Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Dropper und TR/ATRAPS.Gen2 (https://www.trojaner-board.de/117076-trojan-dropper-tr-atraps-gen2.html)

NEON_MUC 11.06.2012 19:08
Trojan.Dropper und TR/ATRAPS.Gen2
 
Hallo an alle,

ich habe einen Trojaner auf dem Rechner nach dem Aufrufen einer unsicheren Seite im Internet(z)...

AntiVir und Malewarebytes zeigen diesen beide an (wenn eine Internetverbindung besteht)

Kriege den beim besten willen nicht weg...

Vorgehensweise bis jetzt...

Antivir Scan -> Neustart
Malwarebytes Scan -> Neustart
Defogger -> Neustart
OTL -> Neustart
Eset -> Neustart

anbei die Logs...

Ich wäre euch super dankbar wenn ihr mir helfen könntet ohne Neuinstallation wieder ein sicheres System zu bekommen...

danke im Voraus

Neon



AVSCAN

Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 11. Juni 2012 14:11

Es wird nach 3814721 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : VDC

Versionsinformationen:
BUILD.DAT : 12.0.0.1125 41829 Bytes 02.05.2012 16:34:00
AVSCAN.EXE : 12.3.0.15 466896 Bytes 08.05.2012 07:34:10
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 07:34:10
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 07:34:10
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 09.05.2012 08:14:54
AVREG.DLL : 12.3.0.17 232200 Bytes 11.05.2012 08:16:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 09:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 06:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 06:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 18:59:39
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 19:05:10
VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 08:15:16
VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 08:15:17
VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 08:15:18
VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 08:15:19
VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 08:15:20
VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 08:15:21
VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 08:15:22
VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 08:15:22
VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 08:15:23
VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 08:28:52
VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 12:59:42
VBASE016.VDF : 7.11.30.143 223744 Bytes 21.05.2012 12:59:42
VBASE017.VDF : 7.11.30.207 287744 Bytes 23.05.2012 12:59:44
VBASE018.VDF : 7.11.31.57 188416 Bytes 28.05.2012 12:59:45
VBASE019.VDF : 7.11.31.111 214528 Bytes 30.05.2012 12:59:46
VBASE020.VDF : 7.11.31.151 116736 Bytes 31.05.2012 13:47:50
VBASE021.VDF : 7.11.31.205 134144 Bytes 03.06.2012 13:47:51
VBASE022.VDF : 7.11.32.9 169472 Bytes 05.06.2012 13:47:52
VBASE023.VDF : 7.11.32.85 155648 Bytes 08.06.2012 07:40:16
VBASE024.VDF : 7.11.32.86 2048 Bytes 08.06.2012 07:40:16
VBASE025.VDF : 7.11.32.87 2048 Bytes 08.06.2012 07:40:17
VBASE026.VDF : 7.11.32.88 2048 Bytes 08.06.2012 07:40:18
VBASE027.VDF : 7.11.32.89 2048 Bytes 08.06.2012 07:40:19
VBASE028.VDF : 7.11.32.90 2048 Bytes 08.06.2012 07:40:20
VBASE029.VDF : 7.11.32.91 2048 Bytes 08.06.2012 07:40:21
VBASE030.VDF : 7.11.32.92 2048 Bytes 08.06.2012 07:40:21
VBASE031.VDF : 7.11.32.118 78336 Bytes 11.06.2012 07:40:24
Engineversion : 8.2.10.80
AEVDF.DLL : 8.1.2.8 106867 Bytes 08.06.2012 13:48:07
AESCRIPT.DLL : 8.1.4.24 450939 Bytes 08.06.2012 13:48:06
AESCN.DLL : 8.1.8.2 131444 Bytes 22.04.2012 19:12:35
AESBX.DLL : 8.2.5.10 606580 Bytes 30.05.2012 13:00:03
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 06:55:37
AEPACK.DLL : 8.2.16.16 807288 Bytes 30.05.2012 13:00:01
AEOFFICE.DLL : 8.1.2.28 201082 Bytes 26.04.2012 18:59:03
AEHEUR.DLL : 8.1.4.36 4874615 Bytes 08.06.2012 13:48:05
AEHELP.DLL : 8.1.21.0 254326 Bytes 11.05.2012 08:15:47
AEGEN.DLL : 8.1.5.28 422260 Bytes 26.04.2012 18:56:22
AEEXP.DLL : 8.1.0.44 82293 Bytes 30.05.2012 13:00:04
AEEMU.DLL : 8.1.3.0 393589 Bytes 31.01.2012 06:55:34
AECORE.DLL : 8.1.25.10 201080 Bytes 08.06.2012 13:48:02
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 06:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 07:34:10
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 07:34:10
AVREP.DLL : 12.3.0.15 179208 Bytes 09.05.2012 08:14:54
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 07:34:10
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 07:34:10
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 07:34:10
AVSMTP.DLL : 12.3.0.15 63440 Bytes 08.05.2012 07:34:10
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 07:34:10
RCIMAGE.DLL : 12.3.0.15 4447952 Bytes 08.05.2012 07:34:10
RCTEXT.DLL : 12.3.0.15 98512 Bytes 08.05.2012 07:34:10

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4fd5d393\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 11. Juni 2012 14:11

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avnotify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avnotify.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'vvvv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WinVNC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@'
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2

Beginne mit der Desinfektion:
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@
[FUND] Ist das Trojanische Pferd TR/ATRAPS.Gen2
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 55fe4f43.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.


Ende des Suchlaufs: Montag, 11. Juni 2012 14:11
Benötigte Zeit: 00:00 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

0 Verzeichnisse wurden überprüft
77 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
76 Dateien ohne Befall
4 Archive wurden durchsucht
0 Warnungen
1 Hinweise


Die Suchergebnisse werden an den Guard übermittelt.


MBAM-log

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.11.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
VD :: VDC [Administrator]

Schutz: Aktiviert

11.06.2012 16:56:32
mbam-log

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 738978
Laufzeit: 46 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Keine Aktion durchgeführt.

(Ende)




DEFOGGER

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:00 on 11/06/2012 (VD)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-


OTL
OTL Logfile:
Code:
OTL logfile created on: 11.06.2012 18:08:52 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\VD\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
23,99 Gb Total Physical Memory | 22,02 Gb Available Physical Memory | 91,80% Memory free
43,99 Gb Paging File | 41,97 Gb Available in Paging File | 95,42% Paging File free
Paging file location(s): e:\pagefile.sys 20480 20480 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 26,18 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 80,01 Gb Total Space | 39,48 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive E: | 458,81 Gb Total Space | 240,13 Gb Free Space | 52,34% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 566,95 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
Drive W: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 478,90 Gb Total Space | 252,29 Gb Free Space | 52,68% Space Free | Partition Type: NTFS
Drive Y: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,54% Space Free | Partition Type: NTFS
 
Computer Name: VDC | User Name: VD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.11 18:01:34 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\VD\Desktop\OTL.exe
[2012.06.11 17:55:49 | 002,322,184 | ---- | C] (ESET) -- C:\Users\VD\Desktop\esetsmartinstaller_enu.exe
[2012.06.11 17:50:17 | 000,231,936 | ---- | C] (Ufasoft) -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@
[2012.05.30 16:28:54 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Malwarebytes
[2012.05.30 16:07:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.30 16:07:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.30 10:51:46 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\DPIT Plants & Effex
[2012.05.30 03:19:49 | 000,000,000 | ---D | C] -- C:\Users\VD\Documents\signatur
[2012.05.30 01:49:04 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\mook
[2012.05.30 00:52:41 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Thunderbird
[2012.05.30 00:52:41 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Local\Thunderbird
[2012.05.30 00:52:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.05.23 13:45:56 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.21 14:14:07 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.05.14 16:01:27 | 000,000,000 | ---D | C] -- C:\Users\VD\Desktop\Neuer Ordner
[2012.05.14 11:30:13 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\CopperLan Manager
[2012.05.14 11:30:12 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\CopperLan
[2012.05.14 11:30:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CopperLan
[2012.05.14 11:30:08 | 000,031,992 | ---- | C] (ICT7 S.A.) -- C:\Windows\SysNative\drivers\CHAILinkOverUSB.sys
[2012.05.14 11:28:48 | 000,000,000 | ---D | C] -- C:\Users\VD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CopperLan
[2012.05.14 11:28:48 | 000,000,000 | ---D | C] -- C:\Program Files\CopperLan
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.11 18:04:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.11 18:04:51 | 2139,213,820 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.11 18:01:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\VD\Desktop\OTL.exe
[2012.06.11 18:00:04 | 000,000,000 | ---- | M] () -- C:\Users\VD\defogger_reenable
[2012.06.11 17:55:49 | 002,322,184 | ---- | M] (ESET) -- C:\Users\VD\Desktop\esetsmartinstaller_enu.exe
[2012.06.11 17:52:19 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 17:52:19 | 000,020,320 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.11 13:33:52 | 000,002,562 | ---- | M] () -- C:\Windows\diagwrn.xml
[2012.06.11 13:33:52 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2012.06.11 13:16:13 | 2411,776,975 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.06.11 09:53:14 | 000,016,371 | ---- | M] () -- C:\Users\VD\Desktop\test_triangle.v4p
[2012.06.01 20:31:41 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\2-D.vnc
[2012.06.01 20:30:18 | 000,000,132 | ---- | M] () -- C:\Users\VD\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.06.01 20:19:12 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\1-C.vnc
[2012.06.01 20:12:58 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\3-E.vnc
[2012.06.01 19:48:41 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\4-F.vnc
[2012.06.01 19:40:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.01 19:37:40 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\6-H.vnc
[2012.06.01 19:37:14 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\5-G.vnc
[2012.06.01 19:17:43 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\0-B.vnc
[2012.06.01 19:12:28 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\7-I.vnc
[2012.06.01 19:03:07 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\9-A.vnc
[2012.06.01 18:33:32 | 000,001,171 | ---- | M] () -- C:\Users\VD\Desktop\LIGHT.vnc
[2012.06.01 09:44:25 | 007,304,425 | ---- | M] () -- C:\Users\VD\Desktop\client_spaces.jpg
[2012.06.01 09:39:20 | 000,834,131 | ---- | M] () -- C:\Users\VD\Desktop\mbms_interface.rar
[2012.06.01 09:38:00 | 003,955,729 | ---- | M] () -- C:\Users\VD\Desktop\mbms_testpics.rar
[2012.06.01 09:37:25 | 000,135,491 | ---- | M] () -- C:\Users\VD\Desktop\mbms.rar
[2012.06.01 05:34:12 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 05:34:12 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 05:34:12 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 05:34:12 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 05:34:12 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.31 00:41:00 | 000,000,589 | ---- | M] () -- C:\Users\VD\Desktop\server_videosynch.lnk
[2012.05.30 16:07:17 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 15:43:33 | 000,021,275 | ---- | M] () -- C:\Users\VD\Desktop\120530_MappingStuttgart.rar
[2012.05.30 14:57:18 | 000,171,759 | ---- | M] () -- C:\Users\VD\Desktop\FB_Banner_Stuttgart.jpg
[2012.05.30 10:56:54 | 000,419,488 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.05.30 10:56:54 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.05.28 15:31:53 | 000,001,049 | ---- | M] () -- C:\Users\VD\Desktop\CopperLan Manager.lnk
 
========== Files Created - No Company Name ==========
 
[2012.06.11 18:00:04 | 000,000,000 | ---- | C] () -- C:\Users\VD\defogger_reenable
[2012.06.11 17:45:22 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@
[2012.06.11 16:48:35 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@
[2012.06.11 14:16:01 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@
[2012.06.11 13:32:45 | 000,002,562 | ---- | C] () -- C:\Windows\diagwrn.xml
[2012.06.11 13:32:45 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2012.06.11 13:16:13 | 2411,776,975 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.06.11 09:53:12 | 000,016,371 | ---- | C] () -- C:\Users\VD\Desktop\test_triangle.v4p
[2012.06.01 20:31:40 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\2-D.vnc
[2012.06.01 20:12:57 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\3-E.vnc
[2012.06.01 19:51:35 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\1-C.vnc
[2012.06.01 19:48:37 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\4-F.vnc
[2012.06.01 19:40:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.06.01 19:37:39 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\6-H.vnc
[2012.06.01 19:37:13 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\5-G.vnc
[2012.06.01 19:17:42 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\0-B.vnc
[2012.06.01 19:12:25 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\7-I.vnc
[2012.06.01 19:03:03 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\9-A.vnc
[2012.06.01 18:33:30 | 000,001,171 | ---- | C] () -- C:\Users\VD\Desktop\LIGHT.vnc
[2012.06.01 09:44:19 | 007,304,425 | ---- | C] () -- C:\Users\VD\Desktop\client_spaces.jpg
[2012.06.01 09:39:20 | 000,834,131 | ---- | C] () -- C:\Users\VD\Desktop\mbms_interface.rar
[2012.06.01 09:38:02 | 003,955,729 | ---- | C] () -- C:\Users\VD\Desktop\mbms_testpics.rar
[2012.06.01 09:37:33 | 000,135,491 | ---- | C] () -- C:\Users\VD\Desktop\mbms.rar
[2012.05.31 00:39:02 | 000,000,589 | ---- | C] () -- C:\Users\VD\Desktop\server_videosynch.lnk
[2012.05.30 23:57:16 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@
[2012.05.30 23:31:40 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\000000cb.@
[2012.05.30 23:31:40 | 000,001,536 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000004.@
[2012.05.30 16:07:17 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.05.30 15:43:33 | 000,021,275 | ---- | C] () -- C:\Users\VD\Desktop\120530_MappingStuttgart.rar
[2012.05.30 14:57:18 | 000,171,759 | ---- | C] () -- C:\Users\VD\Desktop\FB_Banner_Stuttgart.jpg
[2012.05.30 10:56:55 | 000,000,740 | ---- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000004.@
[2012.05.30 10:56:08 | 000,004,266 | ---- | C] () -- C:\Users\VD\Desktop\aaocg.nfo
[2012.05.30 10:56:08 | 000,000,056 | ---- | C] () -- C:\Users\VD\Desktop\FILE_ID.DIZ
[2012.05.30 00:52:36 | 000,002,106 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2012.05.14 11:30:09 | 000,001,049 | ---- | C] () -- C:\Users\VD\Desktop\CopperLan Manager.lnk
[2012.05.11 16:19:57 | 000,960,000 | ---- | C] () -- C:\Program Files (x86)\TouchOSCEditor.exe
[2012.04.24 10:01:41 | 000,000,132 | ---- | C] () -- C:\Users\VD\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012.04.20 22:45:31 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 22:35:25 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.04.20 22:11:33 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2010.11.21 05:23:51 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\@
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\evolve_function:AFP_AfpInfo
@Alternate Data Stream - 1300 bytes -> C:\Users\VD\AppData\Local\Temp:axwc9SJP2URh2CFDAb8hj4

< End of report >
--- --- ---




EXTRAS
OTL Logfile:
Code:
OTL Extras logfile created on: 11.06.2012 18:08:52 - Run 2
OTL by OldTimer - Version 3.2.48.0    Folder = C:\Users\VD\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
23,99 Gb Total Physical Memory | 22,02 Gb Available Physical Memory | 91,80% Memory free
43,99 Gb Paging File | 41,97 Gb Available in Paging File | 95,42% Paging File free
Paging file location(s): e:\pagefile.sys 20480 20480 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,00 Gb Total Space | 26,18 Gb Free Space | 26,18% Space Free | Partition Type: NTFS
Drive D: | 80,01 Gb Total Space | 39,48 Gb Free Space | 49,35% Space Free | Partition Type: NTFS
Drive E: | 458,81 Gb Total Space | 240,13 Gb Free Space | 52,34% Space Free | Partition Type: NTFS
Drive F: | 1863,01 Gb Total Space | 566,95 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
Drive W: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive X: | 478,90 Gb Total Space | 252,29 Gb Free Space | 52,68% Space Free | Partition Type: NTFS
Drive Y: | 100,00 Mb Total Space | 71,54 Mb Free Space | 71,54% Space Free | Partition Type: NTFS
 
Computer Name: VDC | User Name: VD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8C9B6B1F-0A8E-402A-A60C-110BBB38D67E}" = Intel(R) Network Connections 15.7.176.0
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{99D0C200-21DC-4B84-B39D-4319E111AE4B}" = Smart Technology Programming Software 7.0.13.22
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.44
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.44
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DE02D760-9D68-49BA-A1CE-FDEC5892608D}" = Trapcode Suite 64-bit
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"MAXON8C66D661" = NET Render Client 13.016
"MAXONFB05E576" = CINEMA 4D 13.016
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PROSetDX" = Intel(R) Network Connections 15.7.176.0
"VLC media player" = VLC media player 2.0.1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EE14CC2-ED85-4EEA-8714-A31C86AF3769}" = PCmover OEM Express
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 4
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0E}" = Ralink RT2870 Wireless LAN Card
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{47A542D0-3B8C-4208-8023-5621606197F0}" = PTLens
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{656C6151-03B2-4077-8E29-0950037FC8B4}" = Avid Codecs LE
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C28DD992-5B7B-D195-6841-4EC57DF512BD}" = Adobe Story
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1A35687-AEA9-422C-B237-FC4F8136B6F6}" = Intel(R) Integrator Assistant
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E8D0E51F-CC46-48DF-9BF2-E6157FC3717E}" = Intel(R) Extreme Tuning Utility
"{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"{F01CBA59-B5BD-4608-A834-1CBE8C292A71}" = Intel(R) Desktop Utilities
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner (remove only)
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Story
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"CopperLan" = CopperLan uninstall
"ffdshow_is1" = ffdshow v1.1.3562 [2010-09-07]
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{DE02D760-9D68-49BA-A1CE-FDEC5892608D}" = Trapcode Suite 64-bit
"InstallShield_{F015C84A-A7FA-4DFC-A266-1754CC536056}" = Accusoft PICVideo Motion JPEG 4
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"mv61xxDriver" = marvell 61xx
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Ultravnc2_is1" = UltraVnc
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"XviD" = XviD MPEG-4 Codec
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11.06.2012 04:03:08 | Computer Name = VDC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MAXON\CINEMA
 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\MAXON\CINEMA 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64"
 in Zeile 1.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 11.06.2012 04:04:09 | Computer Name = VDC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\MAXON\CINEMA
 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files\MAXON\CINEMA 4D R13\plugins\DPIT Plants & Effex\aupdater.cdl64"
 in Zeile 1.  Der Wert "x64" des "processorArchitecture"-Attributs im assemblyIdentity-Element
 ist ungültig.
 
Error - 11.06.2012 06:37:43 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 06:42:53 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 07:17:57 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 10:50:09 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 11:46:52 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.06.2012 11:55:52 | Computer Name = VDC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\VD\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.06.2012 11:55:54 | Computer Name = VDC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\VD\Desktop\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 11.06.2012 12:06:36 | Computer Name = VDC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 11.06.2012 10:48:29 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.06.2012 10:48:29 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.06.2012 11:45:12 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.06.2012 11:45:13 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.06.2012 12:04:56 | Computer Name = VDC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 11.06.2012 12:04:57 | Computer Name = VDC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:  %%-2147024891
 
 
< End of report >
--- --- ---




ESET


C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@ Win64/Agent.BA trojan
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@ Win64/Sirefef.AE trojan
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan
C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@ Win64/Sirefef.AE trojan
Operating memory a variant of Win32/Sirefef.EZ trojan

Kann mir wirklich NIEMAND helfen???

Ich wäre so dankbar und brauche den Rechner unbedingt, ohne ihn neu aufzusetzen...

Psychotic 12.06.2012 14:00
:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Du bist hier leider nicht der einzige mit Problemen und derzeit kann es mehrere Tage dauern, bis du Antwort erhältst! Also hab Geduld!


Schritt 1: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.

NEON_MUC 12.06.2012 14:50
vielen dank für die Hilfe...

ich habe beide scans gemacht und er hat auch einige Fehler gefunden...

hier die Ergebnisse:

aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-12 15:22:20
-----------------------------
15:22:20.690    OS Version: Windows x64 6.1.7601 Service Pack 1
15:22:20.690    Number of processors: 12 586 0x2C02
15:22:20.690    ComputerName: VDC  UserName: VD
15:22:20.799    Initialize success
15:23:23.979    AVAST engine defs: 12061200
15:24:00.437    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP4T0L0-8
15:24:00.437    Disk 0 Vendor: INTEL_SSDSA2CW600G3 4PC10302 Size: 572325MB BusType: 3
15:24:00.437    Disk 1  \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T1L0-9
15:24:00.452    Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 3
15:24:00.452    Disk 2  \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP5T1L0-b
15:24:00.452    Disk 2 Vendor: INTEL_SSDSA2CW600G3 4PC10302 Size: 572325MB BusType: 3
15:24:00.468    Disk 0 MBR read successfully
15:24:00.468    Disk 0 MBR scan
15:24:00.468    Disk 0 Windows XP default MBR code
15:24:00.468    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:24:00.468    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      102400 MB offset 206848
15:24:00.468    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      469823 MB offset 209922048
15:24:00.468    Disk 0 scanning C:\Windows\system32\drivers
15:24:02.792    Service scanning
15:24:08.128    Modules scanning
15:24:08.128    Disk 0 trace - called modules:
15:24:08.128    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:24:08.128    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8013762790]
15:24:08.128    3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> [0xfffffa80134b3e40]
15:24:08.128    5 ACPI.sys[fffff88000efd7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-8[0xfffffa80134c7680]
15:24:08.268    AVAST engine scan C:\
15:29:25.838    File: C:\Windows\assembly\GAC_32\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
15:29:26.446    File: C:\Windows\assembly\GAC_64\Desktop.ini  **INFECTED** Win32:Sirefef-PL [Rtk]
15:32:32.742    File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@  **INFECTED** Win32:Trojan-gen
15:32:32.773    File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@  **INFECTED** Win32:Malware-gen
15:32:32.773    File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@  **INFECTED** Win32:DNSChanger-VJ [Trj]
15:32:32.804    File: C:\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@  **INFECTED** Win32:Malware-gen
15:38:36.378    Scan finished successfully
15:38:51.932    Disk 0 MBR has been saved successfully to "C:\Users\VD\Desktop\MBR.dat"
15:38:51.932    The log file has been saved successfully to "C:\Users\VD\Desktop\aswMBR.txt"


TDS killer log:

Code:
15:39:28.0982 1000        TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:39:30.0994 1000        ============================================================
15:39:30.0994 1000        Current date / time: 2012/06/12 15:39:30.0994
15:39:30.0994 1000        SystemInfo:
15:39:30.0994 1000       
15:39:30.0994 1000        OS Version: 6.1.7601 ServicePack: 1.0
15:39:30.0994 1000        Product type: Workstation
15:39:30.0994 1000        ComputerName: VDC
15:39:30.0994 1000        UserName: VD
15:39:30.0994 1000        Windows directory: C:\Windows
15:39:30.0994 1000        System windows directory: C:\Windows
15:39:30.0994 1000        Running under WOW64
15:39:30.0994 1000        Processor architecture: Intel x64
15:39:30.0994 1000        Number of processors: 12
15:39:30.0994 1000        Page size: 0x1000
15:39:30.0994 1000        Boot type: Safe boot with network
15:39:30.0994 1000        ============================================================
15:39:31.0181 1000        Drive \Device\Harddisk0\DR0 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x11D01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000        Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000        Drive \Device\Harddisk2\DR2 - Size: 0x8BBA5F6000 (558.91 Gb), SectorSize: 0x200, Cylinders: 0x11D01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:39:31.0197 1000        Drive \Device\Harddisk3\DR3 - Size: 0x3CD00000 (0.95 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:39:31.0197 1000        ============================================================
15:39:31.0197 1000        \Device\Harddisk0\DR0:
15:39:31.0197 1000        MBR partitions:
15:39:31.0197 1000        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:39:31.0197 1000        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC800000
15:39:31.0197 1000        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC832800, BlocksNum 0x3959F800
15:39:31.0197 1000        \Device\Harddisk1\DR1:
15:39:31.0197 1000        MBR partitions:
15:39:31.0197 1000        \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8E07800
15:39:31.0197 1000        \Device\Harddisk2\DR2:
15:39:31.0197 1000        MBR partitions:
15:39:31.0197 1000        \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00298D
15:39:31.0197 1000        \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xA0029CC, BlocksNum 0x3BDCF1F5
15:39:31.0197 1000        \Device\Harddisk3\DR3:
15:39:31.0197 1000        MBR partitions:
15:39:31.0197 1000        \Device\Harddisk3\DR3\Partition0: MBR, Type 0xB, StartLBA 0x40, BlocksNum 0x1E67C0
15:39:31.0197 1000        ============================================================
15:39:31.0197 1000        C: <-> \Device\Harddisk0\DR0\Partition1
15:39:31.0197 1000        Y: <-> \Device\Harddisk0\DR0\Partition0
15:39:31.0197 1000        D: <-> \Device\Harddisk2\DR2\Partition0
15:39:31.0212 1000        F: <-> \Device\Harddisk1\DR1\Partition0
15:39:31.0212 1000        X: <-> \Device\Harddisk2\DR2\Partition1
15:39:31.0212 1000        E: <-> \Device\Harddisk0\DR0\Partition2
15:39:31.0212 1000        ============================================================
15:39:31.0212 1000        Initialize success
15:39:31.0212 1000        ============================================================
15:39:59.0698 1340        ============================================================
15:39:59.0698 1340        Scan started
15:39:59.0698 1340        Mode: Manual; TDLFS;
15:39:59.0698 1340        ============================================================
15:40:00.0743 1340        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:40:00.0759 1340        1394ohci - ok
15:40:00.0759 1340        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:00.0759 1340        ACPI - ok
15:40:00.0774 1340        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:00.0774 1340        AcpiPmi - ok
15:40:00.0774 1340        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:40:00.0790 1340        adp94xx - ok
15:40:00.0806 1340        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:40:00.0806 1340        adpahci - ok
15:40:00.0821 1340        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:40:00.0821 1340        adpu320 - ok
15:40:00.0821 1340        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:00.0821 1340        AeLookupSvc - ok
15:40:00.0837 1340        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:00.0852 1340        AFD - ok
15:40:00.0868 1340        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:00.0868 1340        agp440 - ok
15:40:00.0868 1340        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:00.0868 1340        ALG - ok
15:40:00.0884 1340        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:00.0884 1340        aliide - ok
15:40:00.0884 1340        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:00.0884 1340        amdide - ok
15:40:00.0884 1340        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:40:00.0899 1340        AmdK8 - ok
15:40:00.0899 1340        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:40:00.0899 1340        AmdPPM - ok
15:40:00.0930 1340        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:00.0930 1340        amdsata - ok
15:40:00.0946 1340        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:40:00.0946 1340        amdsbs - ok
15:40:00.0946 1340        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:00.0946 1340        amdxata - ok
15:40:00.0946 1340        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:00.0946 1340        AppID - ok
15:40:00.0946 1340        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:00.0946 1340        AppIDSvc - ok
15:40:00.0962 1340        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:00.0962 1340        Appinfo - ok
15:40:00.0962 1340        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:00.0962 1340        AppMgmt - ok
15:40:00.0977 1340        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:40:00.0977 1340        arc - ok
15:40:00.0993 1340        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:40:00.0993 1340        arcsas - ok
15:40:01.0008 1340        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:01.0008 1340        aspnet_state - ok
15:40:01.0008 1340        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:01.0008 1340        AsyncMac - ok
15:40:01.0008 1340        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:01.0008 1340        atapi - ok
15:40:01.0024 1340        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:01.0040 1340        AudioEndpointBuilder - ok
15:40:01.0055 1340        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:01.0055 1340        AudioSrv - ok
15:40:01.0055 1340        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:01.0055 1340        AxInstSV - ok
15:40:01.0071 1340        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:40:01.0086 1340        b06bdrv - ok
15:40:01.0086 1340        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:01.0102 1340        b57nd60a - ok
15:40:01.0118 1340        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:01.0118 1340        BDESVC - ok
15:40:01.0118 1340        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:01.0118 1340        Beep - ok
15:40:01.0133 1340        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:40:01.0149 1340        BITS - ok
15:40:01.0149 1340        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:01.0149 1340        blbdrive - ok
15:40:01.0149 1340        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:40:01.0149 1340        bowser - ok
15:40:01.0164 1340        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:40:01.0164 1340        BrFiltLo - ok
15:40:01.0180 1340        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:40:01.0180 1340        BrFiltUp - ok
15:40:01.0180 1340        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:01.0180 1340        Browser - ok
15:40:01.0196 1340        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:01.0196 1340        Brserid - ok
15:40:01.0196 1340        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:01.0196 1340        BrSerWdm - ok
15:40:01.0196 1340        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:01.0196 1340        BrUsbMdm - ok
15:40:01.0211 1340        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:01.0211 1340        BrUsbSer - ok
15:40:01.0211 1340        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:40:01.0211 1340        BTHMODEM - ok
15:40:01.0242 1340        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:01.0242 1340        bthserv - ok
15:40:01.0242 1340        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:01.0242 1340        cdfs - ok
15:40:01.0258 1340        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:40:01.0258 1340        cdrom - ok
15:40:01.0258 1340        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:01.0258 1340        CertPropSvc - ok
15:40:01.0274 1340        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:40:01.0274 1340        circlass - ok
15:40:01.0305 1340        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:01.0305 1340        CLFS - ok
15:40:01.0305 1340        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:01.0320 1340        clr_optimization_v2.0.50727_32 - ok
15:40:01.0320 1340        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:01.0320 1340        clr_optimization_v2.0.50727_64 - ok
15:40:01.0336 1340        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:01.0336 1340        clr_optimization_v4.0.30319_32 - ok
15:40:01.0367 1340        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:01.0367 1340        clr_optimization_v4.0.30319_64 - ok
15:40:01.0367 1340        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:40:01.0367 1340        CmBatt - ok
15:40:01.0383 1340        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:01.0383 1340        cmdide - ok
15:40:01.0383 1340        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:01.0398 1340        CNG - ok
15:40:01.0398 1340        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:40:01.0398 1340        Compbatt - ok
15:40:01.0398 1340        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:40:01.0398 1340        CompositeBus - ok
15:40:01.0414 1340        COMSysApp - ok
15:40:01.0430 1340        CPoEthProt      (aca9762a169028bf76a3bb6374cb82f5) C:\Windows\system32\DRIVERS\CPoEthProt.sys
15:40:01.0430 1340        CPoEthProt - ok
15:40:01.0430 1340        CPVMidi        (9f09dd50ee5da60903ed20bbd09baf0d) C:\Windows\system32\DRIVERS\CPVMidi.sys
15:40:01.0430 1340        CPVMidi - ok
15:40:01.0461 1340        CPVNM          (408bf9e50edc0b55d957df34bfb589e8) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
15:40:01.0476 1340        CPVNM - ok
15:40:01.0492 1340        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:40:01.0492 1340        crcdisk - ok
15:40:01.0492 1340        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:01.0492 1340        CryptSvc - ok
15:40:01.0508 1340        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:01.0508 1340        CSC - ok
15:40:01.0523 1340        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:01.0539 1340        CscService - ok
15:40:01.0554 1340        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:01.0570 1340        DcomLaunch - ok
15:40:01.0570 1340        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:01.0570 1340        defragsvc - ok
15:40:01.0586 1340        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:01.0586 1340        DfsC - ok
15:40:01.0586 1340        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:01.0601 1340        Dhcp - ok
15:40:01.0617 1340        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:01.0617 1340        discache - ok
15:40:01.0632 1340        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:40:01.0632 1340        Disk - ok
15:40:01.0648 1340        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:40:01.0648 1340        dmvsc - ok
15:40:01.0664 1340        Dnscache        (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:01.0664 1340        Dnscache - ok
15:40:01.0695 1340        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:01.0695 1340        dot3svc - ok
15:40:01.0726 1340        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:01.0726 1340        DPS - ok
15:40:01.0742 1340        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:01.0742 1340        drmkaud - ok
15:40:01.0788 1340        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:01.0804 1340        DXGKrnl - ok
15:40:01.0820 1340        e1qexpress      (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
15:40:01.0820 1340        e1qexpress - ok
15:40:01.0835 1340        e1yexpress      (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
15:40:01.0835 1340        e1yexpress - ok
15:40:01.0835 1340        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:01.0835 1340        EapHost - ok
15:40:01.0913 1340        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:40:01.0944 1340        ebdrv - ok
15:40:01.0960 1340        EFS            (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:01.0960 1340        EFS - ok
15:40:01.0991 1340        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:02.0007 1340        ehRecvr - ok
15:40:02.0007 1340        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:02.0007 1340        ehSched - ok
15:40:02.0022 1340        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:40:02.0038 1340        elxstor - ok
15:40:02.0054 1340        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:02.0054 1340        ErrDev - ok
15:40:02.0069 1340        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:02.0069 1340        EventSystem - ok
15:40:02.0085 1340        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:02.0085 1340        exfat - ok
15:40:02.0085 1340        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:02.0100 1340        fastfat - ok
15:40:02.0116 1340        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:02.0132 1340        Fax - ok
15:40:02.0132 1340        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:40:02.0132 1340        fdc - ok
15:40:02.0132 1340        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:02.0132 1340        fdPHost - ok
15:40:02.0147 1340        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:02.0147 1340        FDResPub - ok
15:40:02.0147 1340        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:02.0147 1340        FileInfo - ok
15:40:02.0147 1340        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:02.0147 1340        Filetrace - ok
15:40:02.0163 1340        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:40:02.0163 1340        flpydisk - ok
15:40:02.0178 1340        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:02.0178 1340        FltMgr - ok
15:40:02.0210 1340        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:02.0210 1340        FontCache - ok
15:40:02.0241 1340        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:02.0241 1340        FontCache3.0.0.0 - ok
15:40:02.0241 1340        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:02.0241 1340        FsDepends - ok
15:40:02.0241 1340        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:02.0241 1340        Fs_Rec - ok
15:40:02.0256 1340        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:02.0256 1340        fvevol - ok
15:40:02.0256 1340        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:40:02.0256 1340        gagp30kx - ok
15:40:02.0272 1340        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:02.0303 1340        gpsvc - ok
15:40:02.0303 1340        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:02.0303 1340        hcw85cir - ok
15:40:02.0319 1340        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:02.0319 1340        HdAudAddService - ok
15:40:02.0319 1340        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:02.0319 1340        HDAudBus - ok
15:40:02.0334 1340        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:40:02.0334 1340        HidBatt - ok
15:40:02.0334 1340        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:40:02.0334 1340        HidBth - ok
15:40:02.0366 1340        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:40:02.0366 1340        HidIr - ok
15:40:02.0366 1340        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:40:02.0366 1340        hidserv - ok
15:40:02.0366 1340        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:02.0366 1340        HidUsb - ok
15:40:02.0381 1340        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:02.0381 1340        hkmsvc - ok
15:40:02.0381 1340        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:02.0381 1340        HomeGroupListener - ok
15:40:02.0397 1340        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:02.0397 1340        HomeGroupProvider - ok
15:40:02.0412 1340        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:02.0412 1340        HpSAMD - ok
15:40:02.0428 1340        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:02.0444 1340        HTTP - ok
15:40:02.0444 1340        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:02.0444 1340        hwpolicy - ok
15:40:02.0459 1340        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:02.0459 1340        i8042prt - ok
15:40:02.0490 1340        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:02.0490 1340        iaStorV - ok
15:40:02.0490 1340        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:40:02.0506 1340        IDriverT - ok
15:40:02.0522 1340        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:02.0553 1340        idsvc - ok
15:40:02.0568 1340        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:40:02.0568 1340        iirsp - ok
15:40:02.0584 1340        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:02.0600 1340        IKEEXT - ok
15:40:02.0662 1340        IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
15:40:02.0678 1340        IntcAzAudAddService - ok
15:40:02.0693 1340        Intel(R) PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
15:40:02.0709 1340        Intel(R) PROSet Monitoring Service - ok
15:40:02.0709 1340        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:02.0709 1340        intelide - ok
15:40:02.0709 1340        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:02.0709 1340        intelppm - ok
15:40:02.0709 1340        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:02.0724 1340        IPBusEnum - ok
15:40:02.0740 1340        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:02.0740 1340        IpFilterDriver - ok
15:40:02.0756 1340        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:02.0756 1340        IPMIDRV - ok
15:40:02.0771 1340        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:02.0771 1340        IPNAT - ok
15:40:02.0771 1340        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:02.0771 1340        IRENUM - ok
15:40:02.0771 1340        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:02.0771 1340        isapnp - ok
15:40:02.0802 1340        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:02.0802 1340        iScsiPrt - ok
15:40:02.0802 1340        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:02.0802 1340        kbdclass - ok
15:40:02.0802 1340        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:02.0802 1340        kbdhid - ok
15:40:02.0818 1340        KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:02.0818 1340        KeyIso - ok
15:40:02.0818 1340        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:02.0818 1340        KSecDD - ok
15:40:02.0818 1340        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:02.0818 1340        KSecPkg - ok
15:40:02.0834 1340        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:02.0834 1340        ksthunk - ok
15:40:02.0834 1340        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:02.0849 1340        KtmRm - ok
15:40:02.0865 1340        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:40:02.0865 1340        LanmanServer - ok
15:40:02.0865 1340        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:02.0880 1340        LanmanWorkstation - ok
15:40:02.0880 1340        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:02.0880 1340        lltdio - ok
15:40:02.0896 1340        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:02.0896 1340        lltdsvc - ok
15:40:02.0896 1340        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:02.0896 1340        lmhosts - ok
15:40:02.0927 1340        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:40:02.0927 1340        LSI_FC - ok
15:40:02.0943 1340        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:40:02.0943 1340        LSI_SAS - ok
15:40:02.0958 1340        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:40:02.0958 1340        LSI_SAS2 - ok
15:40:02.0990 1340        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:40:02.0990 1340        LSI_SCSI - ok
15:40:02.0990 1340        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:02.0990 1340        luafv - ok
15:40:03.0005 1340        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:03.0005 1340        MBAMProtector - ok
15:40:03.0021 1340        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:03.0021 1340        MBAMService - ok
15:40:03.0052 1340        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:03.0052 1340        Mcx2Svc - ok
15:40:03.0052 1340        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:40:03.0052 1340        megasas - ok
15:40:03.0068 1340        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:40:03.0083 1340        MegaSR - ok
15:40:03.0083 1340        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:03.0083 1340        MMCSS - ok
15:40:03.0083 1340        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:03.0083 1340        Modem - ok
15:40:03.0083 1340        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:03.0083 1340        monitor - ok
15:40:03.0114 1340        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:03.0114 1340        mouclass - ok
15:40:03.0114 1340        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:03.0114 1340        mouhid - ok
15:40:03.0130 1340        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:03.0130 1340        mountmgr - ok
15:40:03.0130 1340        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:40:03.0130 1340        MozillaMaintenance - ok
15:40:03.0146 1340        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:03.0146 1340        mpio - ok
15:40:03.0177 1340        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:03.0177 1340        mpsdrv - ok
15:40:03.0192 1340        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:03.0192 1340        MRxDAV - ok
15:40:03.0192 1340        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:03.0192 1340        mrxsmb - ok
15:40:03.0208 1340        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:03.0208 1340        mrxsmb10 - ok
15:40:03.0239 1340        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:03.0239 1340        mrxsmb20 - ok
15:40:03.0239 1340        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:40:03.0239 1340        msahci - ok
15:40:03.0255 1340        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:40:03.0255 1340        msdsm - ok
15:40:03.0270 1340        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:40:03.0270 1340        MSDTC - ok
15:40:03.0270 1340        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:40:03.0286 1340        Msfs - ok
15:40:03.0302 1340        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:40:03.0302 1340        mshidkmdf - ok
15:40:03.0302 1340        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:40:03.0302 1340        msisadrv - ok
15:40:03.0317 1340        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:40:03.0317 1340        MSiSCSI - ok
15:40:03.0317 1340        msiserver - ok
15:40:03.0317 1340        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:40:03.0317 1340        MSKSSRV - ok
15:40:03.0317 1340        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:03.0317 1340        MSPCLOCK - ok
15:40:03.0333 1340        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:40:03.0333 1340        MSPQM - ok
15:40:03.0333 1340        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:40:03.0348 1340        MsRPC - ok
15:40:03.0364 1340        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:40:03.0364 1340        mssmbios - ok
15:40:03.0364 1340        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:40:03.0364 1340        MSTEE - ok
15:40:03.0364 1340        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:40:03.0364 1340        MTConfig - ok
15:40:03.0364 1340        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:40:03.0380 1340        Mup - ok
15:40:03.0380 1340        mv61xx          (3bf808a71e26d88ff2bef841beeb2960) C:\Windows\system32\DRIVERS\mv61xx.sys
15:40:03.0380 1340        mv61xx - ok
15:40:03.0395 1340        mv91xx          (841861addc16daf618f207efccdfbebf) C:\Windows\system32\DRIVERS\mv91xx.sys
15:40:03.0395 1340        mv91xx - ok
15:40:03.0411 1340        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:40:03.0411 1340        napagent - ok
15:40:03.0426 1340        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:40:03.0442 1340        NativeWifiP - ok
15:40:03.0458 1340        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:40:03.0473 1340        NDIS - ok
15:40:03.0489 1340        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:03.0489 1340        NdisCap - ok
15:40:03.0489 1340        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:03.0489 1340        NdisTapi - ok
15:40:03.0504 1340        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:03.0504 1340        Ndisuio - ok
15:40:03.0504 1340        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:03.0504 1340        NdisWan - ok
15:40:03.0504 1340        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:40:03.0504 1340        NDProxy - ok
15:40:03.0520 1340        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:40:03.0520 1340        NetBIOS - ok
15:40:03.0520 1340        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:40:03.0520 1340        NetBT - ok
15:40:03.0536 1340        Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:03.0536 1340        Netlogon - ok
15:40:03.0551 1340        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:40:03.0551 1340        Netman - ok
15:40:03.0567 1340        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0567 1340        NetMsmqActivator - ok
15:40:03.0567 1340        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0567 1340        NetPipeActivator - ok
15:40:03.0582 1340        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:40:03.0582 1340        netprofm - ok
15:40:03.0614 1340        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0614 1340        NetTcpActivator - ok
15:40:03.0614 1340        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:03.0614 1340        NetTcpPortSharing - ok
15:40:03.0629 1340        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:40:03.0629 1340        nfrd960 - ok
15:40:03.0629 1340        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:40:03.0645 1340        NlaSvc - ok
15:40:03.0645 1340        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:40:03.0645 1340        Npfs - ok
15:40:03.0645 1340        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:40:03.0645 1340        nsi - ok
15:40:03.0660 1340        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:40:03.0660 1340        nsiproxy - ok
15:40:03.0707 1340        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:40:03.0723 1340        Ntfs - ok
15:40:03.0738 1340        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:40:03.0738 1340        Null - ok
15:40:03.0754 1340        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:40:03.0754 1340        nusb3hub - ok
15:40:03.0770 1340        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:40:03.0770 1340        nusb3xhc - ok
15:40:03.0801 1340        NVHDA          (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
15:40:03.0801 1340        NVHDA - ok
15:40:04.0066 1340        nvlddmkm        (7c03d09b48c212524414cd17fca4ed84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:40:04.0175 1340        nvlddmkm - ok
15:40:04.0191 1340        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:40:04.0191 1340        nvraid - ok
15:40:04.0206 1340        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:40:04.0206 1340        nvstor - ok
15:40:04.0238 1340        NVSvc          (03cee0a780ea86e11975714a490184f9) C:\Windows\system32\nvvsvc.exe
15:40:04.0238 1340        NVSvc - ok
15:40:04.0253 1340        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:40:04.0253 1340        nv_agp - ok
15:40:04.0269 1340        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:40:04.0269 1340        ohci1394 - ok
15:40:04.0284 1340        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:04.0300 1340        p2pimsvc - ok
15:40:04.0300 1340        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:40:04.0316 1340        p2psvc - ok
15:40:04.0331 1340        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:40:04.0331 1340        Parport - ok
15:40:04.0331 1340        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:40:04.0331 1340        partmgr - ok
15:40:04.0331 1340        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:40:04.0331 1340        PcaSvc - ok
15:40:04.0362 1340        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:40:04.0362 1340        pci - ok
15:40:04.0362 1340        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:40:04.0362 1340        pciide - ok
15:40:04.0378 1340        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:40:04.0378 1340        pcmcia - ok
15:40:04.0378 1340        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:40:04.0378 1340        pcw - ok
15:40:04.0394 1340        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:40:04.0409 1340        PEAUTH - ok
15:40:04.0440 1340        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:40:04.0456 1340        PeerDistSvc - ok
15:40:04.0487 1340        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:40:04.0487 1340        PerfHost - ok
15:40:04.0534 1340        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:40:04.0550 1340        pla - ok
15:40:04.0565 1340        PlugPlay        (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:40:04.0565 1340        PlugPlay - ok
15:40:04.0565 1340        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:40:04.0565 1340        PNRPAutoReg - ok
15:40:04.0581 1340        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:04.0581 1340        PNRPsvc - ok
15:40:04.0596 1340        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:40:04.0596 1340        PolicyAgent - ok
15:40:04.0612 1340        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:40:04.0612 1340        Power - ok
15:40:04.0612 1340        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:40:04.0612 1340        PptpMiniport - ok
15:40:04.0628 1340        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:40:04.0628 1340        Processor - ok
15:40:04.0628 1340        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:40:04.0643 1340        ProfSvc - ok
15:40:04.0643 1340        ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:04.0643 1340        ProtectedStorage - ok
15:40:04.0643 1340        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:40:04.0643 1340        Psched - ok
15:40:04.0674 1340        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:40:04.0674 1340        PxHlpa64 - ok
15:40:04.0706 1340        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:40:04.0737 1340        ql2300 - ok
15:40:04.0768 1340        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:40:04.0768 1340        ql40xx - ok
15:40:04.0768 1340        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:40:04.0768 1340        QWAVE - ok
15:40:04.0799 1340        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:40:04.0799 1340        QWAVEdrv - ok
15:40:04.0799 1340        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:40:04.0799 1340        RasAcd - ok
15:40:04.0799 1340        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:04.0799 1340        RasAgileVpn - ok
15:40:04.0815 1340        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:40:04.0815 1340        RasAuto - ok
15:40:04.0815 1340        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:04.0815 1340        Rasl2tp - ok
15:40:04.0830 1340        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:40:04.0830 1340        RasMan - ok
15:40:04.0862 1340        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:04.0862 1340        RasPppoe - ok
15:40:04.0862 1340        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:40:04.0862 1340        RasSstp - ok
15:40:04.0877 1340        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:40:04.0877 1340        rdbss - ok
15:40:04.0877 1340        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:04.0877 1340        rdpbus - ok
15:40:04.0877 1340        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:04.0877 1340        RDPCDD - ok
15:40:04.0893 1340        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:40:04.0893 1340        RDPDR - ok
15:40:04.0893 1340        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:40:04.0893 1340        RDPENCDD - ok
15:40:04.0924 1340        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:40:04.0924 1340        RDPREFMP - ok
15:40:04.0924 1340        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:40:04.0924 1340        RDPWD - ok
15:40:04.0940 1340        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:40:04.0940 1340        rdyboost - ok
15:40:04.0955 1340        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:40:04.0955 1340        RemoteAccess - ok
15:40:04.0955 1340        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:40:04.0955 1340        RemoteRegistry - ok
15:40:04.0986 1340        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:40:04.0986 1340        RpcEptMapper - ok
15:40:04.0986 1340        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:40:04.0986 1340        RpcLocator - ok
15:40:05.0002 1340        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:05.0002 1340        RpcSs - ok
15:40:05.0002 1340        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:40:05.0018 1340        rspndr - ok
15:40:05.0018 1340        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:40:05.0018 1340        s3cap - ok
15:40:05.0018 1340        SaiK0CD5        (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
15:40:05.0018 1340        SaiK0CD5 - ok
15:40:05.0049 1340        SaiMini        (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
15:40:05.0049 1340        SaiMini - ok
15:40:05.0049 1340        SaiNtBus        (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
15:40:05.0049 1340        SaiNtBus - ok
15:40:05.0064 1340        SaiU0CD5        (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
15:40:05.0064 1340        SaiU0CD5 - ok
15:40:05.0064 1340        SamSs          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:05.0080 1340        SamSs - ok
15:40:05.0080 1340        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:40:05.0080 1340        sbp2port - ok
15:40:05.0111 1340        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:40:05.0111 1340        SCardSvr - ok
15:40:05.0111 1340        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:40:05.0111 1340        scfilter - ok
15:40:05.0142 1340        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:40:05.0142 1340        Schedule - ok
15:40:05.0158 1340        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:05.0158 1340        SCPolicySvc - ok
15:40:05.0174 1340        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:40:05.0174 1340        SDRSVC - ok
15:40:05.0174 1340        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:40:05.0174 1340        secdrv - ok
15:40:05.0189 1340        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:40:05.0189 1340        seclogon - ok
15:40:05.0189 1340        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:40:05.0189 1340        SENS - ok
15:40:05.0189 1340        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:40:05.0189 1340        SensrSvc - ok
15:40:05.0205 1340        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:40:05.0205 1340        Serenum - ok
15:40:05.0205 1340        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:40:05.0205 1340        Serial - ok
15:40:05.0205 1340        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:40:05.0205 1340        sermouse - ok
15:40:05.0236 1340        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:40:05.0236 1340        SessionEnv - ok
15:40:05.0236 1340        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:40:05.0236 1340        sffdisk - ok
15:40:05.0252 1340        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:40:05.0252 1340        sffp_mmc - ok
15:40:05.0252 1340        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:40:05.0252 1340        sffp_sd - ok
15:40:05.0252 1340        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:40:05.0252 1340        sfloppy - ok
15:40:05.0267 1340        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:40:05.0267 1340        ShellHWDetection - ok
15:40:05.0298 1340        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:40:05.0298 1340        SiSRaid2 - ok
15:40:05.0298 1340        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:40:05.0298 1340        SiSRaid4 - ok
15:40:05.0314 1340        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:40:05.0314 1340        Smb - ok
15:40:05.0330 1340        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:40:05.0330 1340        SNMPTRAP - ok
15:40:05.0330 1340        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:40:05.0330 1340        spldr - ok
15:40:05.0345 1340        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:40:05.0345 1340        Spooler - ok
15:40:05.0423 1340        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:40:05.0454 1340        sppsvc - ok
15:40:05.0486 1340        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:40:05.0486 1340        sppuinotify - ok
15:40:05.0501 1340        srv            (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:40:05.0501 1340        srv - ok
15:40:05.0517 1340        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:40:05.0517 1340        srv2 - ok
15:40:05.0517 1340        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:40:05.0517 1340        srvnet - ok
15:40:05.0532 1340        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:40:05.0532 1340        SSDPSRV - ok
15:40:05.0548 1340        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:40:05.0548 1340        SstpSvc - ok
15:40:05.0564 1340        Stereo Service  (31ab6192005102b0a16e75f02445c266) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:40:05.0564 1340        Stereo Service - ok
15:40:05.0564 1340        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:40:05.0564 1340        stexstor - ok
15:40:05.0579 1340        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:40:05.0579 1340        stisvc - ok
15:40:05.0610 1340        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:40:05.0610 1340        storflt - ok
15:40:05.0610 1340        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:40:05.0610 1340        StorSvc - ok
15:40:05.0610 1340        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:40:05.0626 1340        storvsc - ok
15:40:05.0626 1340        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:40:05.0626 1340        swenum - ok
15:40:05.0642 1340        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:40:05.0642 1340        SwitchBoard - ok
15:40:05.0657 1340        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:40:05.0673 1340        swprv - ok
15:40:05.0704 1340        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:40:05.0735 1340        SysMain - ok
15:40:05.0751 1340        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:40:05.0751 1340        TabletInputService - ok
15:40:05.0766 1340        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:40:05.0766 1340        TapiSrv - ok
15:40:05.0766 1340        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:40:05.0766 1340        TBS - ok
15:40:05.0829 1340        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:40:05.0844 1340        Tcpip - ok
15:40:05.0922 1340        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:40:05.0922 1340        TCPIP6 - ok
15:40:05.0954 1340        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:40:05.0954 1340        tcpipreg - ok
15:40:05.0954 1340        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:40:05.0954 1340        TDPIPE - ok
15:40:05.0985 1340        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:40:05.0985 1340        TDTCP - ok
15:40:05.0985 1340        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:40:05.0985 1340        tdx - ok
15:40:05.0985 1340        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:40:05.0985 1340        TermDD - ok
15:40:06.0000 1340        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:40:06.0016 1340        TermService - ok
15:40:06.0016 1340        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:40:06.0016 1340        Themes - ok
15:40:06.0016 1340        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:06.0032 1340        THREADORDER - ok
15:40:06.0047 1340        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:40:06.0047 1340        TrkWks - ok
15:40:06.0047 1340        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:40:06.0047 1340        TrustedInstaller - ok
15:40:06.0063 1340        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:06.0063 1340        tssecsrv - ok
15:40:06.0063 1340        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:40:06.0063 1340        TsUsbFlt - ok
15:40:06.0078 1340        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:40:06.0078 1340        TsUsbGD - ok
15:40:06.0094 1340        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:40:06.0094 1340        tunnel - ok
15:40:06.0110 1340        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:40:06.0110 1340        uagp35 - ok
15:40:06.0125 1340        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:40:06.0125 1340        udfs - ok
15:40:06.0125 1340        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:40:06.0125 1340        UI0Detect - ok
15:40:06.0141 1340        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:40:06.0141 1340        uliagpkx - ok
15:40:06.0141 1340        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:40:06.0141 1340        umbus - ok
15:40:06.0141 1340        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:40:06.0141 1340        UmPass - ok
15:40:06.0172 1340        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:40:06.0172 1340        UmRdpService - ok
15:40:06.0188 1340        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:40:06.0188 1340        upnphost - ok
15:40:06.0203 1340        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:06.0203 1340        usbccgp - ok
15:40:06.0203 1340        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:40:06.0203 1340        usbcir - ok
15:40:06.0234 1340        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
15:40:06.0234 1340        usbehci - ok
15:40:06.0234 1340        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
15:40:06.0234 1340        usbhub - ok
15:40:06.0250 1340        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:40:06.0250 1340        usbohci - ok
15:40:06.0250 1340        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:40:06.0250 1340        usbprint - ok
15:40:06.0266 1340        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:06.0266 1340        USBSTOR - ok
15:40:06.0266 1340        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:40:06.0266 1340        usbuhci - ok
15:40:06.0312 1340        uvnc_service    (ac5e6b891a09d5a41ea7f72a5df0a905) C:\Program Files (x86)\UltraVNC\WinVNC.exe
15:40:06.0328 1340        uvnc_service - ok
15:40:06.0359 1340        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:40:06.0359 1340        UxSms - ok
15:40:06.0375 1340        VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:06.0375 1340        VaultSvc - ok
15:40:06.0375 1340        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:40:06.0375 1340        vdrvroot - ok
15:40:06.0390 1340        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:40:06.0406 1340        vds - ok
15:40:06.0422 1340        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:06.0422 1340        vga - ok
15:40:06.0422 1340        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:40:06.0422 1340        VgaSave - ok
15:40:06.0437 1340        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:40:06.0437 1340        vhdmp - ok
15:40:06.0437 1340        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:40:06.0437 1340        viaide - ok
15:40:06.0453 1340        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:40:06.0453 1340        vmbus - ok
15:40:06.0453 1340        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:40:06.0453 1340        VMBusHID - ok
15:40:06.0468 1340        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:40:06.0468 1340        volmgr - ok
15:40:06.0484 1340        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:40:06.0484 1340        volmgrx - ok
15:40:06.0500 1340        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:40:06.0500 1340        volsnap - ok
15:40:06.0515 1340        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:40:06.0515 1340        vsmraid - ok
15:40:06.0546 1340        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:40:06.0562 1340        VSS - ok
15:40:06.0578 1340        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:40:06.0578 1340        vwifibus - ok
15:40:06.0593 1340        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:40:06.0593 1340        W32Time - ok
15:40:06.0609 1340        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:40:06.0609 1340        WacomPen - ok
15:40:06.0609 1340        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:06.0609 1340        WANARP - ok
15:40:06.0609 1340        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:06.0609 1340        Wanarpv6 - ok
15:40:06.0640 1340        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:40:06.0671 1340        wbengine - ok
15:40:06.0687 1340        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:40:06.0687 1340        WbioSrvc - ok
15:40:06.0702 1340        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:40:06.0702 1340        wcncsvc - ok
15:40:06.0702 1340        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:40:06.0718 1340        WcsPlugInService - ok
15:40:06.0734 1340        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:40:06.0734 1340        Wd - ok
15:40:06.0749 1340        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:40:06.0749 1340        Wdf01000 - ok
15:40:06.0749 1340        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:06.0765 1340        WdiServiceHost - ok
15:40:06.0765 1340        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:06.0765 1340        WdiSystemHost - ok
15:40:06.0765 1340        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:40:06.0780 1340        WebClient - ok
15:40:06.0796 1340        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:40:06.0796 1340        Wecsvc - ok
15:40:06.0796 1340        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:40:06.0796 1340        wercplsupport - ok
15:40:06.0812 1340        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:40:06.0812 1340        WerSvc - ok
15:40:06.0812 1340        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:06.0812 1340        WfpLwf - ok
15:40:06.0812 1340        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:40:06.0827 1340        WIMMount - ok
15:40:06.0827 1340        WinHttpAutoProxySvc - ok
15:40:06.0827 1340        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:40:06.0843 1340        Winmgmt - ok
15:40:06.0890 1340        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:40:06.0921 1340        WinRM - ok
15:40:06.0936 1340        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:06.0936 1340        WinUsb - ok
15:40:06.0983 1340        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:40:06.0983 1340        Wlansvc - ok
15:40:06.0983 1340        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:40:06.0983 1340        WmiAcpi - ok
15:40:06.0999 1340        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:40:06.0999 1340        wmiApSrv - ok
15:40:06.0999 1340        WMPNetworkSvc - ok
15:40:07.0014 1340        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:40:07.0014 1340        WPCSvc - ok
15:40:07.0014 1340        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:40:07.0014 1340        WPDBusEnum - ok
15:40:07.0030 1340        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:40:07.0030 1340        ws2ifsl - ok
15:40:07.0046 1340        WSearch - ok
15:40:07.0108 1340        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:40:07.0139 1340        wuauserv - ok
15:40:07.0170 1340        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:40:07.0170 1340        WudfPf - ok
15:40:07.0186 1340        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:07.0186 1340        WUDFRd - ok
15:40:07.0186 1340        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:40:07.0186 1340        wudfsvc - ok
15:40:07.0202 1340        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:40:07.0202 1340        WwanSvc - ok
15:40:07.0217 1340        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:40:07.0264 1340        \Device\Harddisk0\DR0 - ok
15:40:07.0280 1340        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:40:07.0592 1340        \Device\Harddisk1\DR1 - ok
15:40:07.0592 1340        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2
15:40:07.0888 1340        \Device\Harddisk2\DR2 - ok
15:40:07.0919 1340        MBR (0x1B8)    (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR3
15:40:08.0138 1340        \Device\Harddisk3\DR3 - ok
15:40:08.0138 1340        Boot (0x1200)  (dd2ff13e3bfc775e447d762246c17951) \Device\Harddisk0\DR0\Partition0
15:40:08.0138 1340        \Device\Harddisk0\DR0\Partition0 - ok
15:40:08.0153 1340        Boot (0x1200)  (ea53e5ba8bedebb5b7d8cee765054e0d) \Device\Harddisk0\DR0\Partition1
15:40:08.0169 1340        \Device\Harddisk0\DR0\Partition1 - ok
15:40:08.0169 1340        Boot (0x1200)  (13e918a31b083968eae1b80a0015342c) \Device\Harddisk0\DR0\Partition2
15:40:08.0169 1340        \Device\Harddisk0\DR0\Partition2 - ok
15:40:08.0169 1340        Boot (0x1200)  (2da48c7063a7c3b20610be09e88fcc9b) \Device\Harddisk1\DR1\Partition0
15:40:08.0169 1340        \Device\Harddisk1\DR1\Partition0 - ok
15:40:08.0169 1340        Boot (0x1200)  (572f46848f1f5c9dfab716d9d2a5f7be) \Device\Harddisk2\DR2\Partition0
15:40:08.0169 1340        \Device\Harddisk2\DR2\Partition0 - ok
15:40:08.0169 1340        Boot (0x1200)  (45f2922858ba887b1b11cadec108eb38) \Device\Harddisk2\DR2\Partition1
15:40:08.0169 1340        \Device\Harddisk2\DR2\Partition1 - ok
15:40:08.0184 1340        Boot (0x1200)  (7148b0ede6a33a008e6470f8da61af07) \Device\Harddisk3\DR3\Partition0
15:40:08.0184 1340        \Device\Harddisk3\DR3\Partition0 - ok
15:40:08.0184 1340        ============================================================
15:40:08.0184 1340        Scan finished
15:40:08.0184 1340        ============================================================
15:40:08.0184 0756        Detected object count: 0
15:40:08.0184 0756        Actual detected object count: 0
15:40:20.0025 1352        ============================================================
15:40:20.0025 1352        Scan started
15:40:20.0025 1352        Mode: Manual; SigCheck; TDLFS;
15:40:20.0025 1352        ============================================================
15:40:20.0945 1352        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys
15:40:20.0976 1352        1394ohci - ok
15:40:20.0992 1352        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:40:20.0992 1352        ACPI - ok
15:40:21.0008 1352        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:40:21.0023 1352        AcpiPmi - ok
15:40:21.0039 1352        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
15:40:21.0039 1352        adp94xx - ok
15:40:21.0054 1352        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
15:40:21.0070 1352        adpahci - ok
15:40:21.0086 1352        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
15:40:21.0101 1352        adpu320 - ok
15:40:21.0101 1352        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:40:21.0164 1352        AeLookupSvc - ok
15:40:21.0164 1352        AFD            (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
15:40:21.0226 1352        AFD - ok
15:40:21.0242 1352        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:40:21.0242 1352        agp440 - ok
15:40:21.0257 1352        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:40:21.0273 1352        ALG - ok
15:40:21.0273 1352        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:40:21.0288 1352        aliide - ok
15:40:21.0288 1352        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:40:21.0288 1352        amdide - ok
15:40:21.0304 1352        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
15:40:21.0304 1352        AmdK8 - ok
15:40:21.0320 1352        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
15:40:21.0335 1352        AmdPPM - ok
15:40:21.0351 1352        amdsata        (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:40:21.0351 1352        amdsata - ok
15:40:21.0366 1352        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
15:40:21.0366 1352        amdsbs - ok
15:40:21.0366 1352        amdxata        (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:40:21.0382 1352        amdxata - ok
15:40:21.0398 1352        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:40:21.0429 1352        AppID - ok
15:40:21.0429 1352        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:40:21.0460 1352        AppIDSvc - ok
15:40:21.0460 1352        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:40:21.0491 1352        Appinfo - ok
15:40:21.0507 1352        AppMgmt        (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:40:21.0522 1352        AppMgmt - ok
15:40:21.0522 1352        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
15:40:21.0538 1352        arc - ok
15:40:21.0538 1352        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
15:40:21.0554 1352        arcsas - ok
15:40:21.0569 1352        aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:40:21.0569 1352        aspnet_state - ok
15:40:21.0585 1352        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:40:21.0616 1352        AsyncMac - ok
15:40:21.0616 1352        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:40:21.0616 1352        atapi - ok
15:40:21.0632 1352        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:21.0678 1352        AudioEndpointBuilder - ok
15:40:21.0678 1352        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:40:21.0710 1352        AudioSrv - ok
15:40:21.0710 1352        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:40:21.0741 1352        AxInstSV - ok
15:40:21.0756 1352        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
15:40:21.0772 1352        b06bdrv - ok
15:40:21.0772 1352        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:40:21.0788 1352        b57nd60a - ok
15:40:21.0788 1352        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:40:21.0803 1352        BDESVC - ok
15:40:21.0803 1352        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:40:21.0834 1352        Beep - ok
15:40:21.0850 1352        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
15:40:21.0897 1352        BITS - ok
15:40:21.0897 1352        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:40:21.0912 1352        blbdrive - ok
15:40:21.0912 1352        bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
15:40:21.0944 1352        bowser - ok
15:40:21.0959 1352        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
15:40:21.0959 1352        BrFiltLo - ok
15:40:21.0959 1352        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
15:40:21.0975 1352        BrFiltUp - ok
15:40:21.0975 1352        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:40:22.0006 1352        Browser - ok
15:40:22.0022 1352        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:40:22.0037 1352        Brserid - ok
15:40:22.0037 1352        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:40:22.0053 1352        BrSerWdm - ok
15:40:22.0053 1352        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:40:22.0068 1352        BrUsbMdm - ok
15:40:22.0084 1352        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:40:22.0084 1352        BrUsbSer - ok
15:40:22.0100 1352        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
15:40:22.0100 1352        BTHMODEM - ok
15:40:22.0115 1352        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:40:22.0146 1352        bthserv - ok
15:40:22.0146 1352        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:40:22.0178 1352        cdfs - ok
15:40:22.0209 1352        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
15:40:22.0209 1352        cdrom - ok
15:40:22.0209 1352        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:22.0256 1352        CertPropSvc - ok
15:40:22.0271 1352        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
15:40:22.0287 1352        circlass - ok
15:40:22.0287 1352        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:40:22.0302 1352        CLFS - ok
15:40:22.0302 1352        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:40:22.0318 1352        clr_optimization_v2.0.50727_32 - ok
15:40:22.0334 1352        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:40:22.0334 1352        clr_optimization_v2.0.50727_64 - ok
15:40:22.0349 1352        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:40:22.0349 1352        clr_optimization_v4.0.30319_32 - ok
15:40:22.0365 1352        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:40:22.0365 1352        clr_optimization_v4.0.30319_64 - ok
15:40:22.0365 1352        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
15:40:22.0380 1352        CmBatt - ok
15:40:22.0396 1352        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:40:22.0396 1352        cmdide - ok
15:40:22.0412 1352        CNG            (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
15:40:22.0427 1352        CNG - ok
15:40:22.0427 1352        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
15:40:22.0427 1352        Compbatt - ok
15:40:22.0443 1352        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:40:22.0458 1352        CompositeBus - ok
15:40:22.0458 1352        COMSysApp - ok
15:40:22.0458 1352        CPoEthProt      (aca9762a169028bf76a3bb6374cb82f5) C:\Windows\system32\DRIVERS\CPoEthProt.sys
15:40:23.0847 1352        CPoEthProt - ok
15:40:23.0862 1352        CPVMidi        (9f09dd50ee5da60903ed20bbd09baf0d) C:\Windows\system32\DRIVERS\CPVMidi.sys
15:40:23.0862 1352        CPVMidi - ok
15:40:23.0894 1352        CPVNM          (408bf9e50edc0b55d957df34bfb589e8) C:\Program Files\CopperLan\CPVNM\CPVNM.exe
15:40:23.0894 1352        CPVNM ( UnsignedFile.Multi.Generic ) - warning
15:40:23.0894 1352        CPVNM - detected UnsignedFile.Multi.Generic (1)
15:40:23.0909 1352        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
15:40:23.0909 1352        crcdisk - ok
15:40:23.0909 1352        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
15:40:23.0956 1352        CryptSvc - ok
15:40:23.0956 1352        CSC            (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:40:23.0972 1352        CSC - ok
15:40:23.0987 1352        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:40:24.0003 1352        CscService - ok
15:40:24.0018 1352        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:24.0065 1352        DcomLaunch - ok
15:40:24.0081 1352        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:40:24.0112 1352        defragsvc - ok
15:40:24.0128 1352        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:40:24.0159 1352        DfsC - ok
15:40:24.0174 1352        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:40:24.0206 1352        Dhcp - ok
15:40:24.0206 1352        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:40:24.0237 1352        discache - ok
15:40:24.0252 1352        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
15:40:24.0252 1352        Disk - ok
15:40:24.0268 1352        dmvsc          (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
15:40:24.0284 1352        dmvsc - ok
15:40:24.0284 1352        Dnscache        (cd55f5355d8f55d44c9f4ed875705bd6) C:\Windows\System32\dnsrslvr.dll
15:40:24.0315 1352        Dnscache - ok
15:40:24.0330 1352        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:40:24.0362 1352        dot3svc - ok
15:40:24.0362 1352        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:40:24.0393 1352        DPS - ok
15:40:24.0393 1352        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:40:24.0408 1352        drmkaud - ok
15:40:24.0424 1352        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:40:24.0455 1352        DXGKrnl - ok
15:40:24.0455 1352        e1qexpress      (d1004b64292c1a802d53cd861695ace3) C:\Windows\system32\DRIVERS\e1q62x64.sys
15:40:24.0471 1352        e1qexpress - ok
15:40:24.0486 1352        e1yexpress      (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
15:40:24.0486 1352        e1yexpress - ok
15:40:24.0486 1352        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:40:24.0533 1352        EapHost - ok
15:40:24.0596 1352        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
15:40:24.0627 1352        ebdrv - ok
15:40:24.0642 1352        EFS            (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
15:40:24.0658 1352        EFS - ok
15:40:24.0674 1352        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:40:24.0689 1352        ehRecvr - ok
15:40:24.0705 1352        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:40:24.0705 1352        ehSched - ok
15:40:24.0720 1352        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
15:40:24.0736 1352        elxstor - ok
15:40:24.0736 1352        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:40:24.0752 1352        ErrDev - ok
15:40:24.0767 1352        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:40:24.0798 1352        EventSystem - ok
15:40:24.0830 1352        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:40:24.0861 1352        exfat - ok
15:40:24.0861 1352        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:40:24.0908 1352        fastfat - ok
15:40:24.0923 1352        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:40:24.0939 1352        Fax - ok
15:40:24.0954 1352        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
15:40:24.0954 1352        fdc - ok
15:40:24.0954 1352        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:40:24.0986 1352        fdPHost - ok
15:40:25.0001 1352        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:40:25.0032 1352        FDResPub - ok
15:40:25.0032 1352        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:40:25.0032 1352        FileInfo - ok
15:40:25.0032 1352        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:40:25.0079 1352        Filetrace - ok
15:40:25.0079 1352        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
15:40:25.0079 1352        flpydisk - ok
15:40:25.0095 1352        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:40:25.0095 1352        FltMgr - ok
15:40:25.0126 1352        FontCache      (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:40:25.0173 1352        FontCache - ok
15:40:25.0173 1352        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:40:25.0173 1352        FontCache3.0.0.0 - ok
15:40:25.0204 1352        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:40:25.0204 1352        FsDepends - ok
15:40:25.0204 1352        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
15:40:25.0204 1352        Fs_Rec - ok
15:40:25.0220 1352        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:40:25.0235 1352        fvevol - ok
15:40:25.0235 1352        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
15:40:25.0235 1352        gagp30kx - ok
15:40:25.0266 1352        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:40:25.0298 1352        gpsvc - ok
15:40:25.0298 1352        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:40:25.0313 1352        hcw85cir - ok
15:40:25.0329 1352        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
15:40:25.0344 1352        HdAudAddService - ok
15:40:25.0360 1352        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:40:25.0360 1352        HDAudBus - ok
15:40:25.0360 1352        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
15:40:25.0376 1352        HidBatt - ok
15:40:25.0391 1352        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
15:40:25.0407 1352        HidBth - ok
15:40:25.0407 1352        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
15:40:25.0422 1352        HidIr - ok
15:40:25.0422 1352        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:40:25.0454 1352        hidserv - ok
15:40:25.0454 1352        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
15:40:25.0469 1352        HidUsb - ok
15:40:25.0469 1352        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:40:25.0500 1352        hkmsvc - ok
15:40:25.0516 1352        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:40:25.0516 1352        HomeGroupListener - ok
15:40:25.0532 1352        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:40:25.0532 1352        HomeGroupProvider - ok
15:40:25.0547 1352        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:40:25.0547 1352        HpSAMD - ok
15:40:25.0578 1352        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:40:25.0625 1352        HTTP - ok
15:40:25.0641 1352        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:40:25.0641 1352        hwpolicy - ok
15:40:25.0656 1352        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:40:25.0656 1352        i8042prt - ok
15:40:25.0672 1352        iaStorV        (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:40:25.0688 1352        iaStorV - ok
15:40:25.0703 1352        IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
15:40:25.0703 1352        IDriverT ( UnsignedFile.Multi.Generic ) - warning
15:40:25.0703 1352        IDriverT - detected UnsignedFile.Multi.Generic (1)
15:40:25.0719 1352        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:40:25.0734 1352        idsvc - ok
15:40:25.0766 1352        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
15:40:25.0766 1352        iirsp - ok
15:40:25.0781 1352        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:40:25.0828 1352        IKEEXT - ok
15:40:25.0875 1352        IntcAzAudAddService (e8017f1662d9142f45ceab694d013c00) C:\Windows\system32\drivers\RTKVHD64.sys
15:40:25.0922 1352        IntcAzAudAddService - ok
15:40:25.0953 1352        Intel(R) PROSet Monitoring Service (28d387eefad7cc3a0beb9c3262e83add) C:\Windows\system32\IProsetMonitor.exe
15:40:25.0953 1352        Intel(R) PROSet Monitoring Service - ok
15:40:25.0953 1352        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:40:25.0968 1352        intelide - ok
15:40:25.0968 1352        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:40:25.0984 1352        intelppm - ok
15:40:25.0984 1352        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:40:26.0015 1352        IPBusEnum - ok
15:40:26.0031 1352        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:40:26.0062 1352        IpFilterDriver - ok
15:40:26.0078 1352        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:40:26.0078 1352        IPMIDRV - ok
15:40:26.0093 1352        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:40:26.0124 1352        IPNAT - ok
15:40:26.0140 1352        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:40:26.0140 1352        IRENUM - ok
15:40:26.0156 1352        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:40:26.0156 1352        isapnp - ok
15:40:26.0171 1352        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:40:26.0171 1352        iScsiPrt - ok
15:40:26.0171 1352        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:40:26.0187 1352        kbdclass - ok
15:40:26.0202 1352        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
15:40:26.0202 1352        kbdhid - ok
15:40:26.0202 1352        KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:26.0218 1352        KeyIso - ok
15:40:26.0218 1352        KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
15:40:26.0234 1352        KSecDD - ok
15:40:26.0234 1352        KSecPkg        (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
15:40:26.0234 1352        KSecPkg - ok
15:40:26.0249 1352        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:40:26.0280 1352        ksthunk - ok
15:40:26.0280 1352        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:40:26.0327 1352        KtmRm - ok
15:40:26.0327 1352        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
15:40:26.0358 1352        LanmanServer - ok
15:40:26.0374 1352        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:40:26.0405 1352        LanmanWorkstation - ok
15:40:26.0405 1352        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:40:26.0436 1352        lltdio - ok
15:40:26.0452 1352        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:40:26.0483 1352        lltdsvc - ok
15:40:26.0499 1352        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:40:26.0546 1352        lmhosts - ok
15:40:26.0546 1352        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
15:40:26.0561 1352        LSI_FC - ok
15:40:26.0577 1352        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
15:40:26.0577 1352        LSI_SAS - ok
15:40:26.0592 1352        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
15:40:26.0592 1352        LSI_SAS2 - ok
15:40:26.0608 1352        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
15:40:26.0624 1352        LSI_SCSI - ok
15:40:26.0639 1352        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:40:26.0670 1352        luafv - ok
15:40:26.0670 1352        MBAMProtector  (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:40:26.0670 1352        MBAMProtector - ok
15:40:26.0702 1352        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:40:26.0717 1352        MBAMService - ok
15:40:26.0733 1352        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:40:26.0733 1352        Mcx2Svc - ok
15:40:26.0764 1352        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
15:40:26.0764 1352        megasas - ok
15:40:26.0780 1352        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
15:40:26.0795 1352        MegaSR - ok
15:40:26.0795 1352        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:26.0826 1352        MMCSS - ok
15:40:26.0826 1352        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:40:26.0858 1352        Modem - ok
15:40:26.0858 1352        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:40:26.0873 1352        monitor - ok
15:40:26.0889 1352        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:40:26.0889 1352        mouclass - ok
15:40:26.0889 1352        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:40:26.0904 1352        mouhid - ok
15:40:26.0904 1352        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:40:26.0904 1352        mountmgr - ok
15:40:26.0920 1352        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:40:26.0920 1352        MozillaMaintenance - ok
15:40:26.0951 1352        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:40:26.0967 1352        mpio - ok
15:40:26.0967 1352        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:40:26.0998 1352        mpsdrv - ok
15:40:27.0014 1352        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:40:27.0029 1352        MRxDAV - ok
15:40:27.0029 1352        mrxsmb          (faf015b07e3a2874a790a39b7d2c579f) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:40:27.0060 1352        mrxsmb - ok
15:40:27.0076 1352        mrxsmb10        (08e2345df129082bcdffdc1440f9c00d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:40:27.0107 1352        mrxsmb10 - ok
15:40:27.0107 1352        mrxsmb20        (108d87409c5812ef47d81e22843e8c9d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:40:27.0154 1352        mrxsmb20 - ok
15:40:27.0170 1352        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:40:27.0170 1352        msahci - ok
15:40:27.0185 1352        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:40:27.0201 1352        msdsm - ok
15:40:27.0216 1352        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:40:27.0216 1352        MSDTC - ok
15:40:27.0232 1352        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:40:27.0263 1352        Msfs - ok
15:40:27.0263 1352        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:40:27.0294 1352        mshidkmdf - ok
15:40:27.0294 1352        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:40:27.0294 1352        msisadrv - ok
15:40:27.0310 1352        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:40:27.0341 1352        MSiSCSI - ok
15:40:27.0341 1352        msiserver - ok
15:40:27.0357 1352        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:40:27.0388 1352        MSKSSRV - ok
15:40:27.0388 1352        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:40:27.0419 1352        MSPCLOCK - ok
15:40:27.0419 1352        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:40:27.0450 1352        MSPQM - ok
15:40:27.0466 1352        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:40:27.0466 1352        MsRPC - ok
15:40:27.0466 1352        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:40:27.0482 1352        mssmbios - ok
15:40:27.0482 1352        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:40:27.0513 1352        MSTEE - ok
15:40:27.0513 1352        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
15:40:27.0528 1352        MTConfig - ok
15:40:27.0528 1352        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:40:27.0528 1352        Mup - ok
15:40:27.0544 1352        mv61xx          (3bf808a71e26d88ff2bef841beeb2960) C:\Windows\system32\DRIVERS\mv61xx.sys
15:40:27.0544 1352        mv61xx - ok
15:40:27.0560 1352        mv91xx          (841861addc16daf618f207efccdfbebf) C:\Windows\system32\DRIVERS\mv91xx.sys
15:40:27.0560 1352        mv91xx - ok
15:40:27.0575 1352        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:40:27.0606 1352        napagent - ok
15:40:27.0638 1352        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:40:27.0653 1352        NativeWifiP - ok
15:40:27.0669 1352        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:40:27.0700 1352        NDIS - ok
15:40:27.0700 1352        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:40:27.0731 1352        NdisCap - ok
15:40:27.0731 1352        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:40:27.0762 1352        NdisTapi - ok
15:40:27.0778 1352        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:40:27.0809 1352        Ndisuio - ok
15:40:27.0825 1352        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:40:27.0856 1352        NdisWan - ok
15:40:27.0856 1352        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:40:27.0887 1352        NDProxy - ok
15:40:27.0887 1352        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:40:27.0918 1352        NetBIOS - ok
15:40:27.0934 1352        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:40:27.0965 1352        NetBT - ok
15:40:27.0965 1352        Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:27.0981 1352        Netlogon - ok
15:40:27.0981 1352        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:40:28.0028 1352        Netman - ok
15:40:28.0028 1352        NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0043 1352        NetMsmqActivator - ok
15:40:28.0043 1352        NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0043 1352        NetPipeActivator - ok
15:40:28.0059 1352        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:40:28.0090 1352        netprofm - ok
15:40:28.0106 1352        NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0106 1352        NetTcpActivator - ok
15:40:28.0106 1352        NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:40:28.0106 1352        NetTcpPortSharing - ok
15:40:28.0137 1352        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
15:40:28.0137 1352        nfrd960 - ok
15:40:28.0152 1352        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:40:28.0184 1352        NlaSvc - ok
15:40:28.0199 1352        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:40:28.0230 1352        Npfs - ok
15:40:28.0230 1352        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:40:28.0262 1352        nsi - ok
15:40:28.0262 1352        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:40:28.0293 1352        nsiproxy - ok
15:40:28.0340 1352        Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:40:28.0371 1352        Ntfs - ok
15:40:28.0386 1352        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:40:28.0418 1352        Null - ok
15:40:28.0433 1352        nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
15:40:28.0433 1352        nusb3hub - ok
15:40:28.0449 1352        nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
15:40:28.0449 1352        nusb3xhc - ok
15:40:28.0464 1352        NVHDA          (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
15:40:28.0464 1352        NVHDA - ok
15:40:28.0730 1352        nvlddmkm        (7c03d09b48c212524414cd17fca4ed84) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:40:28.0917 1352        nvlddmkm - ok
15:40:28.0948 1352        nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:40:28.0964 1352        nvraid - ok
15:40:28.0964 1352        nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:40:28.0979 1352        nvstor - ok
15:40:28.0995 1352        NVSvc          (03cee0a780ea86e11975714a490184f9) C:\Windows\system32\nvvsvc.exe
15:40:29.0010 1352        NVSvc - ok
15:40:29.0026 1352        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:40:29.0026 1352        nv_agp - ok
15:40:29.0042 1352        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:40:29.0057 1352        ohci1394 - ok
15:40:29.0073 1352        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:29.0088 1352        p2pimsvc - ok
15:40:29.0088 1352        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:40:29.0104 1352        p2psvc - ok
15:40:29.0120 1352        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
15:40:29.0135 1352        Parport - ok
15:40:29.0135 1352        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
15:40:29.0135 1352        partmgr - ok
15:40:29.0151 1352        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:40:29.0166 1352        PcaSvc - ok
15:40:29.0166 1352        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:40:29.0182 1352        pci - ok
15:40:29.0198 1352        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:40:29.0198 1352        pciide - ok
15:40:29.0198 1352        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
15:40:29.0213 1352        pcmcia - ok
15:40:29.0213 1352        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:40:29.0229 1352        pcw - ok
15:40:29.0229 1352        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:40:29.0276 1352        PEAUTH - ok
15:40:29.0307 1352        PeerDistSvc    (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:40:29.0322 1352        PeerDistSvc - ok
15:40:29.0338 1352        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:40:29.0354 1352        PerfHost - ok
15:40:29.0400 1352        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:40:29.0447 1352        pla - ok
15:40:29.0463 1352        PlugPlay        (b806e50427511bcf4ad8e8239c3e25fa) C:\Windows\system32\umpnpmgr.dll
15:40:29.0494 1352        PlugPlay - ok
15:40:29.0510 1352        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:40:29.0510 1352        PNRPAutoReg - ok
15:40:29.0525 1352        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:40:29.0525 1352        PNRPsvc - ok
15:40:29.0541 1352        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:40:29.0572 1352        PolicyAgent - ok
15:40:29.0588 1352        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:40:29.0619 1352        Power - ok
15:40:29.0634 1352        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:40:29.0666 1352        PptpMiniport - ok
15:40:29.0666 1352        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
15:40:29.0681 1352        Processor - ok
15:40:29.0697 1352        ProfSvc        (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:40:29.0728 1352        ProfSvc - ok
15:40:29.0728 1352        ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:29.0744 1352        ProtectedStorage - ok
15:40:29.0759 1352        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:40:29.0790 1352        Psched - ok
15:40:29.0790 1352        PxHlpa64        (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
15:40:29.0790 1352        PxHlpa64 - ok
15:40:29.0837 1352        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
15:40:29.0868 1352        ql2300 - ok
15:40:29.0900 1352        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
15:40:29.0900 1352        ql40xx - ok
15:40:29.0915 1352        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:40:29.0931 1352        QWAVE - ok
15:40:29.0946 1352        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:40:29.0946 1352        QWAVEdrv - ok
15:40:29.0962 1352        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:40:29.0993 1352        RasAcd - ok
15:40:30.0009 1352        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:40:30.0040 1352        RasAgileVpn - ok
15:40:30.0040 1352        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:40:30.0071 1352        RasAuto - ok
15:40:30.0071 1352        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:40:30.0118 1352        Rasl2tp - ok
15:40:30.0134 1352        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:40:30.0165 1352        RasMan - ok
15:40:30.0165 1352        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:40:30.0212 1352        RasPppoe - ok
15:40:30.0212 1352        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:40:30.0243 1352        RasSstp - ok
15:40:30.0258 1352        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:40:30.0290 1352        rdbss - ok
15:40:30.0290 1352        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:40:30.0305 1352        rdpbus - ok
15:40:30.0321 1352        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:40:30.0352 1352        RDPCDD - ok
15:40:30.0352 1352        RDPDR          (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:40:30.0368 1352        RDPDR - ok
15:40:30.0368 1352        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:40:30.0414 1352        RDPENCDD - ok
15:40:30.0414 1352        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:40:30.0446 1352        RDPREFMP - ok
15:40:30.0446 1352        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
15:40:30.0492 1352        RDPWD - ok
15:40:30.0508 1352        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:40:30.0508 1352        rdyboost - ok
15:40:30.0524 1352        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:40:30.0555 1352        RemoteAccess - ok
15:40:30.0570 1352        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:40:30.0602 1352        RemoteRegistry - ok
15:40:30.0602 1352        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:40:30.0633 1352        RpcEptMapper - ok
15:40:30.0633 1352        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:40:30.0648 1352        RpcLocator - ok
15:40:30.0664 1352        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:40:30.0695 1352        RpcSs - ok
15:40:30.0711 1352        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:40:30.0742 1352        rspndr - ok
15:40:30.0758 1352        s3cap          (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:40:30.0758 1352        s3cap - ok
15:40:30.0773 1352        SaiK0CD5        (858c15a70af2900c03daa4419b973903) C:\Windows\system32\DRIVERS\SaiK0CD5.sys
15:40:30.0773 1352        SaiK0CD5 - ok
15:40:30.0773 1352        SaiMini        (e124bcfb55adcd4aa273e73c3d666f9f) C:\Windows\system32\DRIVERS\SaiMini.sys
15:40:30.0773 1352        SaiMini - ok
15:40:30.0789 1352        SaiNtBus        (94ab59e2d3f301dc2b6ea97a027cebfa) C:\Windows\system32\drivers\SaiBus.sys
15:40:30.0789 1352        SaiNtBus - ok
15:40:30.0804 1352        SaiU0CD5        (866efd804302483de27e3947b25d0fab) C:\Windows\system32\DRIVERS\SaiU0CD5.sys
15:40:30.0804 1352        SaiU0CD5 - ok
15:40:30.0820 1352        SamSs          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:30.0820 1352        SamSs - ok
15:40:30.0836 1352        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:40:30.0836 1352        sbp2port - ok
15:40:30.0851 1352        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:40:30.0882 1352        SCardSvr - ok
15:40:30.0882 1352        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:40:30.0914 1352        scfilter - ok
15:40:30.0960 1352        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:40:30.0992 1352        Schedule - ok
15:40:31.0007 1352        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:40:31.0038 1352        SCPolicySvc - ok
15:40:31.0038 1352        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:40:31.0054 1352        SDRSVC - ok
15:40:31.0070 1352        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:40:31.0101 1352        secdrv - ok
15:40:31.0101 1352        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:40:31.0132 1352        seclogon - ok
15:40:31.0132 1352        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:40:31.0163 1352        SENS - ok
15:40:31.0179 1352        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:40:31.0194 1352        SensrSvc - ok
15:40:31.0194 1352        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
15:40:31.0210 1352        Serenum - ok
15:40:31.0210 1352        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
15:40:31.0226 1352        Serial - ok
15:40:31.0226 1352        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
15:40:31.0226 1352        sermouse - ok
15:40:31.0257 1352        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:40:31.0288 1352        SessionEnv - ok
15:40:31.0288 1352        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:40:31.0304 1352        sffdisk - ok
15:40:31.0319 1352        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:40:31.0319 1352        sffp_mmc - ok
15:40:31.0319 1352        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:40:31.0335 1352        sffp_sd - ok
15:40:31.0335 1352        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
15:40:31.0350 1352        sfloppy - ok
15:40:31.0350 1352        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:40:31.0397 1352        ShellHWDetection - ok
15:40:31.0397 1352        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
15:40:31.0397 1352        SiSRaid2 - ok
15:40:31.0413 1352        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
15:40:31.0413 1352        SiSRaid4 - ok
15:40:31.0428 1352        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:40:31.0460 1352        Smb - ok
15:40:31.0460 1352        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:40:31.0475 1352        SNMPTRAP - ok
15:40:31.0475 1352        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:40:31.0491 1352        spldr - ok
15:40:31.0506 1352        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:40:31.0553 1352        Spooler - ok
15:40:31.0631 1352        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:40:31.0694 1352        sppsvc - ok
15:40:31.0709 1352        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:40:31.0740 1352        sppuinotify - ok
15:40:31.0756 1352        srv            (2098b8556d1cec2aca9a29cd479e3692) C:\Windows\system32\DRIVERS\srv.sys
15:40:31.0803 1352        srv - ok
15:40:31.0818 1352        srv2            (d0f73a42040f21f92fd314b42ac5c9e7) C:\Windows\system32\DRIVERS\srv2.sys
15:40:31.0850 1352        srv2 - ok
15:40:31.0865 1352        srvnet          (2ba8f3250828ccdb4204ecf2c6f40b6a) C:\Windows\system32\DRIVERS\srvnet.sys
15:40:31.0896 1352        srvnet - ok
15:40:31.0896 1352        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:40:31.0928 1352        SSDPSRV - ok
15:40:31.0943 1352        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:40:31.0974 1352        SstpSvc - ok
15:40:31.0974 1352        Stereo Service  (31ab6192005102b0a16e75f02445c266) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
15:40:31.0990 1352        Stereo Service - ok
15:40:32.0006 1352        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
15:40:32.0006 1352        stexstor - ok
15:40:32.0021 1352        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:40:32.0037 1352        stisvc - ok
15:40:32.0037 1352        storflt        (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:40:32.0052 1352        storflt - ok
15:40:32.0068 1352        StorSvc        (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
15:40:32.0068 1352        StorSvc - ok
15:40:32.0068 1352        storvsc        (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:40:32.0084 1352        storvsc - ok
15:40:32.0084 1352        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:40:32.0084 1352        swenum - ok
15:40:32.0099 1352        SwitchBoard    (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
15:40:32.0115 1352        SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
15:40:32.0115 1352        SwitchBoard - detected UnsignedFile.Multi.Generic (1)
15:40:32.0130 1352        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:40:32.0177 1352        swprv - ok
15:40:32.0224 1352        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:40:32.0255 1352        SysMain - ok
15:40:32.0271 1352        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:40:32.0286 1352        TabletInputService - ok
15:40:32.0286 1352        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:40:32.0333 1352        TapiSrv - ok
15:40:32.0349 1352        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:40:32.0380 1352        TBS - ok
15:40:32.0411 1352        Tcpip          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
15:40:32.0442 1352        Tcpip - ok
15:40:32.0505 1352        TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
15:40:32.0536 1352        TCPIP6 - ok
15:40:32.0567 1352        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:40:32.0598 1352        tcpipreg - ok
15:40:32.0598 1352        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:40:32.0630 1352        TDPIPE - ok
15:40:32.0630 1352        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
15:40:32.0661 1352        TDTCP - ok
15:40:32.0676 1352        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:40:32.0708 1352        tdx - ok
15:40:32.0723 1352        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
15:40:32.0723 1352        TermDD - ok
15:40:32.0739 1352        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:40:32.0770 1352        TermService - ok
15:40:32.0786 1352        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:40:32.0801 1352        Themes - ok
15:40:32.0817 1352        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:40:32.0848 1352        THREADORDER - ok
15:40:32.0848 1352        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:40:32.0879 1352        TrkWks - ok
15:40:32.0895 1352        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:40:32.0926 1352        TrustedInstaller - ok
15:40:32.0942 1352        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:40:32.0973 1352        tssecsrv - ok
15:40:32.0973 1352        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:40:32.0988 1352        TsUsbFlt - ok
15:40:33.0004 1352        TsUsbGD        (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
15:40:33.0004 1352        TsUsbGD - ok
15:40:33.0020 1352        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:40:33.0051 1352        tunnel - ok
15:40:33.0066 1352        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
15:40:33.0066 1352        uagp35 - ok
15:40:33.0082 1352        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:40:33.0113 1352        udfs - ok
15:40:33.0129 1352        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:40:33.0129 1352        UI0Detect - ok
15:40:33.0144 1352        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:40:33.0144 1352        uliagpkx - ok
15:40:33.0160 1352        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:40:33.0160 1352        umbus - ok
15:40:33.0160 1352        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
15:40:33.0176 1352        UmPass - ok
15:40:33.0191 1352        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:40:33.0191 1352        UmRdpService - ok
15:40:33.0207 1352        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:40:33.0238 1352        upnphost - ok
15:40:33.0254 1352        usbccgp        (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
15:40:33.0269 1352        usbccgp - ok
15:40:33.0269 1352        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:40:33.0285 1352        usbcir - ok
15:40:33.0285 1352        usbehci        (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\DRIVERS\usbehci.sys
15:40:33.0300 1352        usbehci - ok
15:40:33.0316 1352        usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
15:40:33.0332 1352        usbhub - ok
15:40:33.0332 1352        usbohci        (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:40:33.0332 1352        usbohci - ok
15:40:33.0347 1352        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
15:40:33.0347 1352        usbprint - ok
15:40:33.0363 1352        USBSTOR        (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:40:33.0378 1352        USBSTOR - ok
15:40:33.0378 1352        usbuhci        (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
15:40:33.0394 1352        usbuhci - ok
15:40:33.0425 1352        uvnc_service    (ac5e6b891a09d5a41ea7f72a5df0a905) C:\Program Files (x86)\UltraVNC\WinVNC.exe
15:40:33.0472 1352        uvnc_service - ok
15:40:33.0488 1352        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:40:33.0534 1352        UxSms - ok
15:40:33.0534 1352        VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
15:40:33.0550 1352        VaultSvc - ok
15:40:33.0566 1352        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:40:33.0566 1352        vdrvroot - ok
15:40:33.0581 1352        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:40:33.0612 1352        vds - ok
15:40:33.0628 1352        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:40:33.0628 1352        vga - ok
15:40:33.0628 1352        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:40:33.0675 1352        VgaSave - ok
15:40:33.0690 1352        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:40:33.0706 1352        vhdmp - ok
15:40:33.0706 1352        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:40:33.0706 1352        viaide - ok
15:40:33.0722 1352        vmbus          (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:40:33.0722 1352        vmbus - ok
15:40:33.0737 1352        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:40:33.0753 1352        VMBusHID - ok
15:40:33.0753 1352        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:40:33.0753 1352        volmgr - ok
15:40:33.0768 1352        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:40:33.0784 1352        volmgrx - ok
15:40:33.0784 1352        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:40:33.0800 1352        volsnap - ok
15:40:33.0815 1352        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
15:40:33.0831 1352        vsmraid - ok
15:40:33.0862 1352        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:40:33.0909 1352        VSS - ok
15:40:33.0924 1352        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:40:33.0940 1352        vwifibus - ok
15:40:33.0956 1352        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:40:33.0987 1352        W32Time - ok
15:40:34.0002 1352        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
15:40:34.0002 1352        WacomPen - ok
15:40:34.0002 1352        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:34.0049 1352        WANARP - ok
15:40:34.0049 1352        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:40:34.0096 1352        Wanarpv6 - ok
15:40:34.0127 1352        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:40:34.0143 1352        wbengine - ok
15:40:34.0158 1352        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:40:34.0174 1352        WbioSrvc - ok
15:40:34.0190 1352        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:40:34.0205 1352        wcncsvc - ok
15:40:34.0205 1352        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:40:34.0221 1352        WcsPlugInService - ok
15:40:34.0221 1352        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
15:40:34.0221 1352        Wd - ok
15:40:34.0252 1352        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:40:34.0268 1352        Wdf01000 - ok
15:40:34.0268 1352        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:34.0299 1352        WdiServiceHost - ok
15:40:34.0299 1352        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:40:34.0314 1352        WdiSystemHost - ok
15:40:34.0330 1352        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:40:34.0346 1352        WebClient - ok
15:40:34.0346 1352        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:40:34.0392 1352        Wecsvc - ok
15:40:34.0392 1352        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:40:34.0424 1352        wercplsupport - ok
15:40:34.0439 1352        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:40:34.0470 1352        WerSvc - ok
15:40:34.0470 1352        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:40:34.0502 1352        WfpLwf - ok
15:40:34.0502 1352        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:40:34.0517 1352        WIMMount - ok
15:40:34.0517 1352        WinHttpAutoProxySvc - ok
15:40:34.0533 1352        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:40:34.0564 1352        Winmgmt - ok
15:40:34.0595 1352        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:40:34.0658 1352        WinRM - ok
15:40:34.0689 1352        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:40:34.0689 1352        WinUsb - ok
15:40:34.0720 1352        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:40:34.0736 1352        Wlansvc - ok
15:40:34.0751 1352        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:40:34.0751 1352        WmiAcpi - ok
15:40:34.0767 1352        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:40:34.0767 1352        wmiApSrv - ok
15:40:34.0767 1352        WMPNetworkSvc - ok
15:40:34.0782 1352        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:40:34.0782 1352        WPCSvc - ok
15:40:34.0782 1352        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:40:34.0798 1352        WPDBusEnum - ok
15:40:34.0814 1352        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:40:34.0845 1352        ws2ifsl - ok
15:40:34.0845 1352        WSearch - ok
15:40:34.0892 1352        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
15:40:34.0938 1352        wuauserv - ok
15:40:34.0970 1352        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:40:35.0016 1352        WudfPf - ok
15:40:35.0016 1352        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:40:35.0048 1352        WUDFRd - ok
15:40:35.0063 1352        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:40:35.0094 1352        wudfsvc - ok
15:40:35.0094 1352        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:40:35.0110 1352        WwanSvc - ok
15:40:35.0126 1352        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
15:40:35.0188 1352        \Device\Harddisk0\DR0 - ok
15:40:35.0204 1352        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk1\DR1
15:40:35.0406 1352        \Device\Harddisk1\DR1 - ok
15:40:35.0422 1352        MBR (0x1B8)    (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk2\DR2
15:40:35.0703 1352        \Device\Harddisk2\DR2 - ok
15:40:35.0718 1352        MBR (0x1B8)    (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk3\DR3
15:40:35.0843 1352        \Device\Harddisk3\DR3 - ok
15:40:35.0843 1352        Boot (0x1200)  (dd2ff13e3bfc775e447d762246c17951) \Device\Harddisk0\DR0\Partition0
15:40:35.0843 1352        \Device\Harddisk0\DR0\Partition0 - ok
15:40:35.0843 1352        Boot (0x1200)  (ea53e5ba8bedebb5b7d8cee765054e0d) \Device\Harddisk0\DR0\Partition1
15:40:35.0843 1352        \Device\Harddisk0\DR0\Partition1 - ok
15:40:35.0843 1352        Boot (0x1200)  (13e918a31b083968eae1b80a0015342c) \Device\Harddisk0\DR0\Partition2
15:40:35.0843 1352        \Device\Harddisk0\DR0\Partition2 - ok
15:40:35.0843 1352        Boot (0x1200)  (2da48c7063a7c3b20610be09e88fcc9b) \Device\Harddisk1\DR1\Partition0
15:40:35.0843 1352        \Device\Harddisk1\DR1\Partition0 - ok
15:40:35.0843 1352        Boot (0x1200)  (572f46848f1f5c9dfab716d9d2a5f7be) \Device\Harddisk2\DR2\Partition0
15:40:35.0859 1352        \Device\Harddisk2\DR2\Partition0 - ok
15:40:35.0874 1352        Boot (0x1200)  (45f2922858ba887b1b11cadec108eb38) \Device\Harddisk2\DR2\Partition1
15:40:35.0874 1352        \Device\Harddisk2\DR2\Partition1 - ok
15:40:35.0874 1352        Boot (0x1200)  (7148b0ede6a33a008e6470f8da61af07) \Device\Harddisk3\DR3\Partition0
15:40:35.0874 1352        \Device\Harddisk3\DR3\Partition0 - ok
15:40:35.0874 1352        ============================================================
15:40:35.0874 1352        Scan finished
15:40:35.0874 1352        ============================================================
15:40:35.0874 1360        Detected object count: 3
15:40:35.0874 1360        Actual detected object count: 3
15:40:47.0294 1360        CPVNM ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360        CPVNM ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:40:47.0294 1360        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
15:40:47.0294 1360        SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
15:40:47.0294 1360        SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip

Psychotic 12.06.2012 15:05
Combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

NEON_MUC 12.06.2012 15:24
Na das scheint gut gelaufen zu sein...

lief einwandfrei durch und er hat einige Dateien gelöscht...


Combofix Logfile:
Code:
ComboFix 12-06-12.01 - VD 12.06.2012  16:16:41.1.12 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.24565.22874 [GMT 2:00]
ausgef¸hrt von:: c:\users\VD\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Lˆschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000004.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000004.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\000000cb.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000000.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000032.@
c:\windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\80000064.@
F:\install.exe
.
Infizierte Kopie von c:\windows\system32\services.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 09:59 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11        --------        d-----w-        c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28        --------        d-----w-        c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45        --------        d-----w-        c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12        31992        ----a-w-        c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30        --------        d-----w-        c:\program files\CopperLan
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13        8769696        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19        960000        ----a-w-        c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54        199168        ----a-w-        c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40        53248        ----a-r-        c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52        772504        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52        687504        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-12  16:20:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 14:20
.
Vor Suchlauf: 11 Verzeichnis(se), 27.183.947.776 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.914.533.376 Bytes frei
.
- - End Of File - - F5CA4B89FA1441192A0F8DDC5FE7FFB2
--- --- ---

Psychotic 12.06.2012 15:27
CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
DIRLOOK::
c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

NEON_MUC 12.06.2012 15:37
Das lief auch ohne Fehler durch...

Combofix Logfile:
Code:
ComboFix 12-06-12.01 - VD 12.06.2012  16:32:40.2.12 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.24565.22939 [GMT 2:00]
ausgef¸hrt von:: G:\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\VD\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-12 bis 2012-06-12  ))))))))))))))))))))))))))))))
.
.
2012-06-12 14:34 . 2012-06-12 14:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-12 09:59 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11        --------        d-----w-        c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28        --------        d-----w-        c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45        --------        d-----w-        c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12        31992        ----a-w-        c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30        --------        d-----w-        c:\program files\CopperLan
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13        8769696        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19        960000        ----a-w-        c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54        199168        ----a-w-        c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40        53248        ----a-r-        c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52        772504        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52        687504        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7} ----
.
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-12_14.19.59  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-21 01:08 . 2012-06-12 14:22        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-21 01:08 . 2012-06-12 14:22        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 14:19 . 2012-06-12 14:19        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-12 14:35 . 2012-06-12 14:35        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31        651450              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34        651450              c:\windows\system32\perfh009.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31        696132              c:\windows\system32\perfh007.dat
- 2011-04-12 07:43 . 2012-06-01 03:34        696132              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31        120382              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34        120382              c:\windows\system32\perfc009.dat
- 2011-04-12 07:43 . 2012-06-01 03:34        147428              c:\windows\system32\perfc007.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31        147428              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-12  16:36:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-12 14:36
ComboFix2.txt  2012-06-12 14:20
.
Vor Suchlauf: 14 Verzeichnis(se), 27.011.080.192 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.915.348.480 Bytes frei
.
- - End Of File - - 723BCE237BD1B639DF7572DF8AD67D94
--- --- ---


Danke schon mal für die Hilfe, aber ist das Thema jetzt durch?

und wenn ja, welche Einstellungen/tools/programme sind die besten um eine erneute Infizierung zu verhindern?

Gruß

Neon

Psychotic 13.06.2012 06:05
Hab ein wenig mehr Geduld - ich habe auch ein Privatleben!

Schritt 1: CF-Script


Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:
BleepingComputer.com - ForoSpyware.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
FOLDER::
c:\users\VD\AppData\Local\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}
CLEARJAVACACHE::
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
http://i266.photobucket.com/albums/i.../CFScriptB.gif
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.


Schritt 2: MBAM


Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

NEON_MUC 13.06.2012 11:11
Hat beides funktioniert, anbei die Log Dateien...

Srry für den Druck, hatte gedacht wir hätten es schon :-)

ich musste übrigens feststellen, dass fast alle services auf reaktiv stehen...
ich weiß aber nicht seit welchem schritt das so ist, war auf jeden fall nach den ersten tests noch nicht so...

Combofix Logfile:
Code:
ComboFix 12-06-12.01 - VD 13.06.2012  11:13:55.3.12 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.24565.22919 [GMT 2:00]
ausgef¸hrt von:: c:\users\VD\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\VD\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-05-13 bis 2012-06-13  ))))))))))))))))))))))))))))))
.
.
2012-06-13 09:15 . 2012-06-13 09:15        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-12 09:59 . 2012-04-04 13:56        24904        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-12 09:30 . 2012-06-12 09:59        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-11 16:11 . 2012-06-11 16:11        --------        d-----w-        c:\program files (x86)\ESET
2012-05-30 14:28 . 2012-05-30 14:28        --------        d-----w-        c:\users\VD\AppData\Roaming\Malwarebytes
2012-05-30 14:07 . 2012-05-30 14:07        --------        d-----w-        c:\programdata\Malwarebytes
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Roaming\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\users\VD\AppData\Local\Thunderbird
2012-05-29 22:52 . 2012-05-29 22:52        --------        d-----w-        c:\program files (x86)\Mozilla Thunderbird
2012-05-23 11:45 . 2012-05-23 11:45        --------        d-----w-        c:\users\VD\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-05-14 09:30 . 2012-05-14 09:39        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan Manager
2012-05-14 09:30 . 2012-05-14 09:30        --------        d-----w-        c:\users\VD\AppData\Roaming\CopperLan
2012-05-14 09:30 . 2011-09-21 14:12        31992        ----a-w-        c:\windows\system32\drivers\CHAILinkOverUSB.sys
2012-05-14 09:28 . 2012-05-14 09:30        --------        d-----w-        c:\program files\CopperLan
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-30 08:56 . 2012-05-11 14:14        70304        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-30 08:56 . 2012-05-11 14:14        419488        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-11 15:13 . 2012-05-11 15:13        8769696        ----a-w-        c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-27 15:29 . 2012-05-11 14:19        960000        ----a-w-        c:\program files (x86)\TouchOSCEditor.exe
2012-04-20 20:53 . 2012-04-20 20:54        199168        ----a-w-        c:\windows\system32\PegReg64.dll
2012-04-20 20:40 . 2012-04-20 20:40        53248        ----a-r-        c:\users\VD\AppData\Roaming\Microsoft\Installer\{656C6151-03B2-4077-8E29-0950037FC8B4}\ARPPRODUCTICON.exe
2012-04-04 16:47 . 2012-05-10 09:52        772504        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-04-04 16:47 . 2012-05-10 09:52        687504        ----a-w-        c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-06-12_14.19.59  )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-04-20 19:46 . 2012-06-12 15:20        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-20 19:46 . 2012-05-29 13:31        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-20 19:46 . 2012-05-29 13:31        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-20 19:46 . 2012-06-12 15:20        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-12 15:20        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-29 13:31        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-21 01:08 . 2012-06-13 09:11        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-21 01:08 . 2012-06-13 09:11        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-04-21 01:08 . 2012-06-12 09:14        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-12 14:19 . 2012-06-12 14:19        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-13 09:16 . 2012-06-13 09:16        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-06-01 03:34        651450              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31        651450              c:\windows\system32\perfh009.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31        696132              c:\windows\system32\perfh007.dat
- 2011-04-12 07:43 . 2012-06-01 03:34        696132              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-12 14:31        120382              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-01 03:34        120382              c:\windows\system32\perfc009.dat
- 2011-04-12 07:43 . 2012-06-01 03:34        147428              c:\windows\system32\perfc007.dat
+ 2011-04-12 07:43 . 2012-06-12 14:31        147428              c:\windows\system32\perfc007.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R4 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R4 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R4 CPVNM;CPVNM Service;c:\program files\CopperLan\CPVNM\CPVNM.exe [2012-02-15 1084928]
R4 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-12-27 378472]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R4 uvnc_service;uvnc_service;c:\program files (x86)\UltraVNC\WinVNC.exe [2012-02-14 2015968]
S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 CPoEthProt;CopperLan over Ethernet Protocol Driver;c:\windows\system32\DRIVERS\CPoEthProt.sys [x]
S3 CPVMidi;CopperLan Virtual Midi Driver Service;c:\windows\system32\DRIVERS\CPVMidi.sys [x]
S3 e1qexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver Q;c:\windows\system32\DRIVERS\e1q62x64.sys [x]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 SaiK0CD5;SaiK0CD5;c:\windows\system32\DRIVERS\SaiK0CD5.sys [x]
S3 SaiU0CD5;SaiU0CD5;c:\windows\system32\DRIVERS\SaiU0CD5.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
------- Zus‰tzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: Interfaces\{1A534221-FA4A-4F9E-BF37-B3251CD45298}: NameServer = 192.168.1.1
TCP: Interfaces\{2AE774EF-AF85-4F74-B82B-FDB9F96B78E8}: NameServer = 192.168.1.1
FF - ProfilePath - c:\users\VD\AppData\Roaming\Mozilla\Firefox\Profiles\jl8okgrm.default\
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-13  11:17:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-13 09:17
ComboFix2.txt  2012-06-12 14:36
ComboFix3.txt  2012-06-12 14:20
.
Vor Suchlauf: 14 Verzeichnis(se), 26.702.008.320 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 26.613.030.912 Bytes frei
.
- - End Of File - - 72C3C08013790D0F3A0640709367CF50
--- --- ---

Malwarebytes Log

Code:

Malwarebytes Anti-Malware (PRO) 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.06.12.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
VD :: VDC [Administrator]

Schutz: Deaktiviert

13.06.2012 11:20:08
mbam-log-2012-06-13 (11-20-08).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 739505
Laufzeit: 43 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Qoobox\Quarantine\C\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\L\00000008.@.vir (Trojan.BitMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Windows\Installer\{bd88c031-bed1-daf1-9bce-e96ac356f0c7}\U\00000008.@.vir (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Psychotic 13.06.2012 11:16
Zitat:
ich musste übrigens feststellen, dass fast alle services auf reaktiv stehen.
Was meinst du denn DAMIT? :balla:

NEON_MUC 13.06.2012 11:31
tippfehler... :-)

services.msc -> ca 75% der Dienste sind deaktiviert... dadurch funktionieren halt viele Sachen nicht... Netzwerkverbindungen etc. ist das normal durch die Reparaturen???

Psychotic 13.06.2012 12:54
Du hast momentan keine Internetverbindung, oder was willst du mir damit sagen? :confused:

NEON_MUC 13.06.2012 12:58
das war nur eine nebenfrage, ob das von der Bereinigung kommt???
ich werd einfach alle Dienste wieder vernünftig einstellen, dann wird schon wieder alles gehen...

sind ansonsten jetzt alle Bösewichte weg?

Psychotic 13.06.2012 13:05
Das Problem ist, dass dieser Schädling dafür bekannt ist, in manchen Fällen den TCP-Stack zu versauen - was in einer nicht mehr vorhandenen Netzwerkverbindung resultiert!


FSS


Downloade dir bitte Farbar's Service Scanner
  • Starte das Tool mit Doppelklick auf die FSS.exe
  • Gehe sicher, dass folgende Optionen angehakt sind.
    • Internet Services
    • Windows Firewall
    • System Restore
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.
Poste bitte den Inhalt hier.

NEON_MUC 14.06.2012 09:08
Code:
Farbar Service Scanner Version: 09-06-2012
Ran by VD (administrator) on 14-06-2012 at 10:07:06
Running from "C:\Users\VD\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dnscache Service is not running. Checking service configuration:
The start type of Dnscache service is set to Disabled. The default start type is Auto.
The ImagePath of Dnscache service is OK.
The ServiceDll of Dnscache service is OK.

Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is set to Disabled. The default start type is Auto.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

Nsi Service is not running. Checking service configuration:
The start type of Nsi service is set to Disabled. The default start type is Auto.
The ImagePath of Nsi service is OK.
The ServiceDll of Nsi service is OK.


Connection Status:
==============
Attempt to access Local Host IP returned error: Localhost is blokked: Other errors
LAN connected.
Attempt to access Google IP returned error: Other errors
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
The start type of SDRSVC service is set to Disabled. The default start type is 3.
The ImagePath of SDRSVC service is OK.
The ServiceDll of SDRSVC service is OK.


System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Disabled. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

EventSystem Service is not running. Checking service configuration:
The start type of EventSystem service is set to Disabled. The default start type is Auto.
The ImagePath of EventSystem service is OK.
The ServiceDll of EventSystem service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 0499712 ____A (Microsoft Corporation) D31DC7A16DEA4A9BAF179F3D6FBDB38C

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2010-11-21 05:24] - [2010-11-21 05:24] - 1924480 ____A (Microsoft Corporation) 509383E505C973ED7534A06B3D19688D

C:\Windows\System32\dnsrslvr.dll
[2010-11-21 05:24] - [2010-11-21 05:24] - 0183296 ____A (Microsoft Corporation) CD55F5355D8F55D44C9F4ED875705BD6

C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:13 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131