Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU-Trojaner mit Cam und 100€ (https://www.trojaner-board.de/118636-gvu-trojaner-cam-100-a.html)

cosinus 11.07.2012 14:05
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3963999717-2235169476-1634751954-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\Users\Martin\AppData\LocalLow\Sun\Java\Deployment\cache
E:\Exploits
C:\Program Files (x86)\BabylonToolbar
C:\ProgramData\l_u0_0.pad
C:\Windows\SysNative\drivers\lvuvc.hs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

booth 11.07.2012 14:17
und nochmal ein Log :)

Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3963999717-2235169476-1634751954-1003\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\x\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
E:\Exploits folder moved successfully.
File\Folder C:\Program Files (x86)\BabylonToolbar not found.
C:\ProgramData\l_u0_0.pad moved successfully.
C:\Windows\SysNative\drivers\lvuvc.hs moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: x
->Temp folder emptied: 41065723 bytes
->Temporary Internet Files folder emptied: 760307209 bytes
->FireFox cache emptied: 135561126 bytes
->Flash cache emptied: 37606 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 388464120 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.264,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: x
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07112012_150957

Files\Folders moved on Reboot...
C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\x\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2009.10.07 01:47:22 | 000,109,080 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj01.dll : Unable to obtain MD5
[2009.10.07 01:46:36 | 000,131,608 | ---- | M] (Logitech Inc.) C:\Windows\temp\logishrd\LVPrcInj02.dll : Unable to obtain MD5

Registry entries deleted on Reboot...

cosinus 11.07.2012 14:45
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

booth 11.07.2012 14:52
hab ich ausgeführt, TDSS Killer hat auch nichts bemängelt.

Code:
15:49:27.0462 0640        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
15:49:27.0573 0640        ============================================================
15:49:27.0573 0640        Current date / time: 2012/07/11 15:49:27.0573
15:49:27.0573 0640        SystemInfo:
15:49:27.0573 0640       
15:49:27.0573 0640        OS Version: 6.1.7601 ServicePack: 1.0
15:49:27.0573 0640        Product type: Workstation
15:49:27.0573 0640        ComputerName: MARTIN-PC
15:49:27.0574 0640        UserName: Martin
15:49:27.0574 0640        Windows directory: C:\Windows
15:49:27.0574 0640        System windows directory: C:\Windows
15:49:27.0574 0640        Running under WOW64
15:49:27.0574 0640        Processor architecture: Intel x64
15:49:27.0574 0640        Number of processors: 2
15:49:27.0574 0640        Page size: 0x1000
15:49:27.0574 0640        Boot type: Normal boot
15:49:27.0574 0640        ============================================================
15:49:28.0242 0640        Drive \Device\Harddisk1\DR1 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:28.0246 0640        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:49:28.0249 0640        ============================================================
15:49:28.0249 0640        \Device\Harddisk1\DR1:
15:49:28.0250 0640        MBR partitions:
15:49:28.0250 0640        \Device\Harddisk0\DR0:
15:49:28.0250 0640        MBR partitions:
15:49:28.0250 0640        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D3C74
15:49:28.0263 0640        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D3CF2, BlocksNum 0xA7F6A8D
15:49:28.0275 0640        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF422FBE, BlocksNum 0xDD9D702
15:49:28.0275 0640        ============================================================
15:49:28.0300 0640        C: <-> \Device\Harddisk0\DR0\Partition0
15:49:28.0344 0640        E: <-> \Device\Harddisk0\DR0\Partition1
15:49:28.0367 0640        F: <-> \Device\Harddisk0\DR0\Partition2
15:49:28.0367 0640        ============================================================
15:49:28.0367 0640        Initialize success
15:49:28.0367 0640        ============================================================
15:49:57.0632 4972        ============================================================
15:49:57.0632 4972        Scan started
15:49:57.0632 4972        Mode: Manual; SigCheck; TDLFS;
15:49:57.0632 4972        ============================================================
15:49:57.0896 4972        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:49:57.0975 4972        1394ohci - ok
15:49:58.0031 4972        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:49:58.0048 4972        ACPI - ok
15:49:58.0093 4972        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:49:58.0151 4972        AcpiPmi - ok
15:49:58.0270 4972        AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:49:58.0279 4972        AdobeARMservice - ok
15:49:58.0334 4972        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:49:58.0354 4972        adp94xx - ok
15:49:58.0369 4972        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:49:58.0382 4972        adpahci - ok
15:49:58.0401 4972        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:49:58.0412 4972        adpu320 - ok
15:49:58.0436 4972        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:49:58.0558 4972        AeLookupSvc - ok
15:49:58.0613 4972        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:49:58.0669 4972        AFD - ok
15:49:58.0709 4972        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:49:58.0721 4972        agp440 - ok
15:49:58.0737 4972        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:49:58.0789 4972        ALG - ok
15:49:58.0808 4972        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:49:58.0819 4972        aliide - ok
15:49:58.0823 4972        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:49:58.0834 4972        amdide - ok
15:49:58.0880 4972        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:49:58.0923 4972        AmdK8 - ok
15:49:58.0930 4972        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:49:58.0951 4972        AmdPPM - ok
15:49:58.0968 4972        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
15:49:58.0980 4972        amdsata - ok
15:49:59.0001 4972        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:49:59.0015 4972        amdsbs - ok
15:49:59.0025 4972        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
15:49:59.0033 4972        amdxata - ok
15:49:59.0059 4972        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
15:49:59.0107 4972        androidusb - ok
15:49:59.0166 4972        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:49:59.0288 4972        AppID - ok
15:49:59.0317 4972        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:49:59.0359 4972        AppIDSvc - ok
15:49:59.0405 4972        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:49:59.0448 4972        Appinfo - ok
15:49:59.0497 4972        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:49:59.0537 4972        AppMgmt - ok
15:49:59.0568 4972        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:49:59.0580 4972        arc - ok
15:49:59.0592 4972        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:49:59.0604 4972        arcsas - ok
15:49:59.0623 4972        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:49:59.0677 4972        AsyncMac - ok
15:49:59.0710 4972        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:49:59.0718 4972        atapi - ok
15:49:59.0752 4972        AtcL001        (940e5b876251e04fffe058ad71fe0f1c) C:\Windows\system32\DRIVERS\l160x64.sys
15:49:59.0790 4972        AtcL001 - ok
15:49:59.0848 4972        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:59.0899 4972        AudioEndpointBuilder - ok
15:49:59.0906 4972        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:49:59.0938 4972        AudioSrv - ok
15:49:59.0982 4972        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:50:00.0039 4972        AxInstSV - ok
15:50:00.0088 4972        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:50:00.0138 4972        b06bdrv - ok
15:50:00.0173 4972        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:50:00.0217 4972        b57nd60a - ok
15:50:00.0257 4972        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:50:00.0278 4972        BDESVC - ok
15:50:00.0286 4972        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:50:00.0332 4972        Beep - ok
15:50:00.0430 4972        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:50:00.0472 4972        BFE - ok
15:50:00.0554 4972        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:50:00.0618 4972        BITS - ok
15:50:00.0673 4972        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:50:00.0701 4972        blbdrive - ok
15:50:00.0746 4972        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:50:00.0792 4972        bowser - ok
15:50:00.0823 4972        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:50:00.0881 4972        BrFiltLo - ok
15:50:00.0884 4972        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:50:00.0900 4972        BrFiltUp - ok
15:50:00.0937 4972        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:50:00.0996 4972        Browser - ok
15:50:01.0031 4972        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:50:01.0085 4972        Brserid - ok
15:50:01.0090 4972        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:50:01.0120 4972        BrSerWdm - ok
15:50:01.0124 4972        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:50:01.0141 4972        BrUsbMdm - ok
15:50:01.0144 4972        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:50:01.0160 4972        BrUsbSer - ok
15:50:01.0165 4972        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:50:01.0185 4972        BTHMODEM - ok
15:50:01.0220 4972        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:50:01.0262 4972        bthserv - ok
15:50:01.0278 4972        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:50:01.0307 4972        cdfs - ok
15:50:01.0356 4972        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:50:01.0379 4972        cdrom - ok
15:50:01.0430 4972        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:01.0473 4972        CertPropSvc - ok
15:50:01.0519 4972        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:50:01.0567 4972        circlass - ok
15:50:01.0651 4972        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:50:01.0667 4972        CLFS - ok
15:50:01.0733 4972        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:50:01.0743 4972        clr_optimization_v2.0.50727_32 - ok
15:50:01.0787 4972        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:50:01.0796 4972        clr_optimization_v2.0.50727_64 - ok
15:50:01.0871 4972        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:50:01.0880 4972        clr_optimization_v4.0.30319_32 - ok
15:50:01.0911 4972        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:50:01.0921 4972        clr_optimization_v4.0.30319_64 - ok
15:50:01.0959 4972        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:50:01.0972 4972        CmBatt - ok
15:50:01.0993 4972        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:50:02.0003 4972        cmdide - ok
15:50:02.0038 4972        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
15:50:02.0064 4972        CNG - ok
15:50:02.0081 4972        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:50:02.0092 4972        Compbatt - ok
15:50:02.0130 4972        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:50:02.0160 4972        CompositeBus - ok
15:50:02.0171 4972        COMSysApp - ok
15:50:02.0214 4972        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:50:02.0225 4972        crcdisk - ok
15:50:02.0276 4972        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:50:02.0325 4972        CryptSvc - ok
15:50:02.0365 4972        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:50:02.0406 4972        CSC - ok
15:50:02.0444 4972        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:50:02.0475 4972        CscService - ok
15:50:02.0547 4972        ctxusbm        (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
15:50:02.0555 4972        ctxusbm - ok
15:50:02.0579 4972        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
15:50:02.0586 4972        CVirtA - ok
15:50:02.0671 4972        CVPND          (66257cb4e4fb69887cddc71663741435) E:\cvpnd.exe
15:50:02.0708 4972        CVPND - ok
15:50:02.0759 4972        CVPNDRVA        (cc8e52daa9826064ba464dbe531f2bb5) C:\Windows\system32\Drivers\CVPNDRVA.sys
15:50:02.0770 4972        CVPNDRVA - ok
15:50:02.0831 4972        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:02.0891 4972        DcomLaunch - ok
15:50:02.0926 4972        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:50:02.0962 4972        defragsvc - ok
15:50:03.0006 4972        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:50:03.0050 4972        DfsC - ok
15:50:03.0063 4972        dgderdrv - ok
15:50:03.0070 4972        DgiVecp - ok
15:50:03.0112 4972        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:50:03.0162 4972        Dhcp - ok
15:50:03.0183 4972        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:50:03.0231 4972        discache - ok
15:50:03.0257 4972        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:50:03.0265 4972        Disk - ok
15:50:03.0297 4972        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
15:50:03.0304 4972        DNE - ok
15:50:03.0340 4972        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:50:03.0389 4972        Dnscache - ok
15:50:03.0422 4972        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:50:03.0471 4972        dot3svc - ok
15:50:03.0505 4972        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:50:03.0543 4972        DPS - ok
15:50:03.0587 4972        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:50:03.0603 4972        drmkaud - ok
15:50:03.0676 4972        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:50:03.0700 4972        DXGKrnl - ok
15:50:03.0737 4972        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:50:03.0788 4972        EapHost - ok
15:50:03.0935 4972        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:50:04.0005 4972        ebdrv - ok
15:50:04.0095 4972        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:50:04.0137 4972        EFS - ok
15:50:04.0212 4972        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:50:04.0258 4972        ehRecvr - ok
15:50:04.0281 4972        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:50:04.0321 4972        ehSched - ok
15:50:04.0377 4972        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:50:04.0399 4972        elxstor - ok
15:50:04.0430 4972        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:50:04.0457 4972        ErrDev - ok
15:50:04.0506 4972        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:50:04.0560 4972        EventSystem - ok
15:50:04.0590 4972        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:50:04.0629 4972        exfat - ok
15:50:04.0653 4972        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:50:04.0697 4972        fastfat - ok
15:50:04.0757 4972        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:50:04.0801 4972        Fax - ok
15:50:04.0814 4972        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:50:04.0824 4972        fdc - ok
15:50:04.0840 4972        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:50:04.0880 4972        fdPHost - ok
15:50:04.0892 4972        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:50:04.0932 4972        FDResPub - ok
15:50:04.0950 4972        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:50:04.0958 4972        FileInfo - ok
15:50:04.0978 4972        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:50:05.0024 4972        Filetrace - ok
15:50:05.0082 4972        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:50:05.0095 4972        flpydisk - ok
15:50:05.0139 4972        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:50:05.0155 4972        FltMgr - ok
15:50:05.0228 4972        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:50:05.0292 4972        FontCache - ok
15:50:05.0356 4972        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:50:05.0365 4972        FontCache3.0.0.0 - ok
15:50:05.0400 4972        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:50:05.0411 4972        FsDepends - ok
15:50:05.0423 4972        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:50:05.0433 4972        Fs_Rec - ok
15:50:05.0486 4972        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:50:05.0504 4972        fvevol - ok
15:50:05.0526 4972        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:50:05.0534 4972        gagp30kx - ok
15:50:05.0587 4972        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:50:05.0636 4972        gpsvc - ok
15:50:05.0652 4972        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:50:05.0690 4972        hcw85cir - ok
15:50:05.0747 4972        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:50:05.0767 4972        HdAudAddService - ok
15:50:05.0816 4972        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:50:05.0841 4972        HDAudBus - ok
15:50:05.0845 4972        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:50:05.0865 4972        HidBatt - ok
15:50:05.0885 4972        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:50:05.0899 4972        HidBth - ok
15:50:05.0903 4972        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:50:05.0930 4972        HidIr - ok
15:50:05.0954 4972        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:50:05.0998 4972        hidserv - ok
15:50:06.0039 4972        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:50:06.0049 4972        HidUsb - ok
15:50:06.0082 4972        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:50:06.0121 4972        hkmsvc - ok
15:50:06.0153 4972        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:50:06.0188 4972        HomeGroupListener - ok
15:50:06.0218 4972        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:50:06.0244 4972        HomeGroupProvider - ok
15:50:06.0293 4972        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:50:06.0304 4972        HpSAMD - ok
15:50:06.0371 4972        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:50:06.0434 4972        HTTP - ok
15:50:06.0461 4972        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:50:06.0468 4972        hwpolicy - ok
15:50:06.0504 4972        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:50:06.0515 4972        i8042prt - ok
15:50:06.0554 4972        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
15:50:06.0569 4972        iaStorV - ok
15:50:06.0671 4972        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:50:06.0697 4972        idsvc - ok
15:50:06.0717 4972        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:50:06.0726 4972        iirsp - ok
15:50:06.0772 4972        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:50:06.0824 4972        IKEEXT - ok
15:50:06.0845 4972        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:50:06.0853 4972        intelide - ok
15:50:06.0879 4972        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:50:06.0890 4972        intelppm - ok
15:50:06.0918 4972        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:50:06.0947 4972        IPBusEnum - ok
15:50:06.0976 4972        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:50:07.0017 4972        IpFilterDriver - ok
15:50:07.0064 4972        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:50:07.0098 4972        iphlpsvc - ok
15:50:07.0128 4972        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:50:07.0138 4972        IPMIDRV - ok
15:50:07.0162 4972        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:50:07.0213 4972        IPNAT - ok
15:50:07.0248 4972        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:50:07.0274 4972        IRENUM - ok
15:50:07.0309 4972        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:50:07.0320 4972        isapnp - ok
15:50:07.0343 4972        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:50:07.0359 4972        iScsiPrt - ok
15:50:07.0396 4972        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:50:07.0406 4972        kbdclass - ok
15:50:07.0426 4972        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:50:07.0452 4972        kbdhid - ok
15:50:07.0479 4972        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:07.0492 4972        KeyIso - ok
15:50:07.0503 4972        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
15:50:07.0515 4972        KSecDD - ok
15:50:07.0545 4972        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
15:50:07.0557 4972        KSecPkg - ok
15:50:07.0569 4972        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:50:07.0610 4972        ksthunk - ok
15:50:07.0647 4972        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:50:07.0689 4972        KtmRm - ok
15:50:07.0733 4972        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:50:07.0787 4972        LanmanServer - ok
15:50:07.0811 4972        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:50:07.0850 4972        LanmanWorkstation - ok
15:50:07.0967 4972        LBTServ        (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
15:50:07.0983 4972        LBTServ - ok
15:50:08.0014 4972        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
15:50:08.0020 4972        LHidFilt - ok
15:50:08.0052 4972        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:50:08.0090 4972        lltdio - ok
15:50:08.0121 4972        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:50:08.0168 4972        lltdsvc - ok
15:50:08.0188 4972        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:50:08.0216 4972        lmhosts - ok
15:50:08.0236 4972        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
15:50:08.0243 4972        LMouFilt - ok
15:50:08.0274 4972        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:50:08.0284 4972        LSI_FC - ok
15:50:08.0297 4972        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:50:08.0306 4972        LSI_SAS - ok
15:50:08.0323 4972        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:50:08.0332 4972        LSI_SAS2 - ok
15:50:08.0354 4972        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:50:08.0363 4972        LSI_SCSI - ok
15:50:08.0395 4972        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:50:08.0433 4972        luafv - ok
15:50:08.0479 4972        LVPr2M64        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:50:08.0486 4972        LVPr2M64 - ok
15:50:08.0500 4972        LVPr2Mon        (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
15:50:08.0506 4972        LVPr2Mon - ok
15:50:08.0576 4972        LVPrcS64        (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
15:50:08.0585 4972        LVPrcS64 - ok
15:50:08.0632 4972        LVRS64          (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
15:50:08.0643 4972        LVRS64 - ok
15:50:08.0916 4972        LVUVC64        (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
15:50:09.0006 4972        LVUVC64 - ok
15:50:09.0135 4972        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:50:09.0144 4972        MBAMProtector - ok
15:50:09.0226 4972        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:50:09.0243 4972        MBAMService - ok
15:50:09.0278 4972        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:50:09.0299 4972        Mcx2Svc - ok
15:50:09.0322 4972        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:50:09.0331 4972        megasas - ok
15:50:09.0357 4972        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:50:09.0369 4972        MegaSR - ok
15:50:09.0400 4972        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:09.0442 4972        MMCSS - ok
15:50:09.0469 4972        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:50:09.0510 4972        Modem - ok
15:50:09.0530 4972        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:50:09.0552 4972        monitor - ok
15:50:09.0594 4972        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:50:09.0605 4972        mouclass - ok
15:50:09.0639 4972        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:50:09.0665 4972        mouhid - ok
15:50:09.0694 4972        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:50:09.0705 4972        mountmgr - ok
15:50:09.0738 4972        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:50:09.0751 4972        mpio - ok
15:50:09.0762 4972        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:50:09.0798 4972        mpsdrv - ok
15:50:09.0858 4972        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:50:09.0914 4972        MpsSvc - ok
15:50:09.0943 4972        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:50:09.0958 4972        MRxDAV - ok
15:50:09.0987 4972        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:50:10.0029 4972        mrxsmb - ok
15:50:10.0082 4972        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:50:10.0109 4972        mrxsmb10 - ok
15:50:10.0129 4972        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:50:10.0143 4972        mrxsmb20 - ok
15:50:10.0172 4972        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:50:10.0181 4972        msahci - ok
15:50:10.0215 4972        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:50:10.0228 4972        msdsm - ok
15:50:10.0255 4972        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:50:10.0271 4972        MSDTC - ok
15:50:10.0303 4972        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:50:10.0338 4972        Msfs - ok
15:50:10.0349 4972        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:50:10.0389 4972        mshidkmdf - ok
15:50:10.0407 4972        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:50:10.0415 4972        msisadrv - ok
15:50:10.0457 4972        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:50:10.0513 4972        MSiSCSI - ok
15:50:10.0516 4972        msiserver - ok
15:50:10.0547 4972        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:50:10.0588 4972        MSKSSRV - ok
15:50:10.0603 4972        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:50:10.0643 4972        MSPCLOCK - ok
15:50:10.0661 4972        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:50:10.0704 4972        MSPQM - ok
15:50:10.0744 4972        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:50:10.0758 4972        MsRPC - ok
15:50:10.0775 4972        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:50:10.0783 4972        mssmbios - ok
15:50:10.0800 4972        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:50:10.0848 4972        MSTEE - ok
15:50:10.0874 4972        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:50:10.0883 4972        MTConfig - ok
15:50:10.0916 4972        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
15:50:10.0949 4972        MTsensor - ok
15:50:10.0976 4972        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:50:10.0987 4972        Mup - ok
15:50:11.0039 4972        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:50:11.0090 4972        napagent - ok
15:50:11.0132 4972        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:50:11.0149 4972        NativeWifiP - ok
15:50:11.0202 4972        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:50:11.0224 4972        NDIS - ok
15:50:11.0236 4972        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:50:11.0275 4972        NdisCap - ok
15:50:11.0299 4972        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:50:11.0340 4972        NdisTapi - ok
15:50:11.0368 4972        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:50:11.0415 4972        Ndisuio - ok
15:50:11.0442 4972        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:50:11.0486 4972        NdisWan - ok
15:50:11.0537 4972        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:50:11.0578 4972        NDProxy - ok
15:50:11.0600 4972        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:50:11.0638 4972        NetBIOS - ok
15:50:11.0798 4972        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:50:11.0850 4972        NetBT - ok
15:50:11.0875 4972        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:11.0888 4972        Netlogon - ok
15:50:11.0931 4972        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:50:11.0988 4972        Netman - ok
15:50:12.0029 4972        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:50:12.0075 4972        netprofm - ok
15:50:12.0147 4972        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:50:12.0157 4972        NetTcpPortSharing - ok
15:50:12.0185 4972        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:50:12.0194 4972        nfrd960 - ok
15:50:12.0242 4972        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:50:12.0295 4972        NlaSvc - ok
15:50:12.0311 4972        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:50:12.0348 4972        Npfs - ok
15:50:12.0358 4972        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:50:12.0400 4972        nsi - ok
15:50:12.0417 4972        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:50:12.0454 4972        nsiproxy - ok
15:50:12.0541 4972        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
15:50:12.0585 4972        Ntfs - ok
15:50:12.0680 4972        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:50:12.0725 4972        Null - ok
15:50:13.0295 4972        nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:50:13.0466 4972        nvlddmkm - ok
15:50:13.0594 4972        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
15:50:13.0607 4972        nvraid - ok
15:50:13.0615 4972        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
15:50:13.0628 4972        nvstor - ok
15:50:13.0710 4972        NVSvc          (dd9d86051b8f7669aabf693530f380fe) C:\Windows\system32\nvvsvc.exe
15:50:13.0731 4972        NVSvc - ok
15:50:13.0870 4972        nvUpdatusService (4472183de09f80cb1b56f217d8e0ab9b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:50:13.0910 4972        nvUpdatusService - ok
15:50:13.0995 4972        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:50:14.0007 4972        nv_agp - ok
15:50:14.0035 4972        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:50:14.0061 4972        ohci1394 - ok
15:50:14.0107 4972        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:50:14.0117 4972        ose - ok
15:50:14.0350 4972        osppsvc        (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:50:14.0424 4972        osppsvc - ok
15:50:14.0504 4972        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:14.0544 4972        p2pimsvc - ok
15:50:14.0573 4972        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:50:14.0592 4972        p2psvc - ok
15:50:14.0631 4972        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:50:14.0645 4972        Parport - ok
15:50:14.0670 4972        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:50:14.0681 4972        partmgr - ok
15:50:14.0697 4972        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:50:14.0728 4972        PcaSvc - ok
15:50:14.0756 4972        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:50:14.0769 4972        pci - ok
15:50:14.0781 4972        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:50:14.0788 4972        pciide - ok
15:50:14.0798 4972        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:50:14.0809 4972        pcmcia - ok
15:50:14.0820 4972        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:50:14.0828 4972        pcw - ok
15:50:14.0870 4972        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:50:14.0929 4972        PEAUTH - ok
15:50:15.0005 4972        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:50:15.0073 4972        PeerDistSvc - ok
15:50:15.0154 4972        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:50:15.0179 4972        PerfHost - ok
15:50:15.0315 4972        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:50:15.0385 4972        pla - ok
15:50:15.0442 4972        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:50:15.0475 4972        PlugPlay - ok
15:50:15.0498 4972        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:50:15.0523 4972        PNRPAutoReg - ok
15:50:15.0550 4972        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:50:15.0566 4972        PNRPsvc - ok
15:50:15.0611 4972        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:50:15.0666 4972        PolicyAgent - ok
15:50:15.0698 4972        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:50:15.0753 4972        Power - ok
15:50:15.0827 4972        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:50:15.0873 4972        PptpMiniport - ok
15:50:15.0897 4972        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:50:15.0919 4972        Processor - ok
15:50:15.0968 4972        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:50:16.0011 4972        ProfSvc - ok
15:50:16.0038 4972        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:16.0048 4972        ProtectedStorage - ok
15:50:16.0086 4972        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:50:16.0115 4972        Psched - ok
15:50:16.0185 4972        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:50:16.0218 4972        ql2300 - ok
15:50:16.0314 4972        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:50:16.0327 4972        ql40xx - ok
15:50:16.0356 4972        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:50:16.0384 4972        QWAVE - ok
15:50:16.0401 4972        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:50:16.0429 4972        QWAVEdrv - ok
15:50:16.0448 4972        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:50:16.0489 4972        RasAcd - ok
15:50:16.0523 4972        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:50:16.0552 4972        RasAgileVpn - ok
15:50:16.0567 4972        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:50:16.0597 4972        RasAuto - ok
15:50:16.0631 4972        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:50:16.0680 4972        Rasl2tp - ok
15:50:16.0718 4972        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:50:16.0759 4972        RasMan - ok
15:50:16.0780 4972        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:50:16.0817 4972        RasPppoe - ok
15:50:16.0848 4972        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:50:16.0886 4972        RasSstp - ok
15:50:16.0941 4972        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:50:16.0977 4972        rdbss - ok
15:50:16.0988 4972        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:50:17.0009 4972        rdpbus - ok
15:50:17.0034 4972        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:50:17.0076 4972        RDPCDD - ok
15:50:17.0104 4972        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:50:17.0125 4972        RDPDR - ok
15:50:17.0140 4972        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:50:17.0183 4972        RDPENCDD - ok
15:50:17.0203 4972        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:50:17.0230 4972        RDPREFMP - ok
15:50:17.0269 4972        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:50:17.0304 4972        RDPWD - ok
15:50:17.0340 4972        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:50:17.0351 4972        rdyboost - ok
15:50:17.0377 4972        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:50:17.0420 4972        RemoteAccess - ok
15:50:17.0451 4972        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:50:17.0495 4972        RemoteRegistry - ok
15:50:17.0514 4972        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:50:17.0554 4972        RpcEptMapper - ok
15:50:17.0565 4972        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:50:17.0587 4972        RpcLocator - ok
15:50:17.0620 4972        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:50:17.0652 4972        RpcSs - ok
15:50:17.0683 4972        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:50:17.0721 4972        rspndr - ok
15:50:17.0749 4972        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:50:17.0782 4972        s3cap - ok
15:50:17.0805 4972        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:17.0817 4972        SamSs - ok
15:50:17.0832 4972        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:50:17.0844 4972        sbp2port - ok
15:50:17.0873 4972        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:50:17.0908 4972        SCardSvr - ok
15:50:17.0940 4972        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:50:17.0988 4972        scfilter - ok
15:50:18.0060 4972        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:50:18.0121 4972        Schedule - ok
15:50:18.0150 4972        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:50:18.0178 4972        SCPolicySvc - ok
15:50:18.0213 4972        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:50:18.0246 4972        SDRSVC - ok
15:50:18.0295 4972        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:50:18.0345 4972        secdrv - ok
15:50:18.0359 4972        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:50:18.0389 4972        seclogon - ok
15:50:18.0419 4972        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:50:18.0448 4972        SENS - ok
15:50:18.0462 4972        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:50:18.0493 4972        SensrSvc - ok
15:50:18.0512 4972        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:50:18.0522 4972        Serenum - ok
15:50:18.0534 4972        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:50:18.0553 4972        Serial - ok
15:50:18.0570 4972        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:50:18.0594 4972        sermouse - ok
15:50:18.0630 4972        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:50:18.0671 4972        SessionEnv - ok
15:50:18.0691 4972        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:50:18.0722 4972        sffdisk - ok
15:50:18.0726 4972        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:50:18.0748 4972        sffp_mmc - ok
15:50:18.0761 4972        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:50:18.0787 4972        sffp_sd - ok
15:50:18.0800 4972        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:50:18.0825 4972        sfloppy - ok
15:50:18.0861 4972        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:50:18.0894 4972        SharedAccess - ok
15:50:18.0923 4972        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:50:18.0955 4972        ShellHWDetection - ok
15:50:18.0972 4972        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:50:18.0980 4972        SiSRaid2 - ok
15:50:18.0998 4972        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:50:19.0007 4972        SiSRaid4 - ok
15:50:19.0037 4972        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:50:19.0082 4972        Smb - ok
15:50:19.0116 4972        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:50:19.0127 4972        SNMPTRAP - ok
15:50:19.0138 4972        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:50:19.0145 4972        spldr - ok
15:50:19.0186 4972        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:50:19.0221 4972        Spooler - ok
15:50:19.0390 4972        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:50:19.0463 4972        sppsvc - ok
15:50:19.0554 4972        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:50:19.0605 4972        sppuinotify - ok
15:50:19.0664 4972        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:50:19.0746 4972        srv - ok
15:50:19.0784 4972        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:50:19.0819 4972        srv2 - ok
15:50:19.0841 4972        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:50:19.0871 4972        srvnet - ok
15:50:19.0905 4972        ssadbus        (d52282225d5bd73a9cbf420699d1a0fe) C:\Windows\system32\DRIVERS\ssadbus.sys
15:50:19.0945 4972        ssadbus - ok
15:50:19.0967 4972        ssadmdfl        (f7936ac6e8437e10e1ae488ce21f3086) C:\Windows\system32\DRIVERS\ssadmdfl.sys
15:50:19.0998 4972        ssadmdfl - ok
15:50:20.0022 4972        ssadmdm        (1fe033372a58c67b3ecca903fc637b36) C:\Windows\system32\DRIVERS\ssadmdm.sys
15:50:20.0047 4972        ssadmdm - ok
15:50:20.0094 4972        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
15:50:20.0104 4972        sscdbus - ok
15:50:20.0125 4972        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
15:50:20.0132 4972        sscdmdfl - ok
15:50:20.0158 4972        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
15:50:20.0167 4972        sscdmdm - ok
15:50:20.0205 4972        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:50:20.0260 4972        SSDPSRV - ok
15:50:20.0285 4972        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
15:50:20.0291 4972        SSPORT - ok
15:50:20.0313 4972        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:50:20.0343 4972        SstpSvc - ok
15:50:20.0437 4972        Stereo Service  (a2abc52cd8a5b60262b220a17a92eb31) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:50:20.0447 4972        Stereo Service - ok
15:50:20.0464 4972        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:50:20.0473 4972        stexstor - ok
15:50:20.0533 4972        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:50:20.0571 4972        stisvc - ok
15:50:20.0623 4972        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:50:20.0633 4972        storflt - ok
15:50:20.0661 4972        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:50:20.0695 4972        StorSvc - ok
15:50:20.0720 4972        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:50:20.0730 4972        storvsc - ok
15:50:20.0755 4972        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:50:20.0765 4972        swenum - ok
15:50:20.0806 4972        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:50:20.0862 4972        swprv - ok
15:50:20.0951 4972        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:50:21.0000 4972        SysMain - ok
15:50:21.0104 4972        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:50:21.0134 4972        TabletInputService - ok
15:50:21.0165 4972        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:50:21.0222 4972        TapiSrv - ok
15:50:21.0250 4972        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:50:21.0309 4972        TBS - ok
15:50:21.0435 4972        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
15:50:21.0478 4972        Tcpip - ok
15:50:21.0614 4972        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
15:50:21.0651 4972        TCPIP6 - ok
15:50:21.0703 4972        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:50:21.0751 4972        tcpipreg - ok
15:50:21.0779 4972        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:50:21.0807 4972        TDPIPE - ok
15:50:21.0810 4972        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:50:21.0847 4972        TDTCP - ok
15:50:21.0895 4972        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:50:21.0928 4972        tdx - ok
15:50:22.0129 4972        TeamViewer7    (33966a658ff37e0c65d46e59f37e2380) C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe
15:50:22.0175 4972        TeamViewer7 - ok
15:50:22.0273 4972        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:50:22.0283 4972        TermDD - ok
15:50:22.0324 4972        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:50:22.0385 4972        TermService - ok
15:50:22.0413 4972        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:50:22.0448 4972        Themes - ok
15:50:22.0471 4972        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:50:22.0508 4972        THREADORDER - ok
15:50:22.0540 4972        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:50:22.0580 4972        TrkWks - ok
15:50:22.0632 4972        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:50:22.0676 4972        TrustedInstaller - ok
15:50:22.0700 4972        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:50:22.0727 4972        tssecsrv - ok
15:50:22.0766 4972        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:50:22.0808 4972        TsUsbFlt - ok
15:50:22.0850 4972        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:50:22.0902 4972        tunnel - ok
15:50:22.0932 4972        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:50:22.0941 4972        uagp35 - ok
15:50:22.0990 4972        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:50:23.0036 4972        udfs - ok
15:50:23.0078 4972        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:50:23.0106 4972        UI0Detect - ok
15:50:23.0145 4972        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:50:23.0156 4972        uliagpkx - ok
15:50:23.0206 4972        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
15:50:23.0219 4972        umbus - ok
15:50:23.0222 4972        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:50:23.0245 4972        UmPass - ok
15:50:23.0274 4972        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:50:23.0298 4972        UmRdpService - ok
15:50:23.0401 4972        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:50:23.0443 4972        upnphost - ok
15:50:23.0475 4972        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
15:50:23.0488 4972        usbaudio - ok
15:50:23.0503 4972        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
15:50:23.0533 4972        usbccgp - ok
15:50:23.0569 4972        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:50:23.0582 4972        usbcir - ok
15:50:23.0594 4972        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
15:50:23.0619 4972        usbehci - ok
15:50:23.0662 4972        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
15:50:23.0692 4972        usbhub - ok
15:50:23.0719 4972        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
15:50:23.0744 4972        usbohci - ok
15:50:23.0776 4972        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:50:23.0806 4972        usbprint - ok
15:50:23.0828 4972        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:50:23.0867 4972        USBSTOR - ok
15:50:23.0888 4972        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
15:50:23.0916 4972        usbuhci - ok
15:50:23.0942 4972        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:50:23.0989 4972        UxSms - ok
15:50:24.0017 4972        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:50:24.0027 4972        VaultSvc - ok
15:50:24.0052 4972        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:50:24.0060 4972        vdrvroot - ok
15:50:24.0109 4972        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:50:24.0164 4972        vds - ok
15:50:24.0181 4972        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:50:24.0194 4972        vga - ok
15:50:24.0212 4972        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:50:24.0249 4972        VgaSave - ok
15:50:24.0278 4972        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:50:24.0289 4972        vhdmp - ok
15:50:24.0304 4972        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:50:24.0312 4972        viaide - ok
15:50:24.0345 4972        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:50:24.0359 4972        vmbus - ok
15:50:24.0387 4972        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:50:24.0411 4972        VMBusHID - ok
15:50:24.0431 4972        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:50:24.0442 4972        volmgr - ok
15:50:24.0483 4972        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:50:24.0501 4972        volmgrx - ok
15:50:24.0540 4972        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:50:24.0556 4972        volsnap - ok
15:50:24.0571 4972        vpnva - ok
15:50:24.0603 4972        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:50:24.0617 4972        vsmraid - ok
15:50:24.0708 4972        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:50:24.0783 4972        VSS - ok
15:50:24.0873 4972        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:50:24.0896 4972        vwifibus - ok
15:50:24.0940 4972        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:50:24.0981 4972        W32Time - ok
15:50:25.0000 4972        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:50:25.0026 4972        WacomPen - ok
15:50:25.0077 4972        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:25.0126 4972        WANARP - ok
15:50:25.0128 4972        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:50:25.0156 4972        Wanarpv6 - ok
15:50:25.0237 4972        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:50:25.0275 4972        wbengine - ok
15:50:25.0355 4972        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:50:25.0376 4972        WbioSrvc - ok
15:50:25.0419 4972        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:50:25.0443 4972        wcncsvc - ok
15:50:25.0461 4972        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:50:25.0485 4972        WcsPlugInService - ok
15:50:25.0527 4972        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:50:25.0537 4972        Wd - ok
15:50:25.0581 4972        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:50:25.0605 4972        Wdf01000 - ok
15:50:25.0618 4972        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:25.0680 4972        WdiServiceHost - ok
15:50:25.0683 4972        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:50:25.0700 4972        WdiSystemHost - ok
15:50:25.0735 4972        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:50:25.0765 4972        WebClient - ok
15:50:25.0786 4972        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:50:25.0837 4972        Wecsvc - ok
15:50:25.0852 4972        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:50:25.0882 4972        wercplsupport - ok
15:50:25.0908 4972        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:50:25.0938 4972        WerSvc - ok
15:50:25.0993 4972        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:50:26.0028 4972        WfpLwf - ok
15:50:26.0040 4972        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:50:26.0049 4972        WIMMount - ok
15:50:26.0072 4972        WinDefend - ok
15:50:26.0077 4972        WinHttpAutoProxySvc - ok
15:50:26.0133 4972        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:50:26.0166 4972        Winmgmt - ok
15:50:26.0263 4972        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:50:26.0318 4972        WinRM - ok
15:50:26.0416 4972        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:50:26.0443 4972        WinUsb - ok
15:50:26.0502 4972        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:50:26.0549 4972        Wlansvc - ok
15:50:26.0586 4972        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:50:26.0598 4972        WmiAcpi - ok
15:50:26.0653 4972        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:50:26.0683 4972        wmiApSrv - ok
15:50:26.0727 4972        WMPNetworkSvc - ok
15:50:26.0742 4972        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:50:26.0768 4972        WPCSvc - ok
15:50:26.0806 4972        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:50:26.0823 4972        WPDBusEnum - ok
15:50:26.0860 4972        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:50:26.0906 4972        ws2ifsl - ok
15:50:26.0928 4972        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
15:50:26.0953 4972        wscsvc - ok
15:50:26.0956 4972        WSearch - ok
15:50:27.0082 4972        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:50:27.0170 4972        wuauserv - ok
15:50:27.0255 4972        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:50:27.0300 4972        WudfPf - ok
15:50:27.0320 4972        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:50:27.0363 4972        WUDFRd - ok
15:50:27.0385 4972        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:50:27.0414 4972        wudfsvc - ok
15:50:27.0451 4972        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:50:27.0492 4972        WwanSvc - ok
15:50:27.0515 4972        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:50:27.0790 4972        \Device\Harddisk1\DR1 - ok
15:50:27.0803 4972        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:50:28.0389 4972        \Device\Harddisk0\DR0 - ok
15:50:28.0392 4972        Boot (0x1200)  (f1c432d3024b43ccf054647569d83ec5) \Device\Harddisk0\DR0\Partition0
15:50:28.0393 4972        \Device\Harddisk0\DR0\Partition0 - ok
15:50:28.0396 4972        Boot (0x1200)  (4819214da170bfb43ad0d455e06fc66e) \Device\Harddisk0\DR0\Partition1
15:50:28.0398 4972        \Device\Harddisk0\DR0\Partition1 - ok
15:50:28.0414 4972        Boot (0x1200)  (723f5836c958e6c728d3cd50cabc1e9e) \Device\Harddisk0\DR0\Partition2
15:50:28.0416 4972        \Device\Harddisk0\DR0\Partition2 - ok
15:50:28.0416 4972        ============================================================
15:50:28.0416 4972        Scan finished
15:50:28.0416 4972        ============================================================
15:50:28.0427 4996        Detected object count: 0
15:50:28.0427 4996        Actual detected object count: 0

cosinus 11.07.2012 14:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

booth 11.07.2012 15:25
combo fix done :)

[code]
Combofix Logfile:
Code:
ComboFix 12-07-11.03 - Martin 11.07.2012  16:08:28.1.2 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.4095.2800 [GMT 2:00]
ausgeführt von:: c:\users\Martin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
c:\users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
c:\windows\SysWow64\muzapp.exe
E:\setup.exe
F:\install.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll . . . . Nicht in der Lage zu löschen
c:\windows\TEMP\logishrd\LVPrcInj02.dll . . . . Nicht in der Lage zu löschen
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-11 13:09 . 2012-07-11 13:09        --------        dc----w-        C:\_OTL
2012-07-10 11:10 . 2012-07-10 11:10        --------        dc----w-        C:\NVIDIA
2012-07-09 14:03 . 2012-07-09 14:03        --------        d-----w-        c:\program files (x86)\ESET
2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\users\Martin\AppData\Roaming\Malwarebytes
2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-05 18:23 . 2012-07-05 18:23        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-05 18:23 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\programdata\Citrix
2012-07-04 18:06 . 2012-07-04 18:10        --------        d-----w-        c:\users\Martin\AppData\Roaming\ICAClient
2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\users\Martin\AppData\Local\Citrix
2012-07-04 18:06 . 2012-07-04 18:06        --------        d-----w-        c:\program files (x86)\Citrix
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"PDFPrint"="e:\pdf24\pdf24.exe" [2011-12-16 220744]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-03-10 300400]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-01-03 157160]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-01-03 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-01-03 177128]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-06 191000]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-08-13 11576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S2 TeamViewer7;TeamViewer 7;c:\users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [2009-10-13 61440]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-06 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - e:\office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Martin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - e:\office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesPDLR - c:\windows\system32\External\FirmwareUpdate\KiesPDLR.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\*C*]
@=multi:"\00ÿÿ\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
E:\cvpnd.exe
c:\program files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
c:\users\Martin\temp\TeamViewer\Version7\TeamViewer.exe
c:\users\Martin\temp\TeamViewer\Version7\tv_w32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-11  16:18:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-11 14:18
.
Vor Suchlauf: 1.235.206.144 Bytes frei
Nach Suchlauf: 1.117.290.496 Bytes frei
.
- - End Of File - - B453EA9A4789BD5C3D55A54ECE0654F4
--- --- ---

cosinus 11.07.2012 21:40
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

booth 12.07.2012 16:28
und hier das adw log

Code:
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : x - x-PC
# Running from : C:\Users\x\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0 (de)

Profile name : default
File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]
AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]
AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

cosinus 12.07.2012 18:55
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

booth 12.07.2012 20:01
so anbei schonmal das mgr und osam log. beim ausführen von aswMBR trat nach einer zeit ein Fehler auf " avast! Antirootkit funktioniert nicht mehr... Das Programm wird aufgrund eines Problems nicht richtig ausgeführt. Das Programm wird geschlossen udn Sie werden benachrichtigt, wenn eien Lösung verfügbar ist."

Code:
# AdwCleaner v1.701 - Logfile created 07/12/2012 at 17:27:26
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : x - x-PC
# Running from : C:\Users\x\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v4.0 (de)

Profile name : default
File : C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\vkgqzmab.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [12569 octets] - [10/07/2012 15:17:58]
AdwCleaner[S1].txt - [10431 octets] - [10/07/2012 21:31:51]
AdwCleaner[R2].txt - [827 octets] - [12/07/2012 17:27:26]

########## EOF - C:\AdwCleaner[R2].txt - [954 octets] ##########

und osam

[code]
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 20:46:36 on 12.07.2012

OS: Windows 7  Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - E:\Office14\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco AnyConnect VPN Virtual Miniport Adapter for Windows x64" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva64.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys
"dgderdrv" (dgderdrv) - ? - C:\Windows\System32\drivers\dgderdrv.sys  (File not found)
"DgiVecp" (DgiVecp) - ? - C:\Windows\system32\Drivers\DgiVecp.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - E:\7-Zip\7-zip.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - E:\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - E:\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - E:\Office14\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - E:\Office14\MLSHEXT.DLL
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - E:\Office14\OLKFSTUB.DLL

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_30" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_30.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - E:\Office14\ONBttnIE.dll
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - E:\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - E:\Office14\URLREDIR.DLL
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Logitech Vid" - "Logitech Inc." - "C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe" -bootmode
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PDFPrint" - "Geek Software GmbH" - E:\PDF24\pdf24.exe
"Samsung PanelMgr" - ? - C:\Windows\Samsung\PanelMgr\ssmmgr.exe /autorun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - E:\cvpnd.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Process Monitor" (LVPrcS64) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Users\Martin\temp\TeamViewer\Version7\TeamViewer_Service.exe

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 12.07.2012 21:04
Du hast das adwCleaner Log nochmal gepostet, es fehlt das von aswMBR
Ganz unten zu aswMBR hab ich übrigens noch einen Hinweis gepostet :pfeiff:

booth 12.07.2012 21:20
ha... :) wer lesen kann.. :) jap sorry

hier jetzt das aswMBR log

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-12 22:18:05
-----------------------------
22:18:05.170    OS Version: Windows x64 6.1.7601 Service Pack 1
22:18:05.170    Number of processors: 2 586 0xF0B
22:18:05.171    ComputerName: MARTIN-PC  UserName: Martin
22:18:05.408    Initialize success
22:18:09.197    AVAST engine defs: 12071201
22:18:19.675    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
22:18:19.678    Disk 0 Vendor: SAMSUNG_HD252KJ CM100-12 Size: 238475MB BusType: 3
22:18:19.680    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
22:18:19.683    Disk 1 Vendor: WDC_WD1600BB-22GUC0 08.02D08 Size: 152627MB BusType: 3
22:18:19.700    Disk 0 MBR read successfully
22:18:19.703    Disk 0 MBR scan
22:18:19.707    Disk 0 Windows 7 default MBR code
22:18:19.710    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        24999 MB offset 63
22:18:19.715    Disk 0 Partition - 00    0F Extended LBA            213465 MB offset 51199155
22:18:19.734    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS        85997 MB offset 51199218
22:18:19.739    Disk 0 Partition - 00    05    Extended            113466 MB offset 255995775
22:18:19.755    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      113466 MB offset 255995838
22:18:19.789    Disk 0 scanning C:\Windows\system32\drivers
22:18:27.648    Service scanning
22:18:43.871    Modules scanning
22:18:43.877    Disk 0 trace - called modules:
22:18:43.917    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
22:18:43.922    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004926060]
22:18:43.927    3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa80047c7e40]
22:18:43.932    5 ACPI.sys[fffff88000f5d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004472680]
22:18:43.938    Scan finished successfully
22:19:10.875    Disk 0 MBR has been saved successfully to "C:\Users\Martin\Desktop\MBR.dat"
22:19:10.880    The log file has been saved successfully to "C:\Users\Martin\Desktop\aswMBR.txt"

cosinus 13.07.2012 10:51
Was ist mit GMER? Ging das auch nicht?

booth 13.07.2012 16:13
Hallo Arne,

GEMR läuft zwar durch und meldet danach no modifications found... aber das log file lässt sich nicht darstellen bzw es ist einfach leer, kopiert auch nichts in die zwischenablage wenn ich auf copy klicke. das selbe im abgesicherten Modus...

gruß

cosinus 13.07.2012 21:16
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:54 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131