Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ebenfalls GVU Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 18.12.2012, 12:59   #1
BenHedges
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Hallo und erstmal danke für die kompetente Hilfe hier bei euch!

Auch mich hat es heute erwischt. Der GVU Trojaner hat zugesclagen.

Ich hab mein Win7 64bit runtergefahren und mit F8 im abgesicherten Modus gestartet, dann OTL.exe dürberlaufen lassen. Logs sind im Anhang.

Würde mich über Hilfe freuen.

Alt 18.12.2012, 13:10   #2
markusg
/// Malware-holic
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



hi
falls du deinen Namen unkenntlich gemacht hast, passe das Script an.

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
ATTFilter
:OTL
O4 - Startup: C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk =  File not found
O4 - HKU\S-1-5-21-3510303937-31973250-3848675314-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3510303937-31973250-3848675314-1000..\Run: [EPSONE1429D (Epson Stylus Photo PX720WD)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGYE.EXE /FU "C:\Users\MM\AppData\Local\Temp\E_SDAC4.tmp" /EF "HKCU" File not found
[2012.12.18 12:33:19 | 000,266,240 | ---- | C] (Корпорация Майкрософт) -- C:\Users\MM\wgsdgsdgdsgsd.exe
[2012.12.18 12:33:26 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.12.18 12:33:28 | 000,001,039 | ---- | C] () -- C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O4 - HKLM..\Run: [NPSStartup]  File not found
 :Files
:Commands
[EMPTYFLASH] 
[emptytemp]
         


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!




Drücke bitte die + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus
__________________

__________________

Alt 18.12.2012, 13:37   #3
BenHedges
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Danke für die schnelle Antwort.

Habe die Datei wie beschrieben, problemlos über den Uploadchannel hochladen können.

achso:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CloudStation.lnk moved successfully.
Registry value HKEY_USERS\S-1-5-21-3510303937-31973250-3848675314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3510303937-31973250-3848675314-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPSONE1429D (Epson Stylus Photo PX720WD) deleted successfully.
C:\Users\MM\wgsdgsdgdsgsd.exe moved successfully.
C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.
C:\Users\MM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NPSStartup deleted successfully.
========== COMMANDS ==========
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56504 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Mcx1-TALL-GODDESS
->Flash cache emptied: 56504 bytes
 
User: MM
->Flash cache emptied: 1994062 bytes
 
User: Public
 
Total Flash Files Cleaned = 2,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Mcx1-TALL-GODDESS
->Temp folder emptied: 454 bytes
->Temporary Internet Files folder emptied: 78346 bytes
->Flash cache emptied: 0 bytes
 
User: MM
->Temp folder emptied: 4093 bytes
->Temporary Internet Files folder emptied: 152993909 bytes
->Java cache emptied: 6307290 bytes
->FireFox cache emptied: 596385900 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1548319 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61649002 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 527618 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 755 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 641 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 782,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12182012_142946

Files\Folders moved on Reboot...
C:\Users\MM\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________

Alt 18.12.2012, 18:05   #4
markusg
/// Malware-holic
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Hi
danke.
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 18.12.2012, 18:39   #5
BenHedges
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Hmm, ich hoffe, das ist der richtgie Log:

Code:
ATTFilter
19:31:46.0866 5056  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:31:47.0022 5056  ============================================================
19:31:47.0022 5056  Current date / time: 2012/12/18 19:31:47.0022
19:31:47.0022 5056  SystemInfo:
19:31:47.0022 5056  
19:31:47.0022 5056  OS Version: 6.1.7601 ServicePack: 1.0
19:31:47.0022 5056  Product type: Workstation
19:31:47.0022 5056  ComputerName: TALL-GODDESS
19:31:47.0022 5056  UserName: MM
19:31:47.0022 5056  Windows directory: C:\Windows
19:31:47.0022 5056  System windows directory: C:\Windows
19:31:47.0022 5056  Running under WOW64
19:31:47.0022 5056  Processor architecture: Intel x64
19:31:47.0022 5056  Number of processors: 2
19:31:47.0022 5056  Page size: 0x1000
19:31:47.0022 5056  Boot type: Normal boot
19:31:47.0022 5056  ============================================================
19:31:48.0098 5056  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:48.0114 5056  Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:31:48.0160 5056  Drive \Device\Harddisk6\DR6 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:31:48.0504 5056  Drive \Device\Harddisk7\DR9 - Size: 0x3B6000000 (14.84 Gb), SectorSize: 0x200, Cylinders: 0x791, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:31:48.0504 5056  ============================================================
19:31:48.0504 5056  \Device\Harddisk0\DR0:
19:31:48.0504 5056  MBR partitions:
19:31:48.0504 5056  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:31:48.0535 5056  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
19:31:48.0535 5056  \Device\Harddisk1\DR1:
19:31:48.0550 5056  MBR partitions:
19:31:48.0550 5056  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xC34F28D
19:31:48.0566 5056  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xC34F30B, BlocksNum 0x190DA4F5
19:31:48.0566 5056  \Device\Harddisk6\DR6:
19:31:48.0566 5056  MBR partitions:
19:31:48.0566 5056  \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4A856E82
19:31:48.0566 5056  \Device\Harddisk7\DR9:
19:31:48.0566 5056  MBR partitions:
19:31:48.0566 5056  \Device\Harddisk7\DR9\Partition1: MBR, Type 0xC, StartLBA 0x970, BlocksNum 0x1DAF690
19:31:48.0566 5056  ============================================================
19:31:48.0628 5056  C: <-> \Device\Harddisk1\DR1\Partition1
19:31:48.0644 5056  D: <-> \Device\Harddisk0\DR0\Partition1
19:31:48.0675 5056  E: <-> \Device\Harddisk0\DR0\Partition2
19:31:48.0706 5056  F: <-> \Device\Harddisk1\DR1\Partition2
19:31:48.0816 5056  O: <-> \Device\Harddisk6\DR6\Partition1
19:31:48.0816 5056  ============================================================
19:31:48.0816 5056  Initialize success
19:31:48.0816 5056  ============================================================
19:32:27.0784 1768  ============================================================
19:32:27.0784 1768  Scan started
19:32:27.0784 1768  Mode: Manual; SigCheck; TDLFS; 
19:32:27.0784 1768  ============================================================
19:32:29.0110 1768  ================ Scan system memory ========================
19:32:29.0110 1768  System memory - ok
19:32:29.0110 1768  ================ Scan services =============================
19:32:29.0235 1768  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
19:32:29.0329 1768  1394ohci - ok
19:32:29.0360 1768  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
19:32:29.0391 1768  ACPI - ok
19:32:29.0407 1768  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
19:32:29.0469 1768  AcpiPmi - ok
19:32:29.0500 1768  [ D44BCAF639E4E45307C2BC80715273D5 ] adfs            C:\Windows\system32\drivers\adfs.sys
19:32:29.0547 1768  adfs - ok
19:32:29.0594 1768  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
19:32:29.0641 1768  adp94xx - ok
19:32:29.0672 1768  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
19:32:29.0703 1768  adpahci - ok
19:32:29.0719 1768  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
19:32:29.0734 1768  adpu320 - ok
19:32:29.0766 1768  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
19:32:29.0875 1768  AeLookupSvc - ok
19:32:29.0937 1768  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
19:32:29.0984 1768  AFD - ok
19:32:30.0031 1768  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
19:32:30.0046 1768  agp440 - ok
19:32:30.0062 1768  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
19:32:30.0109 1768  ALG - ok
19:32:30.0156 1768  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
19:32:30.0171 1768  aliide - ok
19:32:30.0187 1768  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
19:32:30.0202 1768  amdide - ok
19:32:30.0249 1768  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
19:32:30.0296 1768  AmdK8 - ok
19:32:30.0312 1768  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
19:32:30.0343 1768  AmdPPM - ok
19:32:30.0374 1768  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
19:32:30.0390 1768  amdsata - ok
19:32:30.0421 1768  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
19:32:30.0452 1768  amdsbs - ok
19:32:30.0468 1768  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
19:32:30.0483 1768  amdxata - ok
19:32:30.0561 1768  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
19:32:30.0577 1768  AntiVirSchedulerService - ok
19:32:30.0624 1768  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
19:32:30.0624 1768  AntiVirService - ok
19:32:30.0670 1768  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
19:32:30.0811 1768  AppID - ok
19:32:30.0842 1768  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
19:32:30.0889 1768  AppIDSvc - ok
19:32:30.0920 1768  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
19:32:30.0982 1768  Appinfo - ok
19:32:31.0045 1768  [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:32:31.0045 1768  Apple Mobile Device - ok
19:32:31.0092 1768  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
19:32:31.0107 1768  AppMgmt - ok
19:32:31.0138 1768  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
19:32:31.0170 1768  arc - ok
19:32:31.0185 1768  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
19:32:31.0201 1768  arcsas - ok
19:32:31.0232 1768  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
19:32:31.0279 1768  AsyncMac - ok
19:32:31.0326 1768  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
19:32:31.0341 1768  atapi - ok
19:32:31.0388 1768  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:32:31.0466 1768  AudioEndpointBuilder - ok
19:32:31.0482 1768  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
19:32:31.0528 1768  AudioSrv - ok
19:32:31.0575 1768  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
19:32:31.0591 1768  avgntflt - ok
19:32:31.0622 1768  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
19:32:31.0638 1768  avipbb - ok
19:32:31.0653 1768  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
19:32:31.0669 1768  avkmgr - ok
19:32:31.0700 1768  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
19:32:31.0778 1768  AxInstSV - ok
19:32:31.0825 1768  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
19:32:31.0872 1768  b06bdrv - ok
19:32:31.0918 1768  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
19:32:31.0965 1768  b57nd60a - ok
19:32:31.0996 1768  [ 2BC7C1697B633692A061A4A36ED9DFDD ] bcm44amd64      C:\Windows\system32\DRIVERS\b44amd64.sys
19:32:32.0028 1768  bcm44amd64 - ok
19:32:32.0059 1768  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
19:32:32.0090 1768  BDESVC - ok
19:32:32.0106 1768  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
19:32:32.0152 1768  Beep - ok
19:32:32.0215 1768  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
19:32:32.0277 1768  BFE - ok
19:32:32.0324 1768  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
19:32:32.0402 1768  BITS - ok
19:32:32.0433 1768  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
19:32:32.0449 1768  blbdrive - ok
19:32:32.0527 1768  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:32:32.0542 1768  Bonjour Service - ok
19:32:32.0589 1768  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
19:32:32.0620 1768  bowser - ok
19:32:32.0636 1768  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:32:32.0698 1768  BrFiltLo - ok
19:32:32.0714 1768  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:32:32.0745 1768  BrFiltUp - ok
19:32:32.0776 1768  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
19:32:32.0808 1768  Browser - ok
19:32:32.0823 1768  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
19:32:32.0870 1768  Brserid - ok
19:32:32.0886 1768  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
19:32:32.0901 1768  BrSerWdm - ok
19:32:32.0917 1768  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
19:32:32.0948 1768  BrUsbMdm - ok
19:32:32.0948 1768  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
19:32:32.0964 1768  BrUsbSer - ok
19:32:32.0979 1768  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
19:32:33.0010 1768  BTHMODEM - ok
19:32:33.0042 1768  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
19:32:33.0104 1768  bthserv - ok
19:32:33.0135 1768  [ FC278504BFA3AC7E9ED92359D0EE7282 ] busenum         C:\Windows\system32\DRIVERS\busenum.sys
19:32:33.0151 1768  busenum - ok
19:32:33.0182 1768  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
19:32:33.0244 1768  cdfs - ok
19:32:33.0291 1768  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
19:32:33.0322 1768  cdrom - ok
19:32:33.0354 1768  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
19:32:33.0400 1768  CertPropSvc - ok
19:32:33.0416 1768  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
19:32:33.0463 1768  circlass - ok
19:32:33.0478 1768  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
19:32:33.0494 1768  CLFS - ok
19:32:33.0541 1768  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:33.0556 1768  clr_optimization_v2.0.50727_32 - ok
19:32:33.0603 1768  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:32:33.0634 1768  clr_optimization_v2.0.50727_64 - ok
19:32:33.0697 1768  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:33.0712 1768  clr_optimization_v4.0.30319_32 - ok
19:32:33.0790 1768  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:32:33.0790 1768  clr_optimization_v4.0.30319_64 - ok
19:32:33.0822 1768  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
19:32:33.0884 1768  CmBatt - ok
19:32:33.0915 1768  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
19:32:33.0931 1768  cmdide - ok
19:32:33.0962 1768  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
19:32:34.0009 1768  CNG - ok
19:32:34.0009 1768  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
19:32:34.0040 1768  Compbatt - ok
19:32:34.0056 1768  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
19:32:34.0102 1768  CompositeBus - ok
19:32:34.0118 1768  COMSysApp - ok
19:32:34.0134 1768  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
19:32:34.0149 1768  crcdisk - ok
19:32:34.0196 1768  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
19:32:34.0243 1768  CryptSvc - ok
19:32:34.0274 1768  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
19:32:34.0336 1768  CSC - ok
19:32:34.0368 1768  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
19:32:34.0430 1768  CscService - ok
19:32:34.0461 1768  [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA          C:\Windows\system32\DRIVERS\CVirtA64.sys
19:32:34.0477 1768  CVirtA - ok
19:32:34.0524 1768  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
19:32:34.0570 1768  DcomLaunch - ok
19:32:34.0602 1768  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
19:32:34.0648 1768  defragsvc - ok
19:32:34.0680 1768  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
19:32:34.0726 1768  DfsC - ok
19:32:34.0758 1768  [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
19:32:34.0773 1768  dg_ssudbus - ok
19:32:34.0820 1768  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
19:32:34.0867 1768  Dhcp - ok
19:32:34.0882 1768  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
19:32:34.0945 1768  discache - ok
19:32:34.0960 1768  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
19:32:34.0976 1768  Disk - ok
19:32:35.0007 1768  [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE             C:\Windows\system32\DRIVERS\dne64x.sys
19:32:35.0023 1768  DNE - ok
19:32:35.0070 1768  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
19:32:35.0101 1768  Dnscache - ok
19:32:35.0148 1768  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
19:32:35.0194 1768  dot3svc - ok
19:32:35.0226 1768  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
19:32:35.0272 1768  DPS - ok
19:32:35.0304 1768  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
19:32:35.0319 1768  drmkaud - ok
19:32:35.0366 1768  [ 0040A0132AAC1004E50055F8FBB14C08 ] dsNcAdpt        C:\Windows\system32\DRIVERS\dsNcAdpt.sys
19:32:35.0382 1768  dsNcAdpt - ok
19:32:35.0475 1768  [ 6AFB858B9E124E6A4DC4ED4E8525C050 ] dsNcService     C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
19:32:35.0491 1768  dsNcService - ok
19:32:35.0538 1768  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
19:32:35.0584 1768  DXGKrnl - ok
19:32:35.0616 1768  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
19:32:35.0662 1768  EapHost - ok
19:32:35.0740 1768  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
19:32:35.0865 1768  ebdrv - ok
19:32:35.0881 1768  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
19:32:35.0912 1768  EFS - ok
19:32:35.0974 1768  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
19:32:36.0037 1768  ehRecvr - ok
19:32:36.0068 1768  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
19:32:36.0099 1768  ehSched - ok
19:32:36.0146 1768  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
19:32:36.0177 1768  elxstor - ok
19:32:36.0208 1768  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
19:32:36.0224 1768  ErrDev - ok
19:32:36.0286 1768  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
19:32:36.0333 1768  EventSystem - ok
19:32:36.0349 1768  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
19:32:36.0396 1768  exfat - ok
19:32:36.0427 1768  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
19:32:36.0474 1768  fastfat - ok
19:32:36.0520 1768  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
19:32:36.0598 1768  Fax - ok
19:32:36.0614 1768  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
19:32:36.0630 1768  fdc - ok
19:32:36.0661 1768  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
19:32:36.0708 1768  fdPHost - ok
19:32:36.0723 1768  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
19:32:36.0770 1768  FDResPub - ok
19:32:36.0801 1768  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
19:32:36.0817 1768  FileInfo - ok
19:32:36.0832 1768  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
19:32:36.0879 1768  Filetrace - ok
19:32:36.0926 1768  [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:32:36.0942 1768  FLEXnet Licensing Service - ok
19:32:36.0988 1768  [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:32:37.0020 1768  FLEXnet Licensing Service 64 - ok
19:32:37.0035 1768  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
19:32:37.0051 1768  flpydisk - ok
19:32:37.0098 1768  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
19:32:37.0113 1768  FltMgr - ok
19:32:37.0144 1768  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
19:32:37.0222 1768  FontCache - ok
19:32:37.0269 1768  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:32:37.0285 1768  FontCache3.0.0.0 - ok
19:32:37.0300 1768  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
19:32:37.0316 1768  FsDepends - ok
19:32:37.0347 1768  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
19:32:37.0363 1768  Fs_Rec - ok
19:32:37.0410 1768  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
19:32:37.0425 1768  fvevol - ok
19:32:37.0441 1768  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
19:32:37.0456 1768  gagp30kx - ok
19:32:37.0503 1768  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:32:37.0519 1768  GEARAspiWDM - ok
19:32:37.0550 1768  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
19:32:37.0628 1768  gpsvc - ok
19:32:37.0644 1768  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
19:32:37.0659 1768  hcw85cir - ok
19:32:37.0706 1768  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:32:37.0753 1768  HdAudAddService - ok
19:32:37.0784 1768  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
19:32:37.0800 1768  HDAudBus - ok
19:32:37.0815 1768  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
19:32:37.0846 1768  HidBatt - ok
19:32:37.0862 1768  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
19:32:37.0893 1768  HidBth - ok
19:32:37.0924 1768  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
19:32:37.0956 1768  HidIr - ok
19:32:37.0987 1768  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
19:32:38.0034 1768  hidserv - ok
19:32:38.0080 1768  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
19:32:38.0112 1768  HidUsb - ok
19:32:38.0143 1768  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
19:32:38.0190 1768  hkmsvc - ok
19:32:38.0221 1768  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:32:38.0268 1768  HomeGroupListener - ok
19:32:38.0314 1768  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:32:38.0330 1768  HomeGroupProvider - ok
19:32:38.0361 1768  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
19:32:38.0377 1768  HpSAMD - ok
19:32:38.0424 1768  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
19:32:38.0502 1768  HTTP - ok
19:32:38.0533 1768  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
19:32:38.0548 1768  hwpolicy - ok
19:32:38.0595 1768  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
19:32:38.0611 1768  i8042prt - ok
19:32:38.0642 1768  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
19:32:38.0689 1768  iaStorV - ok
19:32:38.0736 1768  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:32:38.0985 1768  idsvc - ok
19:32:39.0016 1768  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
19:32:39.0032 1768  iirsp - ok
19:32:39.0079 1768  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
19:32:39.0204 1768  IKEEXT - ok
19:32:39.0235 1768  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
19:32:39.0250 1768  intelide - ok
19:32:39.0266 1768  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
19:32:39.0297 1768  intelppm - ok
19:32:39.0328 1768  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
19:32:39.0375 1768  IPBusEnum - ok
19:32:39.0422 1768  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:32:39.0453 1768  IpFilterDriver - ok
19:32:39.0500 1768  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
19:32:39.0531 1768  iphlpsvc - ok
19:32:39.0578 1768  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
19:32:39.0609 1768  IPMIDRV - ok
19:32:39.0640 1768  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
19:32:39.0703 1768  IPNAT - ok
19:32:39.0781 1768  [ B474C756C13960793C7583B766F904C4 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
19:32:39.0796 1768  iPod Service - ok
19:32:39.0812 1768  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
19:32:39.0890 1768  IRENUM - ok
19:32:39.0906 1768  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
19:32:39.0921 1768  isapnp - ok
19:32:39.0952 1768  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
19:32:39.0984 1768  iScsiPrt - ok
19:32:39.0999 1768  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
19:32:40.0030 1768  kbdclass - ok
19:32:40.0046 1768  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
19:32:40.0077 1768  kbdhid - ok
19:32:40.0077 1768  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
19:32:40.0093 1768  KeyIso - ok
19:32:40.0124 1768  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
19:32:40.0140 1768  KSecDD - ok
19:32:40.0171 1768  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
19:32:40.0186 1768  KSecPkg - ok
19:32:40.0218 1768  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
19:32:40.0264 1768  ksthunk - ok
19:32:40.0296 1768  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
19:32:40.0374 1768  KtmRm - ok
19:32:40.0405 1768  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
19:32:40.0467 1768  LanmanServer - ok
19:32:40.0498 1768  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:32:40.0545 1768  LanmanWorkstation - ok
19:32:40.0592 1768  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
19:32:40.0639 1768  lltdio - ok
19:32:40.0670 1768  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
19:32:40.0717 1768  lltdsvc - ok
19:32:40.0732 1768  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
19:32:40.0779 1768  lmhosts - ok
19:32:40.0810 1768  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
19:32:40.0826 1768  LSI_FC - ok
19:32:40.0842 1768  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
19:32:40.0873 1768  LSI_SAS - ok
19:32:40.0888 1768  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:32:40.0904 1768  LSI_SAS2 - ok
19:32:40.0920 1768  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:32:40.0935 1768  LSI_SCSI - ok
19:32:40.0966 1768  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
19:32:41.0029 1768  luafv - ok
19:32:41.0060 1768  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2M64        C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:32:41.0076 1768  LVPr2M64 - ok
19:32:41.0107 1768  [ DED333DBDBBCC3555A6E6244522E2F1A ] LVPr2Mon        C:\Windows\system32\DRIVERS\LVPr2M64.sys
19:32:41.0107 1768  LVPr2Mon - ok
19:32:41.0138 1768  [ A35679E56E78091E1042A2D7ADBF2958 ] LVPrcS64        C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
19:32:41.0154 1768  LVPrcS64 - ok
19:32:41.0185 1768  [ 986C1CB787A007BAA5F74E7D316D7246 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
19:32:41.0216 1768  LVRS64 - ok
19:32:41.0341 1768  [ 5747BC465ABEA2858C5D037252AED84E ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
19:32:41.0575 1768  LVUVC64 - ok
19:32:41.0606 1768  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
19:32:41.0637 1768  Mcx2Svc - ok
19:32:41.0653 1768  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
19:32:41.0668 1768  megasas - ok
19:32:41.0700 1768  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
19:32:41.0731 1768  MegaSR - ok
19:32:41.0778 1768  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:32:41.0793 1768  Microsoft Office Groove Audit Service - ok
19:32:41.0824 1768  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
19:32:41.0871 1768  MMCSS - ok
19:32:41.0902 1768  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
19:32:41.0949 1768  Modem - ok
19:32:41.0980 1768  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
19:32:42.0012 1768  monitor - ok
19:32:42.0027 1768  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
19:32:42.0058 1768  mouclass - ok
19:32:42.0090 1768  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
19:32:42.0121 1768  mouhid - ok
19:32:42.0136 1768  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
19:32:42.0152 1768  mountmgr - ok
19:32:42.0230 1768  [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:32:42.0246 1768  MozillaMaintenance - ok
19:32:42.0277 1768  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
19:32:42.0308 1768  mpio - ok
19:32:42.0324 1768  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
19:32:42.0370 1768  mpsdrv - ok
19:32:42.0417 1768  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
19:32:42.0464 1768  MpsSvc - ok
19:32:42.0511 1768  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
19:32:42.0542 1768  MRxDAV - ok
19:32:42.0589 1768  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
19:32:42.0620 1768  mrxsmb - ok
19:32:42.0667 1768  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:32:42.0698 1768  mrxsmb10 - ok
19:32:42.0714 1768  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:32:42.0745 1768  mrxsmb20 - ok
19:32:42.0760 1768  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
19:32:42.0792 1768  msahci - ok
19:32:42.0807 1768  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
19:32:42.0823 1768  msdsm - ok
19:32:42.0854 1768  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
19:32:42.0870 1768  MSDTC - ok
19:32:42.0901 1768  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
19:32:42.0948 1768  Msfs - ok
19:32:42.0963 1768  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
19:32:43.0010 1768  mshidkmdf - ok
19:32:43.0041 1768  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
19:32:43.0041 1768  msisadrv - ok
19:32:43.0072 1768  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
19:32:43.0119 1768  MSiSCSI - ok
19:32:43.0135 1768  msiserver - ok
19:32:43.0150 1768  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
19:32:43.0197 1768  MSKSSRV - ok
19:32:43.0213 1768  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
19:32:43.0260 1768  MSPCLOCK - ok
19:32:43.0275 1768  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
19:32:43.0338 1768  MSPQM - ok
19:32:43.0369 1768  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
19:32:43.0384 1768  MsRPC - ok
19:32:43.0416 1768  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
19:32:43.0431 1768  mssmbios - ok
19:32:43.0447 1768  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
19:32:43.0494 1768  MSTEE - ok
19:32:43.0509 1768  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
19:32:43.0556 1768  MTConfig - ok
19:32:43.0587 1768  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
19:32:43.0587 1768  Mup - ok
19:32:43.0634 1768  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
19:32:43.0681 1768  napagent - ok
19:32:43.0728 1768  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
19:32:43.0774 1768  NativeWifiP - ok
19:32:43.0806 1768  [ 74C4AC4E3424862A8149DD1E788ABC89 ] ncplelhp        C:\Windows\system32\DRIVERS\ncplelhp.sys
19:32:43.0821 1768  ncplelhp - ok
19:32:43.0884 1768  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
19:32:43.0930 1768  NDIS - ok
19:32:43.0977 1768  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
19:32:44.0024 1768  NdisCap - ok
19:32:44.0055 1768  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
19:32:44.0118 1768  NdisTapi - ok
19:32:44.0149 1768  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
19:32:44.0180 1768  Ndisuio - ok
19:32:44.0211 1768  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
19:32:44.0274 1768  NdisWan - ok
19:32:44.0305 1768  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
19:32:44.0367 1768  NDProxy - ok
19:32:44.0398 1768  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
19:32:44.0430 1768  NetBIOS - ok
19:32:44.0461 1768  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
19:32:44.0523 1768  NetBT - ok
19:32:44.0539 1768  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
19:32:44.0554 1768  Netlogon - ok
19:32:44.0586 1768  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
19:32:44.0632 1768  Netman - ok
19:32:44.0664 1768  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
19:32:44.0710 1768  netprofm - ok
19:32:44.0742 1768  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:32:44.0773 1768  NetTcpPortSharing - ok
19:32:44.0788 1768  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
19:32:44.0820 1768  nfrd960 - ok
19:32:44.0851 1768  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
19:32:44.0898 1768  NlaSvc - ok
19:32:44.0944 1768  [ FD306FBCCE7ADB1077B709742E7148E9 ] NMSAccessU      C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
19:32:44.0960 1768  NMSAccessU - ok
19:32:44.0976 1768  nmwcdnsucx64 - ok
19:32:44.0991 1768  nmwcdnsux64 - ok
19:32:45.0007 1768  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
19:32:45.0038 1768  Npfs - ok
19:32:45.0069 1768  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
19:32:45.0116 1768  nsi - ok
19:32:45.0132 1768  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
19:32:45.0194 1768  nsiproxy - ok
19:32:45.0241 1768  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
19:32:45.0303 1768  Ntfs - ok
19:32:45.0319 1768  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
19:32:45.0381 1768  Null - ok
19:32:45.0646 1768  [ E55CAB397F77D5208DB18A78B1B7C0D5 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:32:46.0052 1768  nvlddmkm - ok
19:32:46.0114 1768  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
19:32:46.0130 1768  nvraid - ok
19:32:46.0146 1768  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
19:32:46.0161 1768  nvstor - ok
19:32:46.0208 1768  [ 43BC8151893AE6AFE42E149D663C2221 ] nvsvc           C:\Windows\system32\nvvsvc.exe
19:32:46.0224 1768  nvsvc - ok
19:32:46.0239 1768  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
19:32:46.0270 1768  nv_agp - ok
19:32:46.0333 1768  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:32:46.0380 1768  odserv - ok
19:32:46.0411 1768  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
19:32:46.0426 1768  ohci1394 - ok
19:32:46.0458 1768  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:32:46.0473 1768  ose - ok
19:32:46.0504 1768  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
19:32:46.0536 1768  p2pimsvc - ok
19:32:46.0567 1768  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
19:32:46.0582 1768  p2psvc - ok
19:32:46.0614 1768  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
19:32:46.0629 1768  Parport - ok
19:32:46.0660 1768  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
19:32:46.0660 1768  partmgr - ok
19:32:46.0676 1768  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
19:32:46.0707 1768  PcaSvc - ok
19:32:46.0723 1768  pccsmcfd - ok
19:32:46.0754 1768  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
19:32:46.0770 1768  pci - ok
19:32:46.0801 1768  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
19:32:46.0816 1768  pciide - ok
19:32:46.0848 1768  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
19:32:46.0879 1768  pcmcia - ok
19:32:46.0894 1768  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
19:32:46.0910 1768  pcw - ok
19:32:46.0926 1768  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
19:32:47.0019 1768  PEAUTH - ok
19:32:47.0050 1768  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
19:32:47.0113 1768  PeerDistSvc - ok
19:32:47.0191 1768  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
19:32:47.0206 1768  PerfHost - ok
19:32:47.0269 1768  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
19:32:47.0378 1768  pla - ok
19:32:47.0425 1768  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
19:32:47.0472 1768  PlugPlay - ok
19:32:47.0487 1768  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
19:32:47.0518 1768  PNRPAutoReg - ok
19:32:47.0550 1768  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
19:32:47.0565 1768  PNRPsvc - ok
19:32:47.0596 1768  [ B8D8EC78B0F9ED8E220506181274F3D3 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
19:32:47.0612 1768  Point64 - ok
19:32:47.0643 1768  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
19:32:47.0721 1768  PolicyAgent - ok
19:32:47.0737 1768  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
19:32:47.0784 1768  Power - ok
19:32:47.0815 1768  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
19:32:47.0862 1768  PptpMiniport - ok
19:32:47.0893 1768  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
19:32:47.0908 1768  Processor - ok
19:32:47.0955 1768  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
19:32:47.0986 1768  ProfSvc - ok
19:32:48.0002 1768  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:32:48.0018 1768  ProtectedStorage - ok
19:32:48.0049 1768  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
19:32:48.0096 1768  Psched - ok
19:32:48.0142 1768  [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI             C:\Windows\system32\DRIVERS\psi_mf.sys
19:32:48.0158 1768  PSI - ok
19:32:48.0205 1768  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
19:32:48.0298 1768  ql2300 - ok
19:32:48.0314 1768  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
19:32:48.0345 1768  ql40xx - ok
19:32:48.0376 1768  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
19:32:48.0408 1768  QWAVE - ok
19:32:48.0423 1768  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
19:32:48.0454 1768  QWAVEdrv - ok
19:32:48.0470 1768  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
19:32:48.0517 1768  RasAcd - ok
19:32:48.0548 1768  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
19:32:48.0579 1768  RasAgileVpn - ok
19:32:48.0595 1768  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
19:32:48.0657 1768  RasAuto - ok
19:32:48.0704 1768  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
19:32:48.0751 1768  Rasl2tp - ok
19:32:48.0798 1768  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
19:32:48.0860 1768  RasMan - ok
19:32:48.0891 1768  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
19:32:48.0954 1768  RasPppoe - ok
19:32:48.0985 1768  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
19:32:49.0032 1768  RasSstp - ok
19:32:49.0078 1768  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
19:32:49.0125 1768  rdbss - ok
19:32:49.0141 1768  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
19:32:49.0156 1768  rdpbus - ok
19:32:49.0172 1768  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
19:32:49.0219 1768  RDPCDD - ok
19:32:49.0250 1768  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
19:32:49.0281 1768  RDPDR - ok
19:32:49.0297 1768  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
19:32:49.0344 1768  RDPENCDD - ok
19:32:49.0359 1768  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
19:32:49.0406 1768  RDPREFMP - ok
19:32:49.0437 1768  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
19:32:49.0484 1768  RdpVideoMiniport - ok
19:32:49.0515 1768  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
19:32:49.0562 1768  RDPWD - ok
19:32:49.0609 1768  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
19:32:49.0624 1768  rdyboost - ok
19:32:49.0640 1768  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
19:32:49.0687 1768  RemoteAccess - ok
19:32:49.0718 1768  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
19:32:49.0765 1768  RemoteRegistry - ok
19:32:49.0796 1768  [ 0DFC90948AC23B2B7955B664EC5830D5 ] rp24gms         C:\Windows\system32\drivers\rp24gms.sys
19:32:49.0827 1768  rp24gms - ok
19:32:49.0843 1768  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
19:32:49.0905 1768  RpcEptMapper - ok
19:32:49.0936 1768  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
19:32:49.0952 1768  RpcLocator - ok
19:32:49.0999 1768  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
19:32:50.0030 1768  RpcSs - ok
19:32:50.0061 1768  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
19:32:50.0108 1768  rspndr - ok
19:32:50.0139 1768  [ EA268BCE30691C2DD24F02E617FD2EB5 ] s0016bus        C:\Windows\system32\DRIVERS\s0016bus.sys
19:32:50.0155 1768  s0016bus - ok
19:32:50.0186 1768  [ F5F9DEB89996D333EF976624D37E24E3 ] s0016mdfl       C:\Windows\system32\DRIVERS\s0016mdfl.sys
19:32:50.0202 1768  s0016mdfl - ok
19:32:50.0217 1768  [ C17CE2AEE67480FEBCC36ECCB54C0BE8 ] s0016mdm        C:\Windows\system32\DRIVERS\s0016mdm.sys
19:32:50.0233 1768  s0016mdm - ok
19:32:50.0264 1768  [ CC267F04C54C5EC5B7BD658D7628469F ] s0016mgmt       C:\Windows\system32\DRIVERS\s0016mgmt.sys
19:32:50.0280 1768  s0016mgmt - ok
19:32:50.0326 1768  [ 30A35BBCE09D9FE67482FD62C61911FC ] s0016nd5        C:\Windows\system32\DRIVERS\s0016nd5.sys
19:32:50.0342 1768  s0016nd5 - ok
19:32:50.0358 1768  [ CA394DCC38579C7AD82E83EE64D798A0 ] s0016obex       C:\Windows\system32\DRIVERS\s0016obex.sys
19:32:50.0373 1768  s0016obex - ok
19:32:50.0404 1768  [ EB267CCEA84E6E8598D92F73332AC67B ] s0016unic       C:\Windows\system32\DRIVERS\s0016unic.sys
19:32:50.0420 1768  s0016unic - ok
19:32:50.0451 1768  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
19:32:50.0498 1768  s3cap - ok
19:32:50.0498 1768  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
19:32:50.0514 1768  SamSs - ok
19:32:50.0545 1768  SANDRA - ok
19:32:50.0560 1768  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
19:32:50.0576 1768  sbp2port - ok
19:32:50.0623 1768  [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
19:32:50.0654 1768  SBSDWSCService - ok
19:32:50.0685 1768  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
19:32:50.0748 1768  SCardSvr - ok
19:32:50.0779 1768  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
19:32:50.0826 1768  scfilter - ok
19:32:50.0857 1768  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
19:32:50.0950 1768  Schedule - ok
19:32:50.0966 1768  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
19:32:51.0013 1768  SCPolicySvc - ok
19:32:51.0044 1768  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
19:32:51.0091 1768  SDRSVC - ok
19:32:51.0106 1768  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
19:32:51.0153 1768  secdrv - ok
19:32:51.0184 1768  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
19:32:51.0247 1768  seclogon - ok
19:32:51.0262 1768  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
19:32:51.0309 1768  SENS - ok
19:32:51.0340 1768  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
19:32:51.0356 1768  SensrSvc - ok
19:32:51.0387 1768  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
19:32:51.0418 1768  Serenum - ok
19:32:51.0450 1768  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
19:32:51.0496 1768  Serial - ok
19:32:51.0543 1768  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
19:32:51.0559 1768  sermouse - ok
19:32:51.0606 1768  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
19:32:51.0652 1768  SessionEnv - ok
19:32:51.0668 1768  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
19:32:51.0715 1768  sffdisk - ok
19:32:51.0730 1768  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
19:32:51.0746 1768  sffp_mmc - ok
19:32:51.0762 1768  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
19:32:51.0793 1768  sffp_sd - ok
19:32:51.0824 1768  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
19:32:51.0855 1768  sfloppy - ok
19:32:51.0886 1768  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
19:32:51.0933 1768  SharedAccess - ok
19:32:51.0980 1768  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:32:52.0027 1768  ShellHWDetection - ok
19:32:52.0042 1768  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:32:52.0058 1768  SiSRaid2 - ok
19:32:52.0089 1768  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
19:32:52.0105 1768  SiSRaid4 - ok
19:32:52.0167 1768  [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
19:32:52.0183 1768  SkypeUpdate - ok
19:32:52.0214 1768  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
19:32:52.0261 1768  Smb - ok
19:32:52.0292 1768  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
19:32:52.0323 1768  SNMPTRAP - ok
19:32:52.0339 1768  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
19:32:52.0354 1768  spldr - ok
19:32:52.0401 1768  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
19:32:52.0432 1768  Spooler - ok
19:32:52.0526 1768  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
19:32:52.0651 1768  sppsvc - ok
19:32:52.0666 1768  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
19:32:52.0713 1768  sppuinotify - ok
19:32:52.0760 1768  [ 602884696850C86434530790B110E8EB ] sptd            C:\Windows\system32\Drivers\sptd.sys
19:32:52.0760 1768  Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
19:32:52.0760 1768  sptd ( LockedFile.Multi.Generic ) - warning
19:32:52.0760 1768  sptd - detected LockedFile.Multi.Generic (1)
19:32:52.0791 1768  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
19:32:52.0838 1768  srv - ok
19:32:52.0869 1768  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
19:32:52.0900 1768  srv2 - ok
19:32:52.0916 1768  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
19:32:52.0947 1768  srvnet - ok
19:32:52.0978 1768  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
19:32:53.0041 1768  SSDPSRV - ok
19:32:53.0056 1768  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
19:32:53.0088 1768  SstpSvc - ok
19:32:53.0134 1768  [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
19:32:53.0150 1768  ssudmdm - ok
19:32:53.0197 1768  Steam Client Service - ok
19:32:53.0212 1768  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
19:32:53.0228 1768  stexstor - ok
19:32:53.0275 1768  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
19:32:53.0306 1768  stisvc - ok
19:32:53.0353 1768  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
19:32:53.0368 1768  storflt - ok
19:32:53.0415 1768  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
19:32:53.0431 1768  storvsc - ok
19:32:53.0462 1768  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
19:32:53.0478 1768  swenum - ok
19:32:53.0540 1768  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
19:32:53.0618 1768  swprv - ok
19:32:53.0634 1768  Synth3dVsc - ok
19:32:53.0696 1768  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
19:32:53.0758 1768  SysMain - ok
19:32:53.0790 1768  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:32:53.0821 1768  TabletInputService - ok
19:32:53.0852 1768  [ 18A198FCB0C3EFD891BD567B69ADA6DA ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
19:32:53.0883 1768  tap0901 - ok
19:32:53.0899 1768  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
19:32:53.0961 1768  TapiSrv - ok
19:32:53.0992 1768  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
19:32:54.0024 1768  TBS - ok
19:32:54.0086 1768  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
19:32:54.0148 1768  Tcpip - ok
19:32:54.0211 1768  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
19:32:54.0242 1768  TCPIP6 - ok
19:32:54.0273 1768  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
19:32:54.0289 1768  tcpipreg - ok
19:32:54.0320 1768  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
19:32:54.0336 1768  TDPIPE - ok
19:32:54.0382 1768  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
19:32:54.0398 1768  TDTCP - ok
19:32:54.0429 1768  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
19:32:54.0476 1768  tdx - ok
19:32:54.0492 1768  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
19:32:54.0523 1768  TermDD - ok
19:32:54.0554 1768  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
19:32:54.0616 1768  TermService - ok
19:32:54.0663 1768  [ CE4B6956E4E12492715A53076E58761F ] TFsExDisk       C:\Windows\System32\Drivers\TFsExDisk.sys
19:32:54.0679 1768  TFsExDisk - ok
19:32:54.0710 1768  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
19:32:54.0741 1768  Themes - ok
19:32:54.0757 1768  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
19:32:54.0788 1768  THREADORDER - ok
19:32:54.0804 1768  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
19:32:54.0866 1768  TrkWks - ok
19:32:54.0897 1768  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:32:54.0944 1768  TrustedInstaller - ok
19:32:54.0975 1768  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
19:32:55.0038 1768  tssecsrv - ok
19:32:55.0053 1768  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
19:32:55.0100 1768  TsUsbFlt - ok
19:32:55.0100 1768  tsusbhub - ok
19:32:55.0131 1768  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
19:32:55.0194 1768  tunnel - ok
19:32:55.0225 1768  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
19:32:55.0240 1768  uagp35 - ok
19:32:55.0256 1768  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
19:32:55.0318 1768  udfs - ok
19:32:55.0334 1768  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
19:32:55.0365 1768  UI0Detect - ok
19:32:55.0381 1768  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
19:32:55.0396 1768  uliagpkx - ok
19:32:55.0428 1768  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
19:32:55.0459 1768  umbus - ok
19:32:55.0490 1768  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
19:32:55.0521 1768  UmPass - ok
19:32:55.0552 1768  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
19:32:55.0584 1768  UmRdpService - ok
19:32:55.0646 1768  [ 4847639D852763EE39415C929470F672 ] UnlockerDriver5 C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys
19:32:55.0662 1768  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - warning
19:32:55.0662 1768  UnlockerDriver5 - detected UnsignedFile.Multi.Generic (1)
19:32:55.0677 1768  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
19:32:55.0740 1768  upnphost - ok
19:32:55.0755 1768  upperdev - ok
19:32:55.0802 1768  [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
19:32:55.0802 1768  USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
19:32:55.0802 1768  USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
19:32:55.0849 1768  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
19:32:55.0880 1768  usbaudio - ok
19:32:55.0911 1768  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
19:32:55.0942 1768  usbccgp - ok
19:32:55.0974 1768  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
19:32:55.0989 1768  usbcir - ok
19:32:56.0067 1768  [ 6AF12011C88C80920D0543616E107CFF ] UsbClientService C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
19:32:56.0098 1768  UsbClientService ( UnsignedFile.Multi.Generic ) - warning
19:32:56.0098 1768  UsbClientService - detected UnsignedFile.Multi.Generic (1)
19:32:56.0114 1768  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
19:32:56.0130 1768  usbehci - ok
19:32:56.0176 1768  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
19:32:56.0208 1768  usbhub - ok
19:32:56.0223 1768  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
19:32:56.0254 1768  usbohci - ok
19:32:56.0270 1768  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
19:32:56.0301 1768  usbprint - ok
19:32:56.0317 1768  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:32:56.0364 1768  USBSTOR - ok
19:32:56.0379 1768  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
19:32:56.0395 1768  usbuhci - ok
19:32:56.0442 1768  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
19:32:56.0473 1768  usbvideo - ok
19:32:56.0488 1768  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
19:32:56.0551 1768  UxSms - ok
19:32:56.0566 1768  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
19:32:56.0566 1768  VaultSvc - ok
19:32:56.0613 1768  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
19:32:56.0629 1768  vdrvroot - ok
19:32:56.0660 1768  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
19:32:56.0722 1768  vds - ok
19:32:56.0769 1768  [ 70EB327D68D7CEC357B734B0BE5B4A21 ] vflt            C:\Windows\system32\DRIVERS\vfilter.sys
19:32:56.0800 1768  vflt ( UnsignedFile.Multi.Generic ) - warning
19:32:56.0800 1768  vflt - detected UnsignedFile.Multi.Generic (1)
19:32:56.0832 1768  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
19:32:56.0847 1768  vga - ok
19:32:56.0863 1768  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
19:32:56.0910 1768  VgaSave - ok
19:32:56.0925 1768  VGPU - ok
19:32:56.0956 1768  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
19:32:56.0988 1768  vhdmp - ok
19:32:57.0003 1768  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
19:32:57.0019 1768  viaide - ok
19:32:57.0066 1768  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
19:32:57.0081 1768  vmbus - ok
19:32:57.0097 1768  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
19:32:57.0112 1768  VMBusHID - ok
19:32:57.0144 1768  [ 71BF90872B6A7B34A26F4794DDA7AEC3 ] vnet            C:\Windows\system32\DRIVERS\virtualnet.sys
19:32:57.0159 1768  vnet ( UnsignedFile.Multi.Generic ) - warning
19:32:57.0159 1768  vnet - detected UnsignedFile.Multi.Generic (1)
19:32:57.0175 1768  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
19:32:57.0190 1768  volmgr - ok
19:32:57.0237 1768  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
19:32:57.0253 1768  volmgrx - ok
19:32:57.0268 1768  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
19:32:57.0284 1768  volsnap - ok
19:32:57.0315 1768  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
19:32:57.0331 1768  vsmraid - ok
19:32:57.0378 1768  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
19:32:57.0502 1768  VSS - ok
19:32:57.0534 1768  vvdsvc - ok
19:32:57.0549 1768  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
19:32:57.0565 1768  vwifibus - ok
19:32:57.0612 1768  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
19:32:57.0674 1768  W32Time - ok
19:32:57.0705 1768  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
19:32:57.0721 1768  WacomPen - ok
19:32:57.0783 1768  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
19:32:57.0830 1768  WANARP - ok
19:32:57.0830 1768  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
19:32:57.0877 1768  Wanarpv6 - ok
19:32:57.0924 1768  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
19:32:58.0017 1768  wbengine - ok
19:32:58.0033 1768  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
19:32:58.0064 1768  WbioSrvc - ok
19:32:58.0111 1768  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
19:32:58.0142 1768  wcncsvc - ok
19:32:58.0158 1768  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:32:58.0204 1768  WcsPlugInService - ok
19:32:58.0220 1768  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
19:32:58.0251 1768  Wd - ok
19:32:58.0282 1768  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
19:32:58.0329 1768  Wdf01000 - ok
19:32:58.0345 1768  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
19:32:58.0438 1768  WdiServiceHost - ok
19:32:58.0454 1768  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
19:32:58.0470 1768  WdiSystemHost - ok
19:32:58.0501 1768  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
19:32:58.0548 1768  WebClient - ok
19:32:58.0563 1768  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
19:32:58.0641 1768  Wecsvc - ok
19:32:58.0657 1768  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
19:32:58.0719 1768  wercplsupport - ok
19:32:58.0735 1768  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
19:32:58.0797 1768  WerSvc - ok
19:32:58.0828 1768  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
19:32:58.0860 1768  WfpLwf - ok
19:32:58.0875 1768  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
19:32:58.0906 1768  WIMMount - ok
19:32:58.0922 1768  WinDefend - ok
19:32:58.0938 1768  WinHttpAutoProxySvc - ok
19:32:58.0984 1768  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
19:32:59.0047 1768  Winmgmt - ok
19:32:59.0109 1768  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
19:32:59.0234 1768  WinRM - ok
19:32:59.0281 1768  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
19:32:59.0312 1768  WinUsb - ok
19:32:59.0343 1768  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
19:32:59.0390 1768  Wlansvc - ok
19:32:59.0515 1768  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:32:59.0577 1768  wlidsvc - ok
19:32:59.0608 1768  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
19:32:59.0624 1768  WmiAcpi - ok
19:32:59.0655 1768  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
19:32:59.0686 1768  wmiApSrv - ok
19:32:59.0702 1768  WMPNetworkSvc - ok
19:32:59.0733 1768  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
19:32:59.0749 1768  WPCSvc - ok
19:32:59.0780 1768  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
19:32:59.0811 1768  WPDBusEnum - ok
19:32:59.0827 1768  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
19:32:59.0874 1768  ws2ifsl - ok
19:32:59.0889 1768  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
19:32:59.0936 1768  wscsvc - ok
19:32:59.0967 1768  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
19:32:59.0983 1768  WSDPrintDevice - ok
19:32:59.0998 1768  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
19:33:00.0014 1768  WSDScan - ok
19:33:00.0014 1768  WSearch - ok
19:33:00.0108 1768  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
19:33:00.0186 1768  wuauserv - ok
19:33:00.0217 1768  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
19:33:00.0248 1768  WudfPf - ok
19:33:00.0279 1768  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
19:33:00.0310 1768  WUDFRd - ok
19:33:00.0326 1768  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
19:33:00.0342 1768  wudfsvc - ok
19:33:00.0373 1768  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
19:33:00.0420 1768  WwanSvc - ok
19:33:00.0435 1768  ================ Scan global ===============================
19:33:00.0466 1768  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:33:00.0498 1768  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:33:00.0529 1768  [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
19:33:00.0544 1768  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:33:00.0591 1768  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:33:00.0591 1768  [Global] - ok
19:33:00.0591 1768  ================ Scan MBR ==================================
19:33:00.0607 1768  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
19:33:01.0059 1768  \Device\Harddisk0\DR0 - ok
19:33:01.0075 1768  [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
19:33:01.0184 1768  \Device\Harddisk1\DR1 - ok
19:33:01.0527 1768  [ 671B81004FDD1588FA9ED1331C9CECA9 ] \Device\Harddisk6\DR6
19:33:01.0652 1768  \Device\Harddisk6\DR6 - ok
19:33:01.0652 1768  [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk7\DR9
19:33:04.0413 1768  \Device\Harddisk7\DR9 - ok
19:33:04.0413 1768  ================ Scan VBR ==================================
19:33:04.0413 1768  [ 36A8788BC8063F24DF1E519656151217 ] \Device\Harddisk0\DR0\Partition1
19:33:04.0413 1768  \Device\Harddisk0\DR0\Partition1 - ok
19:33:04.0413 1768  [ A379F81094807EFCC97F5A740AFA83CD ] \Device\Harddisk0\DR0\Partition2
19:33:04.0413 1768  \Device\Harddisk0\DR0\Partition2 - ok
19:33:04.0429 1768  [ 7236ABC66045A783846F2FB3C715B1BF ] \Device\Harddisk1\DR1\Partition1
19:33:04.0429 1768  \Device\Harddisk1\DR1\Partition1 - ok
19:33:04.0444 1768  [ C1BDE5201D5789D2631CEE3BD656D788 ] \Device\Harddisk1\DR1\Partition2
19:33:04.0444 1768  \Device\Harddisk1\DR1\Partition2 - ok
19:33:04.0444 1768  [ 4CC3C9AA70DB9D88C33C72F25FE99879 ] \Device\Harddisk6\DR6\Partition1
19:33:04.0444 1768  \Device\Harddisk6\DR6\Partition1 - ok
19:33:04.0460 1768  [ 02E91CF285D339CB6CAA4D427BBDCD29 ] \Device\Harddisk7\DR9\Partition1
19:33:04.0460 1768  \Device\Harddisk7\DR9\Partition1 - ok
19:33:04.0460 1768  ============================================================
19:33:04.0460 1768  Scan finished
19:33:04.0460 1768  ============================================================
19:33:04.0476 3764  Detected object count: 6
19:33:04.0476 3764  Actual detected object count: 6
19:36:29.0866 3764  sptd ( LockedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764  sptd ( LockedFile.Multi.Generic ) - User select action: Skip 
19:36:29.0866 3764  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764  UnlockerDriver5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:36:29.0866 3764  USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764  USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:36:29.0866 3764  UsbClientService ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0866 3764  UsbClientService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:36:29.0882 3764  vflt ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0882 3764  vflt ( UnsignedFile.Multi.Generic ) - User select action: Skip 
19:36:29.0882 3764  vnet ( UnsignedFile.Multi.Generic ) - skipped by user
19:36:29.0882 3764  vnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
         


Alt 18.12.2012, 18:58   #6
markusg
/// Malware-holic
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Jepp, danke
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Ebenfalls GVU Trojaner

Alt 18.12.2012, 19:53   #7
BenHedges
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



The next one...

Code:
ATTFilter
ComboFix 12-12-17.02 - MM 18.12.2012  20:05:51.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.4094.2574 [GMT 1:00]
ausgeführt von:: c:\users\MM\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\xp-AntiSpy
c:\program files (x86)\xp-AntiSpy\Uninstall.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.chm
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.exe
c:\program files (x86)\xp-AntiSpy\xp-AntiSpy.url
c:\programdata\xml5061.tmp
c:\programdata\xml54B6.tmp
c:\programdata\xml5514.tmp
c:\users\MM\AppData\Roaming\Desktopicon
c:\users\MM\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Nagasoft
c:\windows\SysWow64\Nagasoft\Codecs\asyncflt.ax
c:\windows\SysWow64\Nagasoft\Codecs\atrc.dll
c:\windows\SysWow64\Nagasoft\Codecs\cook.dll
c:\windows\SysWow64\Nagasoft\Codecs\drvc.dll
c:\windows\SysWow64\Nagasoft\Codecs\raac.dll
c:\windows\SysWow64\Nagasoft\Codecs\RealMediaSplitter.ax
c:\windows\SysWow64\Nagasoft\Codecs\WMFDemux.dll
c:\windows\SysWow64\Nagasoft\GifShower.dll
c:\windows\SysWow64\Nagasoft\vjocx.dll
F:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-11-18 bis 2012-12-18  ))))))))))))))))))))))))))))))
.
.
2012-12-18 19:22 . 2012-12-18 19:22	--------	d-----w-	c:\users\Mcx1-TALL-GODDESS\AppData\Local\temp
2012-12-18 19:22 . 2012-12-18 19:22	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-18 19:13 . 2012-12-18 19:13	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A40B182A-D00E-4F8F-9CEF-82F5F24ADF7B}\offreg.dll
2012-12-18 12:42 . 2012-12-18 13:34	--------	d-----w-	C:\_OTL
2012-12-18 06:48 . 2012-12-18 06:48	--------	d-----w-	c:\programdata\iTunesFolderWatch
2012-12-18 06:48 . 2012-12-18 06:48	--------	d-----w-	c:\users\MM\AppData\Local\iTunesFolderWatch
2012-12-18 06:47 . 2012-12-18 06:47	--------	d-----w-	c:\program files (x86)\JezSoft
2012-12-16 16:46 . 2012-11-08 17:24	9125352	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A40B182A-D00E-4F8F-9CEF-82F5F24ADF7B}\mpengine.dll
2012-12-13 09:44 . 2012-11-09 05:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-13 09:43 . 2012-11-02 05:59	478208	----a-w-	c:\windows\system32\dpnet.dll
2012-12-13 09:43 . 2012-11-02 05:11	376832	----a-w-	c:\windows\SysWow64\dpnet.dll
2012-12-12 16:23 . 2012-12-12 16:23	--------	d-----w-	c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-12 16:23 . 2012-12-12 16:23	--------	d-----w-	c:\program files\iTunes
2012-12-12 16:23 . 2012-12-12 16:23	--------	d-----w-	c:\program files\iPod
2012-12-08 13:37 . 2012-12-08 13:37	--------	d-----w-	c:\program files (x86)\Rapoo
2012-12-08 13:37 . 2012-12-08 13:37	1355683	----a-w-	c:\windows\unins000.exe
2012-12-08 13:37 . 2011-08-03 10:09	18944	----a-w-	c:\windows\system32\drivers\rp24gms.sys
2012-11-29 12:59 . 2012-11-29 12:59	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2012-11-29 12:59 . 2012-11-29 12:59	--------	d-----r-	c:\program files (x86)\Skype
2012-11-21 23:42 . 2012-05-10 21:40	346112	----a-w-	c:\windows\system32\ssleay32.dll
2012-11-21 23:42 . 2012-05-10 21:40	346112	----a-w-	c:\windows\system32\libssl32.dll
2012-11-21 23:42 . 2012-05-10 21:40	1645056	----a-w-	c:\windows\system32\libeay32.dll
2012-11-21 23:37 . 2012-11-21 23:37	--------	d-----w-	c:\users\MM\AppData\Local\InstallShare
2012-11-21 23:14 . 2012-11-21 23:42	--------	d-----w-	c:\program files\OpenSSL-Win64
2012-11-20 13:47 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2012-11-20 13:47 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2012-11-20 13:47 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2012-11-20 13:47 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-11-20 13:47 . 2012-08-24 18:04	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-11-20 13:47 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2012-11-20 13:47 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-11-20 13:47 . 2012-08-24 16:57	220160	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-11-20 13:47 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-11-20 12:03 . 2012-11-20 12:03	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-11-20 12:02 . 2012-11-20 12:02	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 09:58 . 2010-01-06 21:35	67413224	----a-w-	c:\windows\system32\MRT.exe
2012-11-20 12:02 . 2012-07-30 13:22	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-11-20 12:02 . 2010-05-16 10:24	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-16 08:38 . 2012-11-28 20:34	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 20:34	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 20:34	561664	----a-w-	c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 20:09	55296	----a-w-	c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-13 20:09	226816	----a-w-	c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 20:09	44032	----a-w-	c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 20:09	193536	----a-w-	c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-13 09:44	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-13 20:09	1914248	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-13 20:09	70656	----a-w-	c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-13 20:09	303104	----a-w-	c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-13 20:09	246272	----a-w-	c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-13 20:09	18944	----a-w-	c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-13 20:09	216576	----a-w-	c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-13 20:09	569344	----a-w-	c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-13 20:09	18944	----a-w-	c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-13 20:09	175104	----a-w-	c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-13 20:09	156672	----a-w-	c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-13 20:09	45568	----a-w-	c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-13 20:09	78336	----a-w-	c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-13 20:09	95744	----a-w-	c:\windows\system32\synceng.dll
2012-09-20 14:02 . 2012-09-20 14:02	1832760	----a-w-	c:\windows\system32\LogiLDA.DLL
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Steam"="e:\games\Steam\\Steam.exe" [2010-06-01 1238352]
"GMX MediaCenter Syncmanager"="c:\users\MM\AppData\Roaming\GMX\GMX MediaCenter Syncmanager\SmartDriveSync.exe" [2011-08-01 2994688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-01-06 611712]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-07-31 41944]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-07-30 640480]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Rapoo RP24G"="c:\program files (x86)\Rapoo\RP24G\RP24G_Config.exe" [2011-12-16 5406720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-11-28 151952]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-2-17 1380504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-01-06 1038088]
R3 ncplelhp;NCP Secure Client NDIS6 Driver;c:\windows\system32\DRIVERS\ncplelhp.sys [2009-10-08 151016]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240]
R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496]
R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760]
R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256]
R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344]
R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744]
R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2009-12-14 16392]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 834544]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-15 27760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 bcm44amd64;Broadcom 440x 10/100 Integrated Controller XP Driver;c:\windows\system32\DRIVERS\b44amd64.sys [2009-06-10 87552]
S3 busenum;Synology Virtual USB Hub;c:\windows\system32\DRIVERS\busenum.sys [2011-02-18 56160]
S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;QuickCam Communicate Deluxe(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 rp24gms;2.4g Wireless Device;c:\windows\system32\drivers\rp24gms.sys [2011-08-03 18944]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 25095023
*Deregistered* - 25095023
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
vvdsvc	REG_MULTI_SZ   	vvdsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local;*.local localhost;*.local localhost localhost localhost localhost localhost localhost localhost localhost localhost;*.local localhost localhost;*.local
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MM\AppData\Roaming\Mozilla\Firefox\Profiles\clfcewic.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 9050
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-xp-AntiSpy - c:\program files (x86)\xp-AntiSpy\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9m.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9m.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9m.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-18  20:44:13
ComboFix-quarantined-files.txt  2012-12-18 19:44
.
Vor Suchlauf: 8 Verzeichnis(se), 49.704.411.136 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 49.062.535.168 Bytes frei
.
- - End Of File - - EE9353DD8835EF34DAE5BAC28479BA2B
         

Alt 18.12.2012, 20:07   #8
markusg
/// Malware-holic
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 19.12.2012, 06:22   #9
BenHedges
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Guten Morgen,

hier der Log von Malwarebytes. Die EverestPoker.exe habe ich nicht gelöscht, die drei anderen ja...

Code:
ATTFilter
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.18.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
MM :: TALL-GODDESS [Administrator]

18.12.2012 22:12:41
mbam-log-2012-12-19 (07-16-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|O:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 555239
Laufzeit: 3 Stunde(n), 1 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Program Files (x86)\Unlocker\eBay_shortcuts_1016.exe (Adware.Clicker) -> Keine Aktion durchgeführt.
C:\Qoobox\Quarantine\C\Users\MM\AppData\Roaming\Desktopicon\eBayShortcuts.exe.vir (Adware.ADON) -> Keine Aktion durchgeführt.
C:\_OTL\MovedFiles\12182012_142946\C_Users\MM\wgsdgsdgdsgsd.exe (Trojan.FakeMS) -> Keine Aktion durchgeführt.
E:\Installationsdateien Programme\Everest Poker.exe (PUP.EverestPoker) -> Keine Aktion durchgeführt.

(Ende)
         

Alt 19.12.2012, 16:25   #10
markusg
/// Malware-holic
 
Ebenfalls GVU Trojaner - Standard

Ebenfalls GVU Trojaner



Sieht gut aus.
lade den CCleaner standard:
CCleaner Download - CCleaner 3.25.1872
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Ebenfalls GVU Trojaner
64bit, abgesicherte, abgesicherten, abgesicherten modus, ebenfalls, freue, gestartet, gvu trojaner, heute, modus, otl.exe, troja, trojane, trojaner, win, win7, win7 64bit



Ähnliche Themen: Ebenfalls GVU Trojaner


  1. avast meldet bei ebay bei mir ebenfalls Trojaner
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (7)
  2. Ebenfalls gvu oder BKA Trojaner geschädigter pc......
    Plagegeister aller Art und deren Bekämpfung - 21.05.2013 (17)
  3. Habe ebenfalls den GVU Trojaner auf meinem Rechner
    Log-Analyse und Auswertung - 31.01.2013 (3)
  4. Ebenfalls GVU Trojaner - OTL und Malwarebytes Log- wie geht`s weiter?
    Plagegeister aller Art und deren Bekämpfung - 31.01.2013 (8)
  5. Ebenfalls Opfer vom Polizei-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 01.10.2012 (19)
  6. ebenfalls Bundespolizei Trojaner :(
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (9)
  7. Trojaner hat mich ebenfalls erwischt.
    Plagegeister aller Art und deren Bekämpfung - 20.09.2012 (5)
  8. ebenfalls BRD Trojaner
    Log-Analyse und Auswertung - 31.07.2012 (6)
  9. Ebenfalls GVU-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.07.2012 (3)
  10. ebenfalls Windows- Verschlüsselungs Trojaner
    Plagegeister aller Art und deren Bekämpfung - 21.05.2012 (4)
  11. Ebenfalls vom Gema-Trojaner befallen
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (16)
  12. Mich hat es ebenfalls erwischt - Erpresser Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.02.2012 (1)
  13. [doppelt] Ebenfalls einen Trojaner...
    Mülltonne - 05.12.2011 (1)
  14. Ebenfalls BKA Trojaner
    Plagegeister aller Art und deren Bekämpfung - 04.09.2011 (39)
  15. Ich habe ebenfalls Probleme mit dem TR/Agent/Ruo Trojaner
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (7)
  16. Ebenfalls Msn-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.06.2008 (12)
  17. Bitte um Hilfe! Ebenfalls WSNPOEM Trojaner wie viele!
    Plagegeister aller Art und deren Bekämpfung - 11.11.2007 (12)

Zum Thema Ebenfalls GVU Trojaner - Hallo und erstmal danke für die kompetente Hilfe hier bei euch! Auch mich hat es heute erwischt. Der GVU Trojaner hat zugesclagen. Ich hab mein Win7 64bit runtergefahren und mit - Ebenfalls GVU Trojaner...
Archiv
Du betrachtest: Ebenfalls GVU Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.