17:59.0545 3492  Dhcp - ok
21:17:59.0592 3492  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
21:17:59.0686 3492  discache - ok
21:17:59.0717 3492  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
21:17:59.0764 3492  Disk - ok
21:17:59.0795 3492  [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
21:17:59.0857 3492  Dnscache - ok
21:17:59.0904 3492  [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc         C:\Windows\System32\dot3svc.dll
21:17:59.0998 3492  dot3svc - ok
21:18:00.0029 3492  [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS             C:\Windows\system32\dps.dll
21:18:00.0123 3492  DPS - ok
21:18:00.0170 3492  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
21:18:00.0217 3492  drmkaud - ok
21:18:00.0279 3492  [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
21:18:00.0420 3492  DXGKrnl - ok
21:18:00.0467 3492  [ 22EF8965101685ADD128F03A2B03CE16 ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
21:18:00.0592 3492  E1G60 - ok
21:18:00.0639 3492  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
21:18:00.0717 3492  EapHost - ok
21:18:00.0842 3492  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
21:18:01.0029 3492  ebdrv - ok
21:18:01.0061 3492  [ 81951F51E318AECC2D68559E47485CC4 ] EFS             C:\Windows\System32\lsass.exe
21:18:01.0186 3492  EFS - ok
21:18:01.0279 3492  [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
21:18:01.0436 3492  ehRecvr - ok
21:18:01.0482 3492  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
21:18:01.0576 3492  ehSched - ok
21:18:01.0686 3492  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
21:18:01.0732 3492  elxstor - ok
21:18:01.0764 3492  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
21:18:01.0811 3492  ErrDev - ok
21:18:01.0889 3492  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
21:18:01.0982 3492  EventSystem - ok
21:18:02.0014 3492  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
21:18:02.0107 3492  exfat - ok
21:18:02.0154 3492  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
21:18:02.0248 3492  fastfat - ok
21:18:02.0311 3492  [ 967EA5B213E9984CBE270205DF37755B ] Fax             C:\Windows\system32\fxssvc.exe
21:18:02.0436 3492  Fax - ok
21:18:02.0467 3492  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
21:18:02.0514 3492  fdc - ok
21:18:02.0561 3492  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
21:18:02.0654 3492  fdPHost - ok
21:18:02.0670 3492  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
21:18:02.0764 3492  FDResPub - ok
21:18:02.0826 3492  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
21:18:02.0857 3492  FileInfo - ok
21:18:02.0873 3492  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
21:18:02.0951 3492  Filetrace - ok
21:18:02.0982 3492  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
21:18:03.0045 3492  flpydisk - ok
21:18:03.0076 3492  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
21:18:03.0123 3492  FltMgr - ok
21:18:03.0170 3492  [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache       C:\Windows\system32\FntCache.dll
21:18:03.0311 3492  FontCache - ok
21:18:03.0451 3492  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:18:03.0498 3492  FontCache3.0.0.0 - ok
21:18:03.0576 3492  [ 93B5CD0AC126BE95F65B28AF3D9542DC ] FreemakeVideoCapture C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
21:18:03.0592 3492  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - warning
21:18:03.0592 3492  FreemakeVideoCapture - detected UnsignedFile.Multi.Generic (1)
21:18:03.0639 3492  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
21:18:03.0670 3492  FsDepends - ok
21:18:03.0701 3492  [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
21:18:03.0732 3492  Fs_Rec - ok
21:18:03.0811 3492  [ 8A73E79089B282100B9393B644CB853B ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
21:18:03.0857 3492  fvevol - ok
21:18:03.0920 3492  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
21:18:03.0951 3492  gagp30kx - ok
21:18:03.0998 3492  [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt           C:\Windows\system32\DRIVERS\ggflt.sys
21:18:04.0029 3492  ggflt - ok
21:18:04.0076 3492  [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc          C:\Windows\system32\DRIVERS\ggsemc.sys
21:18:04.0139 3492  ggsemc - ok
21:18:04.0201 3492  [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc           C:\Windows\System32\gpsvc.dll
21:18:04.0326 3492  gpsvc - ok
21:18:04.0373 3492  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
21:18:04.0482 3492  hcw85cir - ok
21:18:04.0529 3492  [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:18:04.0607 3492  HdAudAddService - ok
21:18:04.0639 3492  [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
21:18:04.0701 3492  HDAudBus - ok
21:18:04.0732 3492  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
21:18:04.0795 3492  HidBatt - ok
21:18:04.0811 3492  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
21:18:04.0873 3492  HidBth - ok
21:18:04.0904 3492  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
21:18:04.0951 3492  HidIr - ok
21:18:04.0998 3492  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
21:18:05.0092 3492  hidserv - ok
21:18:05.0139 3492  [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
21:18:05.0232 3492  HidUsb - ok
21:18:05.0279 3492  [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc          C:\Windows\system32\kmsvc.dll
21:18:05.0373 3492  hkmsvc - ok
21:18:05.0436 3492  [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:18:05.0545 3492  HomeGroupListener - ok
21:18:05.0592 3492  [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:18:05.0670 3492  HomeGroupProvider - ok
21:18:05.0717 3492  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
21:18:05.0748 3492  HpSAMD - ok
21:18:05.0811 3492  [ 871917B07A141BFF43D76D8844D48106 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
21:18:05.0889 3492  HTTP - ok
21:18:05.0920 3492  [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
21:18:05.0967 3492  hwpolicy - ok
21:18:05.0998 3492  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
21:18:06.0076 3492  i8042prt - ok
21:18:06.0123 3492  [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
21:18:06.0170 3492  iaStorV - ok
21:18:06.0248 3492  [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:18:06.0326 3492  idsvc - ok
21:18:06.0529 3492  [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
21:18:06.0857 3492  igfx - ok
21:18:06.0920 3492  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
21:18:06.0951 3492  iirsp - ok
21:18:07.0029 3492  [ F95622F161474511B8D80D6B093AA610 ] IKEEXT          C:\Windows\System32\ikeext.dll
21:18:07.0186 3492  IKEEXT - ok
21:18:07.0232 3492  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\drivers\intelide.sys
21:18:07.0264 3492  intelide - ok
21:18:07.0311 3492  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
21:18:07.0357 3492  intelppm - ok
21:18:07.0404 3492  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
21:18:07.0498 3492  IPBusEnum - ok
21:18:07.0529 3492  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:18:07.0607 3492  IpFilterDriver - ok
21:18:07.0686 3492  [ 4D65A07B795D6674312F879D09AA7663 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
21:18:07.0779 3492  iphlpsvc - ok
21:18:07.0811 3492  [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
21:18:07.0936 3492  IPMIDRV - ok
21:18:07.0982 3492  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
21:18:08.0076 3492  IPNAT - ok
21:18:08.0123 3492  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
21:18:08.0201 3492  IRENUM - ok
21:18:08.0232 3492  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
21:18:08.0279 3492  isapnp - ok
21:18:08.0326 3492  [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
21:18:08.0357 3492  iScsiPrt - ok
21:18:08.0404 3492  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
21:18:08.0451 3492  kbdclass - ok
21:18:08.0467 3492  [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
21:18:08.0529 3492  kbdhid - ok
21:18:08.0561 3492  [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso          C:\Windows\system32\lsass.exe
21:18:08.0607 3492  KeyIso - ok
21:18:08.0717 3492  [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
21:18:08.0764 3492  KSecDD - ok
21:18:08.0811 3492  [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
21:18:08.0857 3492  KSecPkg - ok
21:18:08.0904 3492  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
21:18:09.0014 3492  KtmRm - ok
21:18:09.0061 3492  [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer    C:\Windows\system32\srvsvc.dll
21:18:09.0186 3492  LanmanServer - ok
21:18:09.0217 3492  [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:18:09.0357 3492  LanmanWorkstation - ok
21:18:09.0420 3492  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
21:18:09.0514 3492  lltdio - ok
21:18:09.0561 3492  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
21:18:09.0654 3492  lltdsvc - ok
21:18:09.0670 3492  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
21:18:09.0748 3492  lmhosts - ok
21:18:09.0779 3492  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
21:18:09.0826 3492  LSI_FC - ok
21:18:09.0857 3492  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
21:18:09.0889 3492  LSI_SAS - ok
21:18:09.0920 3492  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:18:09.0967 3492  LSI_SAS2 - ok
21:18:09.0998 3492  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:18:10.0029 3492  LSI_SCSI - ok
21:18:10.0061 3492  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
21:18:10.0139 3492  luafv - ok
21:18:10.0232 3492  [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
21:18:10.0264 3492  MBAMProtector - ok
21:18:10.0389 3492  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
21:18:10.0436 3492  MBAMScheduler - ok
21:18:10.0498 3492  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
21:18:10.0576 3492  MBAMService - ok
21:18:10.0623 3492  [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
21:18:10.0670 3492  Mcx2Svc - ok
21:18:10.0717 3492  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
21:18:10.0748 3492  megasas - ok
21:18:10.0779 3492  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
21:18:10.0842 3492  MegaSR - ok
21:18:10.0936 3492  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:18:10.0967 3492  Microsoft Office Groove Audit Service - ok
21:18:11.0014 3492  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
21:18:11.0123 3492  MMCSS - ok
21:18:11.0186 3492  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
21:18:11.0264 3492  Modem - ok
21:18:11.0311 3492  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
21:18:11.0373 3492  monitor - ok
21:18:11.0404 3492  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
21:18:11.0451 3492  mouclass - ok
21:18:11.0498 3492  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
21:18:11.0561 3492  mouhid - ok
21:18:11.0607 3492  [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
21:18:11.0639 3492  mountmgr - ok
21:18:11.0686 3492  [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio            C:\Windows\system32\drivers\mpio.sys
21:18:11.0732 3492  mpio - ok
21:18:11.0748 3492  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
21:18:11.0889 3492  mpsdrv - ok
21:18:11.0936 3492  [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc          C:\Windows\system32\mpssvc.dll
21:18:12.0076 3492  MpsSvc - ok
21:18:12.0123 3492  [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
21:18:12.0170 3492  MRxDAV - ok
21:18:12.0217 3492  [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
21:18:12.0311 3492  mrxsmb - ok
21:18:12.0357 3492  [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:18:12.0420 3492  mrxsmb10 - ok
21:18:12.0436 3492  [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:18:12.0467 3492  mrxsmb20 - ok
21:18:12.0498 3492  [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci          C:\Windows\system32\drivers\msahci.sys
21:18:12.0545 3492  msahci - ok
21:18:12.0576 3492  [ 55055F8AD8BE27A64C831322A780A228 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
21:18:12.0623 3492  msdsm - ok
21:18:12.0639 3492  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
21:18:12.0701 3492  MSDTC - ok
21:18:12.0748 3492  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
21:18:12.0826 3492  Msfs - ok
21:18:12.0857 3492  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
21:18:12.0951 3492  mshidkmdf - ok
21:18:12.0982 3492  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
21:18:13.0014 3492  msisadrv - ok
21:18:13.0076 3492  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
21:18:13.0154 3492  MSiSCSI - ok
21:18:13.0170 3492  msiserver - ok
21:18:13.0217 3492  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
21:18:13.0357 3492  MSKSSRV - ok
21:18:13.0420 3492  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
21:18:13.0498 3492  MSPCLOCK - ok
21:18:13.0529 3492  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
21:18:13.0623 3492  MSPQM - ok
21:18:13.0654 3492  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
21:18:13.0701 3492  MsRPC - ok
21:18:13.0748 3492  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
21:18:13.0779 3492  mssmbios - ok
21:18:13.0811 3492  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
21:18:13.0889 3492  MSTEE - ok
21:18:13.0904 3492  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
21:18:13.0967 3492  MTConfig - ok
21:18:13.0982 3492  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
21:18:14.0029 3492  Mup - ok
21:18:14.0076 3492  [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent        C:\Windows\system32\qagentRT.dll
21:18:14.0170 3492  napagent - ok
21:18:14.0217 3492  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
21:18:14.0279 3492  NativeWifiP - ok
21:18:14.0342 3492  [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS            C:\Windows\system32\drivers\ndis.sys
21:18:14.0436 3492  NDIS - ok
21:18:14.0451 3492  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
21:18:14.0545 3492  NdisCap - ok
21:18:14.0576 3492  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
21:18:14.0654 3492  NdisTapi - ok
21:18:14.0701 3492  [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
21:18:14.0795 3492  Ndisuio - ok
21:18:14.0826 3492  [ 38FBE267E7E6983311179230FACB1017 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
21:18:14.0904 3492  NdisWan - ok
21:18:14.0936 3492  [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
21:18:14.0998 3492  NDProxy - ok
21:18:15.0061 3492  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
21:18:15.0139 3492  NetBIOS - ok
21:18:15.0186 3492  [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
21:18:15.0279 3492  NetBT - ok
21:18:15.0311 3492  [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon        C:\Windows\system32\lsass.exe
21:18:15.0342 3492  Netlogon - ok
21:18:15.0420 3492  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
21:18:15.0529 3492  Netman - ok
21:18:15.0561 3492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:15.0623 3492  NetMsmqActivator - ok
21:18:15.0670 3492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:15.0701 3492  NetPipeActivator - ok
21:18:15.0732 3492  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
21:18:15.0842 3492  netprofm - ok
21:18:15.0920 3492  [ 652881F65B35564575255A0E05E23C55 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
21:18:15.0982 3492  netr28 - ok
21:18:16.0014 3492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:16.0045 3492  NetTcpActivator - ok
21:18:16.0061 3492  [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:18:16.0092 3492  NetTcpPortSharing - ok
21:18:16.0170 3492  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
21:18:16.0201 3492  nfrd960 - ok
21:18:16.0248 3492  [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc          C:\Windows\System32\nlasvc.dll
21:18:16.0342 3492  NlaSvc - ok
21:18:16.0404 3492  [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] npf             C:\Windows\system32\drivers\npf.sys
21:18:16.0436 3492  npf - ok
21:18:16.0451 3492  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
21:18:16.0529 3492  Npfs - ok
21:18:16.0561 3492  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
21:18:16.0639 3492  nsi - ok
21:18:16.0670 3492  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
21:18:16.0764 3492  nsiproxy - ok
21:18:16.0842 3492  [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
21:18:16.0967 3492  Ntfs - ok
21:18:17.0014 3492  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
21:18:17.0092 3492  Null - ok
21:18:17.0139 3492  [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
21:18:17.0170 3492  nvraid - ok
21:18:17.0217 3492  [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
21:18:17.0248 3492  nvstor - ok
21:18:17.0279 3492  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
21:18:17.0326 3492  nv_agp - ok
21:18:17.0404 3492  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:18:17.0467 3492  odserv - ok
21:18:17.0498 3492  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
21:18:17.0561 3492  ohci1394 - ok
21:18:17.0607 3492  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:18:17.0639 3492  ose - ok
21:18:17.0717 3492  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
21:18:17.0826 3492  p2pimsvc - ok
21:18:17.0889 3492  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
21:18:17.0967 3492  p2psvc - ok
21:18:18.0014 3492  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
21:18:18.0061 3492  Parport - ok
21:18:18.0107 3492  [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr         C:\Windows\system32\drivers\partmgr.sys
21:18:18.0186 3492  partmgr - ok
21:18:18.0232 3492  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
21:18:18.0295 3492  Parvdm - ok
21:18:18.0342 3492  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
21:18:18.0389 3492  PcaSvc - ok
21:18:18.0420 3492  [ 673E55C3498EB970088E812EA820AA8F ] pci             C:\Windows\system32\drivers\pci.sys
21:18:18.0451 3492  pci - ok
21:18:18.0482 3492  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\drivers\pciide.sys
21:18:18.0529 3492  pciide - ok
21:18:18.0561 3492  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
21:18:18.0607 3492  pcmcia - ok
21:18:18.0623 3492  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
21:18:18.0670 3492  pcw - ok
21:18:18.0701 3492  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
21:18:18.0826 3492  PEAUTH - ok
21:18:18.0920 3492  [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
21:18:19.0076 3492  PeerDistSvc - ok
21:18:19.0201 3492  [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla             C:\Windows\system32\pla.dll
21:18:19.0373 3492  pla - ok
21:18:19.0404 3492  [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
21:18:19.0498 3492  PlugPlay - ok
21:18:19.0529 3492  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
21:18:19.0592 3492  PNRPAutoReg - ok
21:18:19.0623 3492  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
21:18:19.0670 3492  PNRPsvc - ok
21:18:19.0701 3492  [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
21:18:19.0811 3492  PolicyAgent - ok
21:18:19.0873 3492  [ F87D30E72E03D579A5199CCB3831D6EA ] Power           C:\Windows\system32\umpo.dll
21:18:19.0951 3492  Power - ok
21:18:20.0014 3492  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
21:18:20.0107 3492  PptpMiniport - ok
21:18:20.0139 3492  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
21:18:20.0186 3492  Processor - ok
21:18:20.0232 3492  [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc         C:\Windows\system32\profsvc.dll
21:18:20.0311 3492  ProfSvc - ok
21:18:20.0342 3492  [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:18:20.0389 3492  ProtectedStorage - ok
21:18:20.0451 3492  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
21:18:20.0545 3492  Psched - ok
21:18:20.0623 3492  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
21:18:20.0764 3492  ql2300 - ok
21:18:20.0811 3492  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
21:18:20.0842 3492  ql40xx - ok
21:18:20.0889 3492  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
21:18:20.0967 3492  QWAVE - ok
21:18:20.0998 3492  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
21:18:21.0045 3492  QWAVEdrv - ok
21:18:21.0061 3492  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
21:18:21.0139 3492  RasAcd - ok
21:18:21.0201 3492  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
21:18:21.0295 3492  RasAgileVpn - ok
21:18:21.0326 3492  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
21:18:21.0404 3492  RasAuto - ok
21:18:21.0420 3492  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
21:18:21.0498 3492  Rasl2tp - ok
21:18:21.0561 3492  [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan          C:\Windows\System32\rasmans.dll
21:18:21.0670 3492  RasMan - ok
21:18:21.0701 3492  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
21:18:21.0779 3492  RasPppoe - ok
21:18:21.0811 3492  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
21:18:21.0889 3492  RasSstp - ok
21:18:21.0951 3492  [ D528BC58A489409BA40334EBF96A311B ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
21:18:22.0045 3492  rdbss - ok
21:18:22.0061 3492  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
21:18:22.0107 3492  rdpbus - ok
21:18:22.0154 3492  [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
21:18:22.0248 3492  RDPCDD - ok
21:18:22.0295 3492  [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
21:18:22.0373 3492  RDPDR - ok
21:18:22.0389 3492  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
21:18:22.0467 3492  RDPENCDD - ok
21:18:22.0514 3492  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
21:18:22.0592 3492  RDPREFMP - ok
21:18:22.0670 3492  [ 68A0387F58E226DEEE23D9715955572A ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:18:22.0857 3492  RdpVideoMiniport - ok
21:18:22.0904 3492  [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
21:18:22.0967 3492  RDPWD - ok
21:18:23.0029 3492  [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
21:18:23.0076 3492  rdyboost - ok
21:18:23.0123 3492  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
21:18:23.0217 3492  RemoteAccess - ok
21:18:23.0279 3492  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
21:18:23.0373 3492  RemoteRegistry - ok
21:18:23.0420 3492  [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
21:18:23.0545 3492  RFCOMM - ok
21:18:23.0576 3492  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
21:18:23.0670 3492  RpcEptMapper - ok
21:18:23.0717 3492  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
21:18:23.0779 3492  RpcLocator - ok
21:18:23.0811 3492  [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs           C:\Windows\system32\rpcss.dll
21:18:23.0904 3492  RpcSs - ok
21:18:23.0951 3492  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
21:18:24.0061 3492  rspndr - ok
21:18:24.0107 3492  [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
21:18:24.0154 3492  RTL8167 - ok
21:18:24.0186 3492  [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
21:18:24.0295 3492  s3cap - ok
21:18:24.0326 3492  [ 81951F51E318AECC2D68559E47485CC4 ] SamSs           C:\Windows\system32\lsass.exe
21:18:24.0357 3492  SamSs - ok
21:18:24.0404 3492  [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
21:18:24.0451 3492  sbp2port - ok
21:18:24.0514 3492  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
21:18:24.0623 3492  SCardSvr - ok
21:18:24.0639 3492  [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
21:18:24.0717 3492  scfilter - ok
21:18:24.0779 3492  [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule        C:\Windows\system32\schedsvc.dll
21:18:24.0904 3492  Schedule - ok
21:18:24.0936 3492  [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc     C:\Windows\System32\certprop.dll
21:18:24.0998 3492  SCPolicySvc - ok
21:18:25.0029 3492  [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
21:18:25.0139 3492  SDRSVC - ok
21:18:25.0201 3492  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
21:18:25.0295 3492  secdrv - ok
21:18:25.0342 3492  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
21:18:25.0436 3492  seclogon - ok
21:18:25.0482 3492  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
21:18:25.0576 3492  SENS - ok
21:18:25.0607 3492  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
21:18:25.0732 3492  SensrSvc - ok
21:18:25.0764 3492  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
21:18:25.0811 3492  Serenum - ok
21:18:25.0857 3492  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
21:18:25.0920 3492  Serial - ok
21:18:25.0951 3492  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
21:18:25.0998 3492  sermouse - ok
21:18:26.0076 3492  [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv      C:\Windows\system32\sessenv.dll
21:18:26.0154 3492  SessionEnv - ok
21:18:26.0201 3492  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
21:18:26.0264 3492  sffdisk - ok
21:18:26.0279 3492  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
21:18:26.0326 3492  sffp_mmc - ok
21:18:26.0357 3492  [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
21:18:26.0404 3492  sffp_sd - ok
21:18:26.0451 3492  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
21:18:26.0482 3492  sfloppy - ok
21:18:26.0545 3492  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
21:18:26.0639 3492  SharedAccess - ok
21:18:26.0670 3492  [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:18:26.0764 3492  ShellHWDetection - ok
21:18:26.0795 3492  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\drivers\sisagp.sys
21:18:26.0826 3492  sisagp - ok
21:18:26.0889 3492  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:18:26.0920 3492  SiSRaid2 - ok
21:18:26.0936 3492  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
21:18:26.0982 3492  SiSRaid4 - ok
21:18:27.0061 3492  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
21:18:27.0107 3492  SkypeUpdate - ok
21:18:27.0139 3492  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
21:18:27.0201 3492  Smb - ok
21:18:27.0279 3492  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
21:18:27.0326 3492  SNMPTRAP - ok
21:18:27.0389 3492  [ 1A623F2B69E1F182F995F963C55DB935 ] Sony Ericsson PCCompanion C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
21:18:27.0436 3492  Sony Ericsson PCCompanion - ok
21:18:27.0498 3492  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
21:18:27.0529 3492  spldr - ok
21:18:27.0592 3492  [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler         C:\Windows\System32\spoolsv.exe
21:18:27.0748 3492  Spooler - ok
21:18:27.0904 3492  [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc          C:\Windows\system32\sppsvc.exe
21:18:28.0139 3492  sppsvc - ok
21:18:28.0170 3492  [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
21:18:28.0264 3492  sppuinotify - ok
21:18:28.0311 3492  [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv             C:\Windows\system32\DRIVERS\srv.sys
21:18:28.0404 3492  srv - ok
21:18:28.0451 3492  [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
21:18:28.0545 3492  srv2 - ok
21:18:28.0592 3492  [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
21:18:28.0623 3492  srvnet - ok
21:18:28.0686 3492  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
21:18:28.0795 3492  SSDPSRV - ok
21:18:28.0842 3492  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
21:18:28.0873 3492  ssmdrv - ok
21:18:28.0889 3492  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
21:18:28.0967 3492  SstpSvc - ok
21:18:29.0029 3492  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
21:18:29.0061 3492  stexstor - ok
21:18:29.0123 3492  [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc          C:\Windows\System32\wiaservc.dll
21:18:29.0201 3492  StiSvc - ok
21:18:29.0232 3492  [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
21:18:29.0279 3492  storflt - ok
21:18:29.0311 3492  [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
21:18:29.0342 3492  storvsc - ok
21:18:29.0373 3492  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\drivers\swenum.sys
21:18:29.0404 3492  swenum - ok
21:18:29.0451 3492  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
21:18:29.0561 3492  swprv - ok
21:18:29.0592 3492  Synth3dVsc - ok
21:18:29.0686 3492  [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain         C:\Windows\system32\sysmain.dll
21:18:29.0795 3492  SysMain - ok
21:18:29.0826 3492  [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:18:29.0904 3492  TabletInputService - ok
21:18:29.0951 3492  [ 613BF4820361543956909043A265C6AC ] TapiSrv         C:\Windows\System32\tapisrv.dll
21:18:30.0045 3492  TapiSrv - ok
21:18:30.0107 3492  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
21:18:30.0201 3492  TBS - ok
21:18:30.0311 3492  [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
21:18:30.0482 3492  Tcpip - ok
21:18:30.0592 3492  [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
21:18:30.0670 3492  TCPIP6 - ok
21:18:30.0732 3492  [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
21:18:30.0842 3492  tcpipreg - ok
21:18:30.0889 3492  [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
21:18:30.0982 3492  TDPIPE - ok
21:18:31.0014 3492  [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
21:18:31.0061 3492  TDTCP - ok
21:18:31.0107 3492  [ B459575348C20E8121D6039DA063C704 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
21:18:31.0186 3492  tdx - ok
21:18:31.0217 3492  [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD          C:\Windows\system32\drivers\termdd.sys
21:18:31.0248 3492  TermDD - ok
21:18:31.0311 3492  [ 382C804C92811BE57829D8E550A900E2 ] TermService     C:\Windows\System32\termsrv.dll
21:18:31.0420 3492  TermService - ok
21:18:31.0482 3492  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
21:18:31.0545 3492  Themes - ok
21:18:31.0576 3492  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
21:18:31.0654 3492  THREADORDER - ok
21:18:31.0717 3492  Tosrfcom - ok
21:18:31.0748 3492  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
21:18:31.0842 3492  TrkWks - ok
21:18:31.0904 3492  [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:18:31.0982 3492  TrustedInstaller - ok
21:18:32.0029 3492  [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
21:18:32.0107 3492  tssecsrv - ok
21:18:32.0139 3492  [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
21:18:32.0217 3492  TsUsbFlt - ok
21:18:32.0232 3492  tsusbhub - ok
21:18:32.0279 3492  TuneUp.UtilitiesSvc - ok
21:18:32.0326 3492  TuneUpUtilitiesDrv - ok
21:18:32.0357 3492  [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
21:18:32.0451 3492  tunnel - ok
21:18:32.0482 3492  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
21:18:32.0529 3492  uagp35 - ok
21:18:32.0576 3492  [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
21:18:32.0670 3492  udfs - ok
21:18:32.0732 3492  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
21:18:32.0795 3492  UI0Detect - ok
21:18:32.0842 3492  [ DE1B2980484AAF20A1DD8B743F96284B ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
21:18:32.0873 3492  UimBus - ok
21:18:32.0904 3492  [ E40D444BC1D1FBC2CADFBCC99551BAE0 ] Uim_IM          C:\Windows\system32\Drivers\Uim_IM.sys
21:18:32.0951 3492  Uim_IM - ok
21:18:32.0998 3492  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
21:18:33.0029 3492  uliagpkx - ok
21:18:33.0092 3492  [ D295BED4B898F0FD999FCFA9B32B071B ] umbus           C:\Windows\system32\drivers\umbus.sys
21:18:33.0139 3492  umbus - ok
21:18:33.0186 3492  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
21:18:33.0232 3492  UmPass - ok
21:18:33.0295 3492  [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService    C:\Windows\System32\umrdp.dll
21:18:33.0389 3492  UmRdpService - ok
21:18:33.0436 3492  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
21:18:33.0545 3492  upnphost - ok
21:18:33.0592 3492  [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
21:18:33.0670 3492  usbccgp - ok
21:18:33.0717 3492  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
21:18:33.0779 3492  usbcir - ok
21:18:33.0811 3492  [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
21:18:33.0857 3492  usbehci - ok
21:18:33.0889 3492  [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
21:18:33.0951 3492  usbhub - ok
21:18:33.0998 3492  [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
21:18:34.0045 3492  usbohci - ok
21:18:34.0076 3492  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
21:18:34.0123 3492  usbprint - ok
21:18:34.0170 3492  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
21:18:34.0201 3492  usbscan - ok
21:18:34.0232 3492  [ F991AB9CC6B908DB552166768176896A ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:18:34.0326 3492  USBSTOR - ok
21:18:34.0373 3492  [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
21:18:34.0404 3492  usbuhci - ok
21:18:34.0451 3492  [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
21:18:34.0514 3492  usbvideo - ok
21:18:34.0561 3492  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
21:18:34.0639 3492  UxSms - ok
21:18:34.0654 3492  [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc        C:\Windows\system32\lsass.exe
21:18:34.0701 3492  VaultSvc - ok
21:18:34.0732 3492  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
21:18:34.0764 3492  vdrvroot - ok
21:18:34.0811 3492  [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds             C:\Windows\System32\vds.exe
21:18:34.0920 3492  vds - ok
21:18:34.0982 3492  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
21:18:35.0029 3492  vga - ok
21:18:35.0061 3492  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
21:18:35.0139 3492  VgaSave - ok
21:18:35.0154 3492  VGPU - ok
21:18:35.0201 3492  [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
21:18:35.0248 3492  vhdmp - ok
21:18:35.0295 3492  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\drivers\viaagp.sys
21:18:35.0326 3492  viaagp - ok
21:18:35.0357 3492  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
21:18:35.0404 3492  ViaC7 - ok
21:18:35.0436 3492  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\drivers\viaide.sys
21:18:35.0467 3492  viaide - ok
21:18:35.0498 3492  [ C2F2911156FDC7817C52829C86DA494E ] vmbus           C:\Windows\system32\drivers\vmbus.sys
21:18:35.0545 3492  vmbus - ok
21:18:35.0576 3492  [ D4D77455211E204F370D08F4963063CE ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
21:18:35.0686 3492  VMBusHID - ok
21:18:35.0701 3492  [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
21:18:35.0732 3492  volmgr - ok
21:18:35.0795 3492  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
21:18:35.0857 3492  volmgrx - ok
21:18:35.0873 3492  [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
21:18:35.0936 3492  volsnap - ok
21:18:35.0982 3492  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
21:18:36.0014 3492  vsmraid - ok
21:18:36.0092 3492  [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS             C:\Windows\system32\vssvc.exe
21:18:36.0232 3492  VSS - ok
21:18:36.0248 3492  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
21:18:36.0311 3492  vwifibus - ok
21:18:36.0342 3492  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
21:18:36.0389 3492  vwififlt - ok
21:18:36.0451 3492  [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
21:18:36.0498 3492  vwifimp - ok
21:18:36.0561 3492  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
21:18:36.0654 3492  W32Time - ok
21:18:36.0686 3492  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
21:18:36.0732 3492  WacomPen - ok
21:18:36.0779 3492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
21:18:36.0889 3492  WANARP - ok
21:18:36.0889 3492  [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
21:18:36.0967 3492  Wanarpv6 - ok
21:18:37.0045 3492  [ 691E3285E53DCA558E1A84667F13E15A ] wbengine        C:\Windows\system32\wbengine.exe
21:18:37.0186 3492  wbengine - ok
21:18:37.0232 3492  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
21:18:37.0311 3492  WbioSrvc - ok
21:18:37.0357 3492  [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc         C:\Windows\System32\wcncsvc.dll
21:18:37.0451 3492  wcncsvc - ok
21:18:37.0482 3492  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:18:37.0607 3492  WcsPlugInService - ok
21:18:37.0654 3492  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
21:18:37.0686 3492  Wd - ok
21:18:37.0717 3492  [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
21:18:37.0779 3492  Wdf01000 - ok
21:18:37.0811 3492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
21:18:38.0014 3492  WdiServiceHost - ok
21:18:38.0029 3492  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
21:18:38.0092 3492  WdiSystemHost - ok
21:18:38.0123 3492  [ A9D880F97530D5B8FEE278923349929D ] WebClient       C:\Windows\System32\webclnt.dll
21:18:38.0186 3492  WebClient - ok
21:18:38.0217 3492  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
21:18:38.0326 3492  Wecsvc - ok
21:18:38.0342 3492  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
21:18:38.0451 3492  wercplsupport - ok
21:18:38.0482 3492  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
21:18:38.0576 3492  WerSvc - ok
21:18:38.0639 3492  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
21:18:38.0701 3492  WfpLwf - ok
21:18:38.0764 3492  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
21:18:38.0795 3492  WIMMount - ok
21:18:38.0920 3492  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
21:18:39.0014 3492  WinDefend - ok
21:18:39.0029 3492  WinHttpAutoProxySvc - ok
21:18:39.0139 3492  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
21:18:39.0217 3492  Winmgmt - ok
21:18:39.0295 3492  [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM           C:\Windows\system32\WsmSvc.dll
21:18:39.0451 3492  WinRM - ok
21:18:39.0529 3492  [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
21:18:39.0576 3492  WinUsb - ok
21:18:39.0654 3492  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
21:18:39.0764 3492  Wlansvc - ok
21:18:39.0857 3492  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:18:39.0998 3492  wlidsvc - ok
21:18:40.0045 3492  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
21:18:40.0076 3492  WmiAcpi - ok
21:18:40.0139 3492  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
21:18:40.0201 3492  wmiApSrv - ok
21:18:40.0279 3492  [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
21:18:40.0436 3492  WMPNetworkSvc - ok
21:18:40.0498 3492  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
21:18:40.0592 3492  WPCSvc - ok
21:18:40.0623 3492  [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
21:18:40.0686 3492  WPDBusEnum - ok
21:18:40.0748 3492  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
21:18:40.0842 3492  ws2ifsl - ok
21:18:40.0873 3492  [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc          C:\Windows\System32\wscsvc.dll
21:18:40.0936 3492  wscsvc - ok
21:18:40.0951 3492  WSearch - ok
21:18:41.0092 3492  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
21:18:41.0232 3492  wuauserv - ok
21:18:41.0264 3492  [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
21:18:41.0342 3492  WudfPf - ok
21:18:41.0420 3492  [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
21:18:41.0498 3492  WUDFRd - ok
21:18:41.0561 3492  [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
21:18:41.0654 3492  wudfsvc - ok
21:18:41.0701 3492  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
21:18:41.0764 3492  WwanSvc - ok
21:18:41.0826 3492  ================ Scan global ===============================
21:18:41.0857 3492  [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
21:18:41.0904 3492  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:18:41.0936 3492  [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
21:18:41.0982 3492  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
21:18:42.0045 3492  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
21:18:42.0061 3492  [Global] - ok
21:18:42.0061 3492  ================ Scan MBR ==================================
21:18:42.0092 3492  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
21:18:43.0373 3492  \Device\Harddisk0\DR0 - ok
21:18:43.0389 3492  ================ Scan VBR ==================================
21:18:43.0389 3492  [ 6A6C9D6472015E418C82681F4CEA3AC2 ] \Device\Harddisk0\DR0\Partition1
21:18:43.0404 3492  \Device\Harddisk0\DR0\Partition1 - ok
21:18:43.0467 3492  [ 3598D1CCC532E600E83ADF36DEB246BA ] \Device\Harddisk0\DR0\Partition2
21:18:43.0482 3492  \Device\Harddisk0\DR0\Partition2 - ok
21:18:43.0529 3492  [ DF544C3DDCD9E1984B0C5E9EF8583288 ] \Device\Harddisk0\DR0\Partition3
21:18:43.0529 3492  \Device\Harddisk0\DR0\Partition3 - ok
21:18:43.0529 3492  ============================================================
21:18:43.0529 3492  Scan finished
21:18:43.0529 3492  ============================================================
21:18:43.0982 0196  Detected object count: 1
21:18:43.0982 0196  Actual detected object count: 1
21:19:20.0498 0196  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - skipped by user
21:19:20.0498 0196  FreemakeVideoCapture ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 15.10.2012, 10:26   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 15.10.2012, 18:45   #27
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Code:
ATTFilter
ComboFix 12-10-14.03 - Jan 15.10.2012  17:58:11.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.1013.292 [GMT 2:00]
ausgeführt von:: c:\users\Jan\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\gema
c:\users\Jan\AppData\Roaming\Help\coredb\storage
C:\Washer2.rar
c:\washer2.rar\0BC347246285FE3
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-15 bis 2012-10-15  ))))))))))))))))))))))))))))))
.
.
2012-10-15 16:13 . 2012-10-15 16:13	--------	d-----w-	c:\users\Jan\AppData\Local\temp
2012-10-15 16:13 . 2012-10-15 16:13	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-15 16:01 . 2012-10-15 16:01	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{541EA6B7-91A9-4BCD-B678-A1708239D4EC}\offreg.dll
2012-10-14 09:27 . 2012-10-14 09:27	--------	d-----w-	c:\program files\Common Files\Adobe
2012-10-13 15:04 . 2012-10-14 16:34	--------	d-----w-	C:\_OTL
2012-10-12 13:23 . 2012-08-30 08:17	6980552	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{541EA6B7-91A9-4BCD-B678-A1708239D4EC}\mpengine.dll
2012-10-10 23:31 . 2012-06-02 04:36	140288	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 23:31 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 23:31 . 2012-06-02 04:36	103936	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 23:31 . 2012-08-31 17:18	1211760	----a-w-	c:\windows\system32\drivers\ntfs.sys
2012-10-10 23:31 . 2012-08-10 23:56	542208	----a-w-	c:\windows\system32\kerberos.dll
2012-10-10 23:31 . 2012-08-30 17:12	3968880	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-10-10 23:31 . 2012-08-30 17:12	3914096	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-10-09 20:52 . 2012-10-09 20:52	--------	d-----w-	c:\program files\ESET
2012-10-06 22:04 . 2012-10-06 22:04	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-09-26 15:14 . 2012-08-21 20:12	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-09-17 16:50 . 2012-09-17 16:50	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-09-17 16:50 . 2012-09-07 15:04	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-06 22:04 . 2012-01-29 21:55	821736	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-10-06 22:04 . 2011-07-19 22:20	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-09-18 15:34 . 2012-04-08 08:30	696240	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-09-18 15:34 . 2011-07-19 19:38	73136	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-24 13:58 . 2012-05-24 20:22	405152	----a-w-	c:\windows\system32\Newtonsoft.Json.Net20.dll
2012-08-22 17:16 . 2012-09-12 19:29	1292144	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 19:29	712048	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 19:29	240496	----a-w-	c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 19:29	187760	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-02 16:57 . 2012-09-12 19:29	490496	----a-w-	c:\windows\system32\d3d10level9.dll
2012-07-18 17:47 . 2012-08-15 20:24	2345984	----a-w-	c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages	REG_MULTI_SZ   	scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKLM\~\startupfolder\C:^Users^Jan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"YouCam Mirage"="c:\program files\CyberLink\YouCam\YCMMirage.exe"
"YouCam Tray"="c:\program files\CyberLink\YouCam\YouCamTray.exe" /s
"facemoods"="c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodssrv.exe" /md I
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\tuneupportable\App\TuneUp\TuneUpUtilitiesService32.exe [x]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\tuneupportable\App\TuneUp\TuneUpUtilitiesDriver32.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 netr28;Ralink 802.11n-Drahtlostreiber für Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Free YouTube Download - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Jan\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files\Stardock\ObjectDockFree\ODMenu.dll
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-15  18:18:42
ComboFix-quarantined-files.txt  2012-10-15 16:18
.
Vor Suchlauf: 11 Verzeichnis(se), 15.973.400.576 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 15.885.115.392 Bytes frei
.
- - End Of File - - 431537EBCC0B0A9EDFC2E5ED01C6B1B7
         

Alt 15.10.2012, 20:39   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 21.10.2012, 21:30   #29
Slowmotion
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



hi,
alle Programme haben ohne Probleme funktioniert

GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-20 02:41:55
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9160310AS rev.SD03
Running: 8txnpprs.exe; Driver: C:\Users\Jan\AppData\Local\Temp\uwldypow.sys


---- System - GMER 1.0.15 ----

SSDT            8A10879E                                                                                         ZwCreateSection
SSDT            8A1087A8                                                                                         ZwRequestWaitReplyPort
SSDT            8A1087A3                                                                                         ZwSetContextThread
SSDT            8A1087AD                                                                                         ZwSetSecurityObject
SSDT            8A1087B2                                                                                         ZwSystemDebugControl
SSDT            8A10873F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                         81C8CA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                           81CC64D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              81CCD62C 4 Bytes  [9E, 87, 10, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                              81CCD988 4 Bytes  [A8, 87, 10, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              81CCD9CC 4 Bytes  [A3, 87, 10, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                              81CCDA48 4 Bytes  [AD, 87, 10, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                              81CCDA9C 4 Bytes  [B2, 87, 10, 8A]
.text           ...                                                                                              

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000050                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                           rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a89f015                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000a3a89f015@001e7c02147a         0x3A 0x71 0x48 0xBE ...
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a89f015 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000a3a89f015@001e7c02147a             0x3A 0x71 0x48 0xBE ...

---- EOF - GMER 1.0.15 ----
         
OSAM
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 03:08:34 on 20.10.2012

OS: Windows 7 Ultimate Edition Service Pack 1 (Build 7601), 32-bit
Default Browser: Opera Software Opera Internet Browser 12.02

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\system32\drivers\tsusbhub.sys,-1" (tsusbhub) - ? - C:\Windows\System32\drivers\tsusbhub.sys  (File not found)
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\Users\Jan\AppData\Local\Temp\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"NetGroup Packet Filter Driver" (npf) - "CACE Technologies, Inc." - C:\Windows\System32\drivers\npf.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"Synth3dVsc" (Synth3dVsc) - ? - C:\Windows\System32\drivers\synth3dvsc.sys  (File not found)
"Tosrfcom" (Tosrfcom) - ? - C:\Windows\system32\drivers\Tosrfcom.sys  (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - ? - E:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesDriver32.sys  (File not found)
"VGPU" (VGPU) - ? - C:\Windows\System32\drivers\rdvgkmd.sys  (File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401 "{1984D045-52CF-49cd-DB77-08F378FEA4DB} {000214e8-0000-0000-c000-000000000046} 0x401" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash32_11_4_402_265.ocx / hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files\Java\jre7\bin\ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Notification packages" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"LIDIL hpzlllhn" - "Hewlett-Packard Company" - C:\Windows\system32\hpzlllhn.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
"ASP.NET State Service" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
"FreemakeVideoCapture" (FreemakeVideoCapture) - "Microsoft" - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"Sony Ericsson PCCompanion" (Sony Ericsson PCCompanion) - "Avanquest Software" - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - ? - "E:\TuneUpPortable\App\TuneUp\TuneUpUtilitiesService32.exe"  (File not found)
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         
aswMBR
Code:
ATTFilter
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-20 03:11:39
-----------------------------
03:11:39.572    OS Version: Windows 6.1.7601 Service Pack 1
03:11:39.572    Number of processors: 2 586 0x1C02
03:11:39.572    ComputerName: JAN-PC  UserName: Jan
03:12:32.056    Initialize success
03:14:39.859    AVAST engine defs: 12101901
03:15:06.187    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
03:15:06.187    Disk 0 Vendor: ST9160310AS SD03 Size: 152627MB BusType: 11
03:15:06.250    Disk 0 MBR read successfully
03:15:06.250    Disk 0 MBR scan
03:15:06.265    Disk 0 Windows 7 default MBR code
03:15:06.281    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
03:15:06.296    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       137024 MB offset 206848
03:15:06.359    Disk 0 Partition 3 00     0C    FAT32 LBA MSWIN4.1    15500 MB offset 280832265
03:15:06.390    Disk 0 scanning sectors +312576705
03:15:06.500    Disk 0 scanning C:\Windows\system32\drivers
03:15:25.656    Service scanning
03:16:04.953    Modules scanning
03:16:13.437    Disk 0 trace - called modules:
03:16:13.484    ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys dxgkrnl.sys igdkmd32.sys dxgmms1.sys 
03:16:13.500    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84310aa0]
03:16:13.515    3 CLASSPNP.SYS[8679d59e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8423d030]
03:16:14.406    AVAST engine scan C:\Windows
03:16:18.343    AVAST engine scan C:\Windows\system32
03:22:13.796    AVAST engine scan C:\Windows\system32\drivers
03:22:36.546    AVAST engine scan C:\Users\Jan
03:30:22.812    AVAST engine scan C:\ProgramData
03:31:32.984    Scan finished successfully
03:41:21.953    Disk 0 MBR has been saved successfully to "C:\Users\Jan\Desktop\MBR.dat"
03:41:21.968    The log file has been saved successfully to "C:\Users\Jan\Desktop\aswMBR.txt"
         

Alt 22.10.2012, 11:22   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Standard

Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
0xc0000006, antivir, autorun, avira, bho, browser, converter, downloader, error, festplatte, firefox, flash player, helper, iexplore.exe, jdownloader, logfile, mp3, nicht möglich, object, plug-in, problem, registry, registry value, scan, security, senden, software, svchost.exe, taskhost.exe, trojaner, windows, wrapper




Ähnliche Themen: Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load


  1. Malware in Hkcu/Microsoft/Windows/CurrentVersion/Run/BackgroundContainer
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (18)
  2. 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy
    Log-Analyse und Auswertung - 24.05.2013 (56)
  3. Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar
    Plagegeister aller Art und deren Bekämpfung - 27.02.2013 (32)
  4. Trojaner Trojan.Agent.Gen in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Run¦1
    Log-Analyse und Auswertung - 02.02.2013 (24)
  5. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  6. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  7. HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run/14328 (Trojan.Agent) läßt sich nicht entfernen!
    Log-Analyse und Auswertung - 11.10.2012 (27)
  8. (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682}
    Log-Analyse und Auswertung - 28.09.2012 (45)
  9. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  10. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  11. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    Log-Analyse und Auswertung - 22.04.2012 (3)
  12. BKA Version 1.09 über svchost.exe (HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load)
    Plagegeister aller Art und deren Bekämpfung - 29.03.2012 (7)
  13. Gleiches Problem wie Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Sh
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (12)
  14. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-.....
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (26)
  15. Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (13)
  16. Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (21)
  17. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    Mülltonne - 02.12.2008 (0)

Zum Thema Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load - Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert - Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load...
Archiv
Du betrachtest: Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.