Malware TR/Rogue.kdv.663444' [trojan] + andere Meldungen

Kingdom1543 · 10.07.2012, 16:15

Mir ist leider ein Fehler unterlaufen als ich deine Code-Box in OTL kopiert habe, vergaß ich das Pseudonym "Tismo" wieder in die ursprüngliche Bezeichnung zu ändern. Ich habe Fix ausgeführt und OTL gab danach dieses Log aus:

Code:

ATTFilter

Files\Folders moved on Reboot...
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\60EB6645. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\6FFFAE0. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\D3FB8717. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_C72B5199-8FB5-4625-8D4B-7FA9403D9488.0\33B9134E. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_7226A8FF-D5E3-40F7-A99D-3FBC9CFF3CCF.0\E64E8F7B. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_1D27D6FA-36B3-44F9-8FFB-D29EDBF23505.0\40090B1D. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\336301CB. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\B59C51C4. not found!

PendingFileRenameOperations files...
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\60EB6645. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\6FFFAE0. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\D3FB8717. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_C72B5199-8FB5-4625-8D4B-7FA9403D9488.0\33B9134E. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_7226A8FF-D5E3-40F7-A99D-3FBC9CFF3CCF.0\E64E8F7B. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_1D27D6FA-36B3-44F9-8FFB-D29EDBF23505.0\40090B1D. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\336301CB. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\B59C51C4. not found!

Registry entries deleted on Reboot...

Als ich den Fehler bemerkte, lies ich das System auf den - gestern von OTL erstellten - Restorepoint zurücksetzten, worauf sich gewisse "neue" Dateien und Ordner auf meinem Bilderschirm, sowie in meinen "eigenen Dateien" befand. Diese habe ich als Bild angehängt.

Anschließend habe ich dann erneut OTL gestartet und diesmal "Tismo" in die richtige Bezeichnung geändert. Neustart des PC's, (die "neuen" Dateien waren daraufhin verschwunden) sowie folgendes OTL-Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3309158603-422210541-2167690309-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\HKCU deleted successfully.
C:\Windows\SysWOW64\oobe\info\HKCU.vbs moved successfully.
Registry value HKEY_USERS\S-1-5-21-3309158603-422210541-2167690309-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3309158603-422210541-2167690309-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Screensaver deleted successfully.
C:\Windows\Web\Wallpaper\MEDION\start.vbs moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
File\Folder C:\xmldm not found.
C:\Users\Tismo\AppData\Roaming\UAs folder moved successfully.
C:\Users\Tismo\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Tismo\AppData\Roaming\kock folder moved successfully.
C:\Users\Tismo\AppData\Roaming\Moxuz folder moved successfully.
C:\Users\Tismo\AppData\Roaming\Adkoe folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
->Flash cache emptied: 53632 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tismo
->Temp folder emptied: 1087323 bytes
->Temporary Internet Files folder emptied: 143756439 bytes
->Java cache emptied: 1572594 bytes
->Flash cache emptied: 56991 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1153510 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 595968 bytes
 
Total Files Cleaned = 142,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Tismo
->Flash cache emptied: 0 bytes
 
User: UpdatusUser
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.53.1 log created on 07102012_164524

Files\Folders moved on Reboot...
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\60EB6645. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\6FFFAE0. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\D3FB8717. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_C72B5199-8FB5-4625-8D4B-7FA9403D9488.0\33B9134E. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_7226A8FF-D5E3-40F7-A99D-3FBC9CFF3CCF.0\E64E8F7B. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_1D27D6FA-36B3-44F9-8FFB-D29EDBF23505.0\40090B1D. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\336301CB. not found!
File\Folder C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\B59C51C4. not found!
C:\Users\Tismo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\60EB6645. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\6FFFAE0. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_CA14190D-1265-4BF0-9418-B21B8912E87F.0\D3FB8717. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_C72B5199-8FB5-4625-8D4B-7FA9403D9488.0\33B9134E. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_7226A8FF-D5E3-40F7-A99D-3FBC9CFF3CCF.0\E64E8F7B. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_1D27D6FA-36B3-44F9-8FFB-D29EDBF23505.0\40090B1D. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\336301CB. not found!
File C:\Users\Tismo\AppData\Local\Temp\OICE_092ABB29-60AC-4884-B58E-AFCE9CE93E22.0\B59C51C4. not found!
File C:\Users\Tismo\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

Ich hoffe ich habe durch den Fehler nichts an meinem Pc beschädigt.

Mein Pc meldet nun noch das neue Updates von Windows verfügbar sind. Soll ich diese herunterladen (bzw. wird automatisch gemacht, wenn ich den Pc herunterfahre) oder versuchen, das Update nicht zu laden?

Des weiteren möchte ich mich für deine bisherige Hilfe bedanken!

cosinus · 10.07.2012, 21:20

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

Kingdom1543 · 11.07.2012, 10:13

Hier die Log von AdwCleaner:

Code:

ATTFilter

# AdwCleaner v1.701 - Logfile created 07/11/2012 at 11:11:52
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Tismo - TISMO-PC
# Running from : C:\Users\Tismo\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [525 octets] - [11/07/2012 11:11:52]

########## EOF - C:\AdwCleaner[R1].txt - [652 octets] ##########

cosinus · 11.07.2012, 12:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Kingdom1543 · 11.07.2012, 12:37

Hier das Kaspersky Log:

Code:

ATTFilter

13:31:47.0656 6100	TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
13:31:47.0859 6100	============================================================
13:31:47.0859 6100	Current date / time: 2012/07/11 13:31:47.0859
13:31:47.0859 6100	SystemInfo:
13:31:47.0859 6100	
13:31:47.0859 6100	OS Version: 6.1.7601 ServicePack: 1.0
13:31:47.0859 6100	Product type: Workstation
13:31:47.0859 6100	ComputerName: TISMO-PC
13:31:47.0859 6100	UserName: Tismo
13:31:47.0859 6100	Windows directory: C:\Windows
13:31:47.0859 6100	System windows directory: C:\Windows
13:31:47.0859 6100	Running under WOW64
13:31:47.0859 6100	Processor architecture: Intel x64
13:31:47.0859 6100	Number of processors: 4
13:31:47.0859 6100	Page size: 0x1000
13:31:47.0859 6100	Boot type: Normal boot
13:31:47.0859 6100	============================================================
13:31:48.0327 6100	Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:31:48.0421 6100	============================================================
13:31:48.0421 6100	\Device\Harddisk0\DR0:
13:31:48.0421 6100	MBR partitions:
13:31:48.0421 6100	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:31:48.0421 6100	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE27D5800
13:31:48.0421 6100	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xE2808000, BlocksNum 0x6400000
13:31:48.0421 6100	============================================================
13:31:48.0452 6100	C: <-> \Device\Harddisk0\DR0\Partition1
13:31:48.0499 6100	D: <-> \Device\Harddisk0\DR0\Partition2
13:31:48.0499 6100	============================================================
13:31:48.0499 6100	Initialize success
13:31:48.0499 6100	============================================================
13:31:59.0980 3696	============================================================
13:31:59.0980 3696	Scan started
13:31:59.0980 3696	Mode: Manual; SigCheck; TDLFS; 
13:31:59.0980 3696	============================================================
13:32:00.0885 3696	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:32:00.0994 3696	1394ohci - ok
13:32:01.0026 3696	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:32:01.0041 3696	ACPI - ok
13:32:01.0057 3696	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:32:01.0182 3696	AcpiPmi - ok
13:32:01.0275 3696	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:32:01.0275 3696	AdobeARMservice - ok
13:32:01.0306 3696	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:32:01.0338 3696	adp94xx - ok
13:32:01.0384 3696	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:32:01.0416 3696	adpahci - ok
13:32:01.0447 3696	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:32:01.0462 3696	adpu320 - ok
13:32:01.0478 3696	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:32:01.0634 3696	AeLookupSvc - ok
13:32:01.0681 3696	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:32:01.0759 3696	AFD - ok
13:32:01.0790 3696	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:32:01.0790 3696	agp440 - ok
13:32:01.0806 3696	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:32:01.0915 3696	ALG - ok
13:32:01.0930 3696	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:32:01.0946 3696	aliide - ok
13:32:01.0977 3696	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:32:01.0993 3696	amdide - ok
13:32:02.0008 3696	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:32:02.0040 3696	AmdK8 - ok
13:32:02.0086 3696	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:32:02.0196 3696	AmdPPM - ok
13:32:02.0258 3696	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:32:02.0274 3696	amdsata - ok
13:32:02.0289 3696	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:32:02.0305 3696	amdsbs - ok
13:32:02.0336 3696	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:32:02.0352 3696	amdxata - ok
13:32:02.0430 3696	AntiVirFirewallService (6acc11e9d2f01c88251123d26c1c5489) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
13:32:02.0461 3696	AntiVirFirewallService - ok
13:32:02.0492 3696	AntiVirMailService (b7fa28aefa586fb5a04876c7b31d03e6) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
13:32:02.0508 3696	AntiVirMailService - ok
13:32:02.0539 3696	AntiVirSchedulerService (2e35310d600f4cc64624786a813a041e) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
13:32:02.0539 3696	AntiVirSchedulerService - ok
13:32:02.0570 3696	AntiVirService  (984102b9e2f6513008ed4e0c5ac4151d) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
13:32:02.0570 3696	AntiVirService - ok
13:32:02.0586 3696	AntiVirWebService (9bc7247fd7379307bcff92cf8eb64b87) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
13:32:02.0601 3696	AntiVirWebService - ok
13:32:02.0695 3696	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:32:02.0835 3696	AppID - ok
13:32:02.0866 3696	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:32:02.0944 3696	AppIDSvc - ok
13:32:02.0960 3696	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:32:03.0022 3696	Appinfo - ok
13:32:03.0163 3696	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:32:03.0163 3696	Apple Mobile Device - ok
13:32:03.0194 3696	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:32:03.0210 3696	arc - ok
13:32:03.0225 3696	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:32:03.0225 3696	arcsas - ok
13:32:03.0256 3696	asmthub3        (0aa7a996792fb0287b33a57a8093ae44) C:\Windows\system32\drivers\asmthub3.sys
13:32:03.0397 3696	asmthub3 - ok
13:32:03.0444 3696	asmtxhci        (125dc3abf5bfccfe82ad17d078e0b9ec) C:\Windows\system32\drivers\asmtxhci.sys
13:32:03.0522 3696	asmtxhci - ok
13:32:03.0553 3696	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:32:03.0631 3696	AsyncMac - ok
13:32:03.0678 3696	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:32:03.0678 3696	atapi - ok
13:32:03.0724 3696	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:03.0818 3696	AudioEndpointBuilder - ok
13:32:03.0818 3696	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:32:03.0849 3696	AudioSrv - ok
13:32:03.0865 3696	avfwim          (f3a3859d006783a0e0d40e227e52c35c) C:\Windows\system32\DRIVERS\avfwim.sys
13:32:03.0880 3696	avfwim - ok
13:32:03.0912 3696	avfwot          (bc06315a7bdbcad0c7719d1c1306a4db) C:\Windows\system32\DRIVERS\avfwot.sys
13:32:03.0927 3696	avfwot - ok
13:32:03.0943 3696	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
13:32:03.0958 3696	avgntflt - ok
13:32:03.0974 3696	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
13:32:03.0990 3696	avipbb - ok
13:32:04.0005 3696	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
13:32:04.0021 3696	avkmgr - ok
13:32:04.0036 3696	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:32:04.0130 3696	AxInstSV - ok
13:32:04.0161 3696	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:32:04.0270 3696	b06bdrv - ok
13:32:04.0317 3696	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:32:04.0364 3696	b57nd60a - ok
13:32:04.0411 3696	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:32:04.0473 3696	BDESVC - ok
13:32:04.0489 3696	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:32:04.0567 3696	Beep - ok
13:32:04.0629 3696	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:32:04.0723 3696	BFE - ok
13:32:04.0770 3696	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
13:32:04.0863 3696	BITS - ok
13:32:04.0941 3696	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
13:32:04.0988 3696	blbdrive - ok
13:32:05.0066 3696	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:32:05.0082 3696	Bonjour Service - ok
13:32:05.0113 3696	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:32:05.0191 3696	bowser - ok
13:32:05.0206 3696	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:32:05.0253 3696	BrFiltLo - ok
13:32:05.0300 3696	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:32:05.0331 3696	BrFiltUp - ok
13:32:05.0378 3696	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:32:05.0440 3696	Browser - ok
13:32:05.0472 3696	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:32:05.0550 3696	Brserid - ok
13:32:05.0581 3696	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:32:05.0612 3696	BrSerWdm - ok
13:32:05.0659 3696	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:32:05.0721 3696	BrUsbMdm - ok
13:32:05.0752 3696	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:32:05.0799 3696	BrUsbSer - ok
13:32:05.0893 3696	BrYNSvc         (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files (x86)\Browny02\BrYNSvc.exe
13:32:05.0955 3696	BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
13:32:05.0955 3696	BrYNSvc - detected UnsignedFile.Multi.Generic (1)
13:32:06.0002 3696	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:32:06.0049 3696	BTHMODEM - ok
13:32:06.0111 3696	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:32:06.0158 3696	bthserv - ok
13:32:06.0205 3696	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:32:06.0283 3696	cdfs - ok
13:32:06.0345 3696	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:32:06.0392 3696	cdrom - ok
13:32:06.0423 3696	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:32:06.0486 3696	CertPropSvc - ok
13:32:06.0548 3696	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:32:06.0579 3696	circlass - ok
13:32:06.0642 3696	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:32:06.0657 3696	CLFS - ok
13:32:06.0704 3696	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:32:06.0720 3696	clr_optimization_v2.0.50727_32 - ok
13:32:06.0766 3696	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:32:06.0766 3696	clr_optimization_v2.0.50727_64 - ok
13:32:07.0141 3696	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:32:07.0156 3696	clr_optimization_v4.0.30319_32 - ok
13:32:07.0188 3696	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:32:07.0188 3696	clr_optimization_v4.0.30319_64 - ok
13:32:07.0219 3696	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
13:32:07.0266 3696	CmBatt - ok
13:32:07.0297 3696	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:32:07.0312 3696	cmdide - ok
13:32:07.0359 3696	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
13:32:07.0390 3696	CNG - ok
13:32:07.0406 3696	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
13:32:07.0422 3696	Compbatt - ok
13:32:07.0437 3696	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
13:32:07.0468 3696	CompositeBus - ok
13:32:07.0468 3696	COMSysApp - ok
13:32:07.0515 3696	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:32:07.0531 3696	crcdisk - ok
13:32:07.0562 3696	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:32:07.0624 3696	CryptSvc - ok
13:32:07.0749 3696	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
13:32:07.0780 3696	cvhsvc - ok
13:32:07.0812 3696	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:32:07.0890 3696	DcomLaunch - ok
13:32:07.0952 3696	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:32:08.0014 3696	defragsvc - ok
13:32:08.0108 3696	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:32:08.0170 3696	DfsC - ok
13:32:08.0202 3696	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:32:08.0280 3696	Dhcp - ok
13:32:08.0326 3696	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:32:08.0389 3696	discache - ok
13:32:08.0451 3696	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:32:08.0467 3696	Disk - ok
13:32:08.0498 3696	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:32:08.0560 3696	Dnscache - ok
13:32:08.0592 3696	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:32:08.0670 3696	dot3svc - ok
13:32:08.0716 3696	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:32:08.0794 3696	DPS - ok
13:32:08.0841 3696	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:32:08.0888 3696	drmkaud - ok
13:32:08.0935 3696	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:32:08.0966 3696	DXGKrnl - ok
13:32:08.0982 3696	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:32:09.0028 3696	EapHost - ok
13:32:09.0153 3696	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:32:09.0231 3696	ebdrv - ok
13:32:09.0309 3696	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:32:09.0387 3696	EFS - ok
13:32:09.0434 3696	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:32:09.0512 3696	ehRecvr - ok
13:32:09.0528 3696	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:32:09.0574 3696	ehSched - ok
13:32:09.0652 3696	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:32:09.0684 3696	elxstor - ok
13:32:09.0699 3696	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:32:09.0746 3696	ErrDev - ok
13:32:09.0793 3696	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:32:09.0871 3696	EventSystem - ok
13:32:09.0886 3696	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:32:09.0964 3696	exfat - ok
13:32:09.0980 3696	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:32:10.0027 3696	fastfat - ok
13:32:10.0074 3696	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:32:10.0167 3696	Fax - ok
13:32:10.0183 3696	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:32:10.0230 3696	fdc - ok
13:32:10.0261 3696	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:32:10.0323 3696	fdPHost - ok
13:32:10.0354 3696	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:32:10.0417 3696	FDResPub - ok
13:32:10.0464 3696	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:32:10.0479 3696	FileInfo - ok
13:32:10.0479 3696	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:32:10.0557 3696	Filetrace - ok
13:32:10.0604 3696	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:32:10.0635 3696	flpydisk - ok
13:32:10.0682 3696	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:32:10.0698 3696	FltMgr - ok
13:32:10.0744 3696	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:32:10.0854 3696	FontCache - ok
13:32:10.0900 3696	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:32:10.0916 3696	FontCache3.0.0.0 - ok
13:32:10.0947 3696	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:32:10.0963 3696	FsDepends - ok
13:32:10.0994 3696	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:32:11.0010 3696	Fs_Rec - ok
13:32:11.0025 3696	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:32:11.0056 3696	fvevol - ok
13:32:11.0072 3696	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:32:11.0088 3696	gagp30kx - ok
13:32:11.0103 3696	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:32:11.0103 3696	GEARAspiWDM - ok
13:32:11.0150 3696	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:32:11.0228 3696	gpsvc - ok
13:32:11.0259 3696	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:32:11.0322 3696	hcw85cir - ok
13:32:11.0368 3696	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:32:11.0415 3696	HdAudAddService - ok
13:32:11.0446 3696	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
13:32:11.0493 3696	HDAudBus - ok
13:32:11.0524 3696	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:32:11.0556 3696	HidBatt - ok
13:32:11.0602 3696	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:32:11.0634 3696	HidBth - ok
13:32:11.0680 3696	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:32:11.0712 3696	HidIr - ok
13:32:11.0727 3696	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
13:32:11.0790 3696	hidserv - ok
13:32:11.0821 3696	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:32:11.0836 3696	HidUsb - ok
13:32:11.0852 3696	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:32:11.0914 3696	hkmsvc - ok
13:32:11.0946 3696	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:32:12.0024 3696	HomeGroupListener - ok
13:32:12.0039 3696	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:32:12.0086 3696	HomeGroupProvider - ok
13:32:12.0133 3696	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:32:12.0148 3696	HpSAMD - ok
13:32:12.0180 3696	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:32:12.0242 3696	HTTP - ok
13:32:12.0273 3696	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:32:12.0289 3696	hwpolicy - ok
13:32:12.0320 3696	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
13:32:12.0336 3696	i8042prt - ok
13:32:12.0367 3696	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
13:32:12.0382 3696	iaStor - ok
13:32:12.0460 3696	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
13:32:12.0460 3696	IAStorDataMgrSvc - ok
13:32:12.0507 3696	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:32:12.0523 3696	iaStorV - ok
13:32:12.0601 3696	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:32:12.0632 3696	idsvc - ok
13:32:12.0819 3696	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:32:13.0006 3696	igfx - ok
13:32:13.0100 3696	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:32:13.0116 3696	iirsp - ok
13:32:13.0147 3696	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:32:13.0240 3696	IKEEXT - ok
13:32:13.0365 3696	IntcAzAudAddService (8f6ed52134ebb4ce2953ec37c9275497) C:\Windows\system32\drivers\RTKVHD64.sys
13:32:13.0428 3696	IntcAzAudAddService - ok
13:32:13.0474 3696	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:32:13.0490 3696	intelide - ok
13:32:13.0521 3696	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:32:13.0552 3696	intelppm - ok
13:32:13.0615 3696	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:32:13.0677 3696	IPBusEnum - ok
13:32:13.0708 3696	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:32:13.0771 3696	IpFilterDriver - ok
13:32:13.0818 3696	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:32:13.0864 3696	iphlpsvc - ok
13:32:13.0880 3696	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:32:13.0927 3696	IPMIDRV - ok
13:32:13.0974 3696	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:32:14.0036 3696	IPNAT - ok
13:32:14.0114 3696	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:32:14.0145 3696	iPod Service - ok
13:32:14.0161 3696	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:32:14.0208 3696	IRENUM - ok
13:32:14.0239 3696	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:32:14.0254 3696	isapnp - ok
13:32:14.0286 3696	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:32:14.0301 3696	iScsiPrt - ok
13:32:14.0332 3696	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:32:14.0332 3696	kbdclass - ok
13:32:14.0348 3696	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:32:14.0379 3696	kbdhid - ok
13:32:14.0426 3696	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:14.0442 3696	KeyIso - ok
13:32:14.0442 3696	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
13:32:14.0457 3696	KSecDD - ok
13:32:14.0473 3696	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
13:32:14.0488 3696	KSecPkg - ok
13:32:14.0504 3696	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:32:14.0551 3696	ksthunk - ok
13:32:14.0598 3696	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:32:14.0676 3696	KtmRm - ok
13:32:14.0769 3696	L4301_Solar     (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
13:32:14.0785 3696	L4301_Solar - ok
13:32:14.0816 3696	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
13:32:14.0878 3696	LanmanServer - ok
13:32:14.0925 3696	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:32:14.0972 3696	LanmanWorkstation - ok
13:32:15.0081 3696	LBTServ         (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
13:32:15.0097 3696	LBTServ - ok
13:32:15.0144 3696	LEqdUsb         (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
13:32:15.0159 3696	LEqdUsb - ok
13:32:15.0175 3696	LHidEqd         (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
13:32:15.0175 3696	LHidEqd - ok
13:32:15.0190 3696	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
13:32:15.0206 3696	LHidFilt - ok
13:32:15.0253 3696	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:32:15.0300 3696	lltdio - ok
13:32:15.0346 3696	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:32:15.0424 3696	lltdsvc - ok
13:32:15.0456 3696	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:32:15.0518 3696	lmhosts - ok
13:32:15.0549 3696	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
13:32:15.0549 3696	LMouFilt - ok
13:32:15.0627 3696	LMS             (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:32:15.0643 3696	LMS - ok
13:32:15.0674 3696	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:32:15.0690 3696	LSI_FC - ok
13:32:15.0705 3696	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:32:15.0721 3696	LSI_SAS - ok
13:32:15.0752 3696	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:32:15.0768 3696	LSI_SAS2 - ok
13:32:15.0783 3696	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:32:15.0799 3696	LSI_SCSI - ok
13:32:15.0830 3696	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:32:15.0908 3696	luafv - ok
13:32:15.0955 3696	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:32:15.0986 3696	Mcx2Svc - ok
13:32:16.0017 3696	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:32:16.0033 3696	megasas - ok
13:32:16.0048 3696	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:32:16.0064 3696	MegaSR - ok
13:32:16.0095 3696	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
13:32:16.0095 3696	MEIx64 - ok
13:32:16.0111 3696	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:16.0173 3696	MMCSS - ok
13:32:16.0204 3696	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:32:16.0267 3696	Modem - ok
13:32:16.0298 3696	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:32:16.0345 3696	monitor - ok
13:32:16.0392 3696	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:32:16.0407 3696	mouclass - ok
13:32:16.0423 3696	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:32:16.0470 3696	mouhid - ok
13:32:16.0501 3696	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:32:16.0516 3696	mountmgr - ok
13:32:16.0532 3696	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:32:16.0548 3696	mpio - ok
13:32:16.0579 3696	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:32:16.0626 3696	mpsdrv - ok
13:32:16.0641 3696	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
13:32:16.0688 3696	MpsSvc - ok
13:32:16.0704 3696	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:32:16.0735 3696	MRxDAV - ok
13:32:16.0782 3696	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:32:16.0860 3696	mrxsmb - ok
13:32:16.0891 3696	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:32:16.0922 3696	mrxsmb10 - ok
13:32:16.0969 3696	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:32:17.0000 3696	mrxsmb20 - ok
13:32:17.0047 3696	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:32:17.0062 3696	msahci - ok
13:32:17.0078 3696	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:32:17.0094 3696	msdsm - ok
13:32:17.0140 3696	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:32:17.0187 3696	MSDTC - ok
13:32:17.0234 3696	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:32:17.0296 3696	Msfs - ok
13:32:17.0343 3696	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:32:17.0374 3696	mshidkmdf - ok
13:32:17.0390 3696	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:32:17.0390 3696	msisadrv - ok
13:32:17.0421 3696	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:32:17.0468 3696	MSiSCSI - ok
13:32:17.0468 3696	msiserver - ok
13:32:17.0499 3696	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:32:17.0530 3696	MSKSSRV - ok
13:32:17.0530 3696	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:32:17.0608 3696	MSPCLOCK - ok
13:32:17.0608 3696	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:32:17.0655 3696	MSPQM - ok
13:32:17.0686 3696	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:32:17.0702 3696	MsRPC - ok
13:32:17.0718 3696	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
13:32:17.0733 3696	mssmbios - ok
13:32:17.0733 3696	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:32:17.0780 3696	MSTEE - ok
13:32:17.0827 3696	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:32:17.0874 3696	MTConfig - ok
13:32:17.0905 3696	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:32:17.0920 3696	Mup - ok
13:32:17.0936 3696	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:32:18.0014 3696	napagent - ok
13:32:18.0045 3696	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:32:18.0108 3696	NativeWifiP - ok
13:32:18.0154 3696	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:32:18.0186 3696	NDIS - ok
13:32:18.0201 3696	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:32:18.0248 3696	NdisCap - ok
13:32:18.0279 3696	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:32:18.0326 3696	NdisTapi - ok
13:32:18.0357 3696	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:32:18.0420 3696	Ndisuio - ok
13:32:18.0451 3696	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:32:18.0529 3696	NdisWan - ok
13:32:18.0560 3696	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:32:18.0638 3696	NDProxy - ok
13:32:18.0669 3696	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:32:18.0716 3696	NetBIOS - ok
13:32:18.0732 3696	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:32:18.0778 3696	NetBT - ok
13:32:18.0810 3696	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:18.0825 3696	Netlogon - ok
13:32:18.0856 3696	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:32:18.0934 3696	Netman - ok
13:32:18.0966 3696	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:32:19.0012 3696	netprofm - ok
13:32:19.0090 3696	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:32:19.0106 3696	NetTcpPortSharing - ok
13:32:19.0137 3696	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:32:19.0153 3696	nfrd960 - ok
13:32:19.0184 3696	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:32:19.0246 3696	NlaSvc - ok
13:32:19.0293 3696	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:32:19.0324 3696	Npfs - ok
13:32:19.0340 3696	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:32:19.0387 3696	nsi - ok
13:32:19.0418 3696	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:32:19.0496 3696	nsiproxy - ok
13:32:19.0574 3696	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:32:19.0636 3696	Ntfs - ok
13:32:19.0683 3696	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:32:19.0746 3696	Null - ok
13:32:19.0808 3696	NVHDA           (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
13:32:19.0824 3696	NVHDA - ok
13:32:20.0167 3696	nvlddmkm        (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:32:20.0416 3696	nvlddmkm - ok
13:32:20.0479 3696	nvpciflt - ok
13:32:20.0494 3696	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:32:20.0510 3696	nvraid - ok
13:32:20.0541 3696	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:32:20.0557 3696	nvstor - ok
13:32:20.0604 3696	nvsvc           (39f933ca2798156b0b7a19d104b73b9a) C:\Windows\system32\nvvsvc.exe
13:32:20.0619 3696	nvsvc - ok
13:32:20.0728 3696	nvUpdatusService (4e5c5d88eb0a8d21824d5a3eb7327e69) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:32:20.0806 3696	nvUpdatusService - ok
13:32:20.0853 3696	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:32:20.0869 3696	nv_agp - ok
13:32:20.0884 3696	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:32:20.0931 3696	ohci1394 - ok
13:32:20.0994 3696	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:32:21.0009 3696	ose - ok
13:32:21.0181 3696	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:32:21.0290 3696	osppsvc - ok
13:32:21.0368 3696	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:21.0446 3696	p2pimsvc - ok
13:32:21.0477 3696	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:32:21.0524 3696	p2psvc - ok
13:32:21.0586 3696	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:32:21.0618 3696	Parport - ok
13:32:21.0664 3696	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:32:21.0680 3696	partmgr - ok
13:32:21.0680 3696	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:32:21.0727 3696	PcaSvc - ok
13:32:21.0758 3696	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:32:21.0774 3696	pci - ok
13:32:21.0789 3696	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:32:21.0805 3696	pciide - ok
13:32:21.0836 3696	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:32:21.0852 3696	pcmcia - ok
13:32:21.0867 3696	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:32:21.0883 3696	pcw - ok
13:32:21.0914 3696	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:32:21.0945 3696	PEAUTH - ok
13:32:21.0992 3696	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:32:22.0023 3696	PerfHost - ok
13:32:22.0101 3696	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:32:22.0210 3696	pla - ok
13:32:22.0257 3696	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:32:22.0335 3696	PlugPlay - ok
13:32:22.0335 3696	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:32:22.0382 3696	PNRPAutoReg - ok
13:32:22.0413 3696	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:32:22.0429 3696	PNRPsvc - ok
13:32:22.0460 3696	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:32:22.0522 3696	PolicyAgent - ok
13:32:22.0554 3696	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:32:22.0616 3696	Power - ok
13:32:22.0678 3696	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:32:22.0756 3696	PptpMiniport - ok
13:32:22.0788 3696	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:32:22.0834 3696	Processor - ok
13:32:22.0881 3696	ProfSvc         (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:32:22.0944 3696	ProfSvc - ok
13:32:22.0975 3696	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:22.0975 3696	ProtectedStorage - ok
13:32:22.0990 3696	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:32:23.0068 3696	Psched - ok
13:32:23.0146 3696	PSI_SVC_2       (543a4ef0923bf70d126625b034ef25af) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
13:32:23.0162 3696	PSI_SVC_2 - ok
13:32:23.0240 3696	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:32:23.0287 3696	ql2300 - ok
13:32:23.0365 3696	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:32:23.0380 3696	ql40xx - ok
13:32:23.0412 3696	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:32:23.0427 3696	QWAVE - ok
13:32:23.0443 3696	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:32:23.0490 3696	QWAVEdrv - ok
13:32:23.0521 3696	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:32:23.0583 3696	RasAcd - ok
13:32:23.0614 3696	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:32:23.0661 3696	RasAgileVpn - ok
13:32:23.0677 3696	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:32:23.0739 3696	RasAuto - ok
13:32:23.0770 3696	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:32:23.0833 3696	Rasl2tp - ok
13:32:23.0880 3696	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:32:23.0942 3696	RasMan - ok
13:32:23.0973 3696	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:32:24.0004 3696	RasPppoe - ok
13:32:24.0020 3696	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:32:24.0082 3696	RasSstp - ok
13:32:24.0129 3696	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:32:24.0176 3696	rdbss - ok
13:32:24.0192 3696	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
13:32:24.0238 3696	rdpbus - ok
13:32:24.0285 3696	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:32:24.0348 3696	RDPCDD - ok
13:32:24.0379 3696	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:32:24.0441 3696	RDPENCDD - ok
13:32:24.0472 3696	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:32:24.0519 3696	RDPREFMP - ok
13:32:24.0535 3696	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:32:24.0613 3696	RDPWD - ok
13:32:24.0644 3696	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:32:24.0660 3696	rdyboost - ok
13:32:24.0675 3696	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:32:24.0753 3696	RemoteAccess - ok
13:32:24.0800 3696	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:32:24.0862 3696	RemoteRegistry - ok
13:32:24.0909 3696	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:32:24.0940 3696	RpcEptMapper - ok
13:32:24.0956 3696	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:32:25.0003 3696	RpcLocator - ok
13:32:25.0050 3696	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:32:25.0081 3696	RpcSs - ok
13:32:25.0096 3696	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:32:25.0143 3696	rspndr - ok
13:32:25.0190 3696	RTL8167         (e50cfb92986dcab49de93788fd695813) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:32:25.0221 3696	RTL8167 - ok
13:32:25.0268 3696	RTL8192su       (b3f36b4b3f192ea87ddc119f3a0b3e45) C:\Windows\system32\DRIVERS\RTL8192su.sys
13:32:25.0299 3696	RTL8192su - ok
13:32:25.0315 3696	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:25.0315 3696	SamSs - ok
13:32:25.0330 3696	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:32:25.0346 3696	sbp2port - ok
13:32:25.0362 3696	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:32:25.0393 3696	SCardSvr - ok
13:32:25.0408 3696	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:32:25.0471 3696	scfilter - ok
13:32:25.0518 3696	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:32:25.0596 3696	Schedule - ok
13:32:25.0642 3696	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:32:25.0674 3696	SCPolicySvc - ok
13:32:25.0689 3696	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:32:25.0752 3696	SDRSVC - ok
13:32:25.0783 3696	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:32:25.0845 3696	secdrv - ok
13:32:25.0861 3696	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:32:25.0923 3696	seclogon - ok
13:32:25.0954 3696	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:32:25.0986 3696	SENS - ok
13:32:26.0001 3696	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:32:26.0064 3696	SensrSvc - ok
13:32:26.0079 3696	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:32:26.0126 3696	Serenum - ok
13:32:26.0157 3696	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:32:26.0204 3696	Serial - ok
13:32:26.0266 3696	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:32:26.0298 3696	sermouse - ok
13:32:26.0344 3696	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:32:26.0407 3696	SessionEnv - ok
13:32:26.0454 3696	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:32:26.0485 3696	sffdisk - ok
13:32:26.0532 3696	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:32:26.0578 3696	sffp_mmc - ok
13:32:26.0625 3696	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:32:26.0641 3696	sffp_sd - ok
13:32:26.0656 3696	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:32:26.0688 3696	sfloppy - ok
13:32:26.0766 3696	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
13:32:26.0797 3696	Sftfs - ok
13:32:26.0875 3696	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
13:32:26.0890 3696	sftlist - ok
13:32:26.0906 3696	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
13:32:26.0922 3696	Sftplay - ok
13:32:26.0937 3696	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
13:32:26.0937 3696	Sftredir - ok
13:32:26.0953 3696	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
13:32:26.0953 3696	Sftvol - ok
13:32:26.0984 3696	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
13:32:26.0984 3696	sftvsa - ok
13:32:27.0015 3696	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
13:32:27.0093 3696	SharedAccess - ok
13:32:27.0140 3696	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:32:27.0218 3696	ShellHWDetection - ok
13:32:27.0249 3696	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:32:27.0265 3696	SiSRaid2 - ok
13:32:27.0280 3696	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:32:27.0296 3696	SiSRaid4 - ok
13:32:27.0327 3696	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:32:27.0390 3696	Smb - ok
13:32:27.0436 3696	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:32:27.0468 3696	SNMPTRAP - ok
13:32:27.0483 3696	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:32:27.0483 3696	spldr - ok
13:32:27.0546 3696	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:32:27.0577 3696	Spooler - ok
13:32:27.0686 3696	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:32:27.0764 3696	sppsvc - ok
13:32:27.0842 3696	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:32:27.0904 3696	sppuinotify - ok
13:32:27.0951 3696	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:32:28.0029 3696	srv - ok
13:32:28.0060 3696	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:32:28.0092 3696	srv2 - ok
13:32:28.0123 3696	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:32:28.0170 3696	srvnet - ok
13:32:28.0216 3696	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:32:28.0263 3696	SSDPSRV - ok
13:32:28.0279 3696	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:32:28.0326 3696	SstpSvc - ok
13:32:28.0357 3696	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:32:28.0372 3696	stexstor - ok
13:32:28.0404 3696	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:32:28.0435 3696	stisvc - ok
13:32:28.0482 3696	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
13:32:28.0497 3696	swenum - ok
13:32:28.0528 3696	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:32:28.0560 3696	swprv - ok
13:32:28.0622 3696	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:32:28.0700 3696	SysMain - ok
13:32:28.0778 3696	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:32:28.0809 3696	TabletInputService - ok
13:32:28.0856 3696	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:32:28.0934 3696	TapiSrv - ok
13:32:28.0965 3696	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:32:29.0012 3696	TBS - ok
13:32:29.0090 3696	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:32:29.0168 3696	Tcpip - ok
13:32:29.0277 3696	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:32:29.0308 3696	TCPIP6 - ok
13:32:29.0371 3696	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:32:29.0433 3696	tcpipreg - ok
13:32:29.0449 3696	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:32:29.0527 3696	TDPIPE - ok
13:32:29.0558 3696	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:32:29.0605 3696	TDTCP - ok
13:32:29.0636 3696	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:32:29.0698 3696	tdx - ok
13:32:29.0730 3696	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
13:32:29.0745 3696	TermDD - ok
13:32:29.0792 3696	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:32:29.0886 3696	TermService - ok
13:32:29.0917 3696	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:32:29.0964 3696	Themes - ok
13:32:29.0995 3696	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:32:30.0026 3696	THREADORDER - ok
13:32:30.0042 3696	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:32:30.0073 3696	TrkWks - ok
13:32:30.0104 3696	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:32:30.0166 3696	TrustedInstaller - ok
13:32:30.0198 3696	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:32:30.0276 3696	tssecsrv - ok
13:32:30.0307 3696	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:32:30.0369 3696	TsUsbFlt - ok
13:32:30.0385 3696	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:32:30.0400 3696	TsUsbGD - ok
13:32:30.0416 3696	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:32:30.0478 3696	tunnel - ok
13:32:30.0510 3696	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:32:30.0525 3696	uagp35 - ok
13:32:30.0541 3696	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:32:30.0603 3696	udfs - ok
13:32:30.0634 3696	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:32:30.0666 3696	UI0Detect - ok
13:32:30.0712 3696	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:32:30.0728 3696	uliagpkx - ok
13:32:30.0759 3696	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:32:30.0790 3696	umbus - ok
13:32:30.0837 3696	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:32:30.0868 3696	UmPass - ok
13:32:31.0024 3696	UNS             (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:32:31.0102 3696	UNS - ok
13:32:31.0165 3696	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:32:31.0196 3696	upnphost - ok
13:32:31.0227 3696	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
13:32:31.0305 3696	USBAAPL64 - ok
13:32:31.0321 3696	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:32:31.0383 3696	usbccgp - ok
13:32:31.0399 3696	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:32:31.0446 3696	usbcir - ok
13:32:31.0477 3696	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
13:32:31.0524 3696	usbehci - ok
13:32:31.0586 3696	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
13:32:31.0617 3696	usbhub - ok
13:32:31.0648 3696	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:32:31.0664 3696	usbohci - ok
13:32:31.0695 3696	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:32:31.0726 3696	usbprint - ok
13:32:31.0773 3696	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
13:32:31.0789 3696	usbscan - ok
13:32:31.0820 3696	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:32:31.0836 3696	USBSTOR - ok
13:32:31.0867 3696	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:32:31.0898 3696	usbuhci - ok
13:32:31.0945 3696	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:32:31.0976 3696	UxSms - ok
13:32:31.0992 3696	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:32:32.0007 3696	VaultSvc - ok
13:32:32.0023 3696	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:32:32.0038 3696	vdrvroot - ok
13:32:32.0054 3696	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:32:32.0132 3696	vds - ok
13:32:32.0163 3696	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:32:32.0179 3696	vga - ok
13:32:32.0194 3696	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:32:32.0257 3696	VgaSave - ok
13:32:32.0288 3696	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:32:32.0304 3696	vhdmp - ok
13:32:32.0319 3696	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:32:32.0335 3696	viaide - ok
13:32:32.0366 3696	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:32:32.0366 3696	volmgr - ok
13:32:32.0397 3696	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:32:32.0413 3696	volmgrx - ok
13:32:32.0444 3696	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:32:32.0444 3696	volsnap - ok
13:32:32.0475 3696	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:32:32.0491 3696	vsmraid - ok
13:32:32.0538 3696	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:32:32.0600 3696	VSS - ok
13:32:32.0662 3696	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:32:32.0694 3696	vwifibus - ok
13:32:32.0725 3696	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:32:32.0772 3696	vwififlt - ok
13:32:32.0818 3696	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:32:32.0850 3696	W32Time - ok
13:32:32.0896 3696	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:32:32.0912 3696	WacomPen - ok
13:32:32.0928 3696	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:32.0974 3696	WANARP - ok
13:32:32.0974 3696	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:32:32.0990 3696	Wanarpv6 - ok
13:32:33.0068 3696	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:32:33.0115 3696	WatAdminSvc - ok
13:32:33.0177 3696	watchmi         (878c947c69ee89e4dbff9dbd6155c15d) C:\Program Files (x86)\watchmi\TvdService.exe
13:32:33.0193 3696	watchmi ( UnsignedFile.Multi.Generic ) - warning
13:32:33.0193 3696	watchmi - detected UnsignedFile.Multi.Generic (1)
13:32:33.0271 3696	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:32:33.0364 3696	wbengine - ok
13:32:33.0442 3696	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:32:33.0489 3696	WbioSrvc - ok
13:32:33.0520 3696	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:32:33.0583 3696	wcncsvc - ok
13:32:33.0614 3696	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:32:33.0676 3696	WcsPlugInService - ok
13:32:33.0708 3696	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:32:33.0723 3696	Wd - ok
13:32:33.0754 3696	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:32:33.0770 3696	Wdf01000 - ok
13:32:33.0786 3696	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:32:33.0895 3696	WdiServiceHost - ok
13:32:33.0895 3696	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:32:33.0910 3696	WdiSystemHost - ok
13:32:33.0926 3696	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:32:33.0957 3696	WebClient - ok
13:32:34.0020 3696	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:32:34.0082 3696	Wecsvc - ok
13:32:34.0113 3696	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:32:34.0176 3696	wercplsupport - ok
13:32:34.0207 3696	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:32:34.0238 3696	WerSvc - ok
13:32:34.0254 3696	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:32:34.0269 3696	WfpLwf - ok
13:32:34.0285 3696	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:32:34.0300 3696	WIMMount - ok
13:32:34.0316 3696	WinDefend - ok
13:32:34.0332 3696	WinHttpAutoProxySvc - ok
13:32:34.0363 3696	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:32:34.0425 3696	Winmgmt - ok
13:32:34.0519 3696	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:32:34.0597 3696	WinRM - ok
13:32:34.0675 3696	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
13:32:34.0706 3696	WinUsb - ok
13:32:34.0784 3696	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:32:34.0846 3696	Wlansvc - ok
13:32:34.0924 3696	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
13:32:34.0940 3696	wlcrasvc - ok
13:32:35.0034 3696	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:32:35.0096 3696	wlidsvc - ok
13:32:35.0143 3696	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
13:32:35.0174 3696	WmiAcpi - ok
13:32:35.0268 3696	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:32:35.0299 3696	wmiApSrv - ok
13:32:35.0346 3696	WMPNetworkSvc - ok
13:32:35.0361 3696	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:32:35.0392 3696	WPCSvc - ok
13:32:35.0408 3696	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:32:35.0439 3696	WPDBusEnum - ok
13:32:35.0439 3696	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:32:35.0470 3696	ws2ifsl - ok
13:32:35.0486 3696	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
13:32:35.0502 3696	wscsvc - ok
13:32:35.0502 3696	WSearch - ok
13:32:35.0533 3696	wsvd            (82e8f5aa03df7dbdb8a33f700d5d8cda) C:\Windows\system32\DRIVERS\wsvd.sys
13:32:35.0533 3696	wsvd - ok
13:32:35.0626 3696	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:32:35.0704 3696	wuauserv - ok
13:32:35.0751 3696	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:32:35.0829 3696	WudfPf - ok
13:32:35.0876 3696	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:32:35.0938 3696	WUDFRd - ok
13:32:35.0954 3696	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:32:36.0001 3696	wudfsvc - ok
13:32:36.0016 3696	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:32:36.0048 3696	WwanSvc - ok
13:32:36.0094 3696	MBR (0x1B8)     (753ca1d394f3c0855134963d7361060f) \Device\Harddisk0\DR0
13:32:37.0873 3696	\Device\Harddisk0\DR0 - ok
13:32:37.0873 3696	Boot (0x1200)   (b5967dee3556ab5547ce4a01720d3a87) \Device\Harddisk0\DR0\Partition0
13:32:37.0873 3696	\Device\Harddisk0\DR0\Partition0 - ok
13:32:37.0904 3696	Boot (0x1200)   (723b1384481df8bcf39370c73915c3b3) \Device\Harddisk0\DR0\Partition1
13:32:37.0920 3696	\Device\Harddisk0\DR0\Partition1 - ok
13:32:37.0951 3696	Boot (0x1200)   (321024554349d673da11df6c854568bf) \Device\Harddisk0\DR0\Partition2
13:32:37.0951 3696	\Device\Harddisk0\DR0\Partition2 - ok
13:32:37.0951 3696	============================================================
13:32:37.0951 3696	Scan finished
13:32:37.0951 3696	============================================================
13:32:37.0951 6340	Detected object count: 2
13:32:37.0951 6340	Actual detected object count: 2
13:33:02.0537 6340	BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:02.0537 6340	BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:33:02.0537 6340	watchmi ( UnsignedFile.Multi.Generic ) - skipped by user
13:33:02.0537 6340	watchmi ( UnsignedFile.Multi.Generic ) - User select action: Skip

Die gefundene "watchmi"-Datei war auf meinem Pc vorinstalliert und ist so etwas wie eine Hilfe, welche z.B. erklärt wie ich das Medien Center einrichte, etc. - da sie erkannt wurde, heißt das, sie ist auch gefährlich?

cosinus · 11.07.2012, 14:09

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Kingdom1543 · 11.07.2012, 14:39

Hier das Combofix Log:

Code:

ATTFilter

ComboFix 12-07-11.03 - Tismo 11.07.2012  15:31:16.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4078.2445 [GMT 2:00]
ausgeführt von:: c:\users\Tismo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Tismo\AppData\Roaming\AcroIEHelpe.txt
c:\users\Tismo\AppData\Roaming\srvblck5.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-11 bis 2012-07-11  ))))))))))))))))))))))))))))))
.
.
2012-07-11 13:34 . 2012-07-11 13:34	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-11 13:34 . 2012-07-11 13:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-10 19:19 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2012-07-10 14:33 . 2012-07-10 14:33	--------	d-----w-	C:\_OTL
2012-07-09 10:02 . 2012-07-09 10:02	--------	d-----w-	c:\program files (x86)\ESET
2012-07-09 08:50 . 2012-07-09 08:50	--------	d-----w-	c:\users\Tismo\AppData\Roaming\Malwarebytes
2012-07-09 08:50 . 2012-07-09 08:50	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-09 08:50 . 2012-07-09 08:50	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-09 08:50 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-03 20:45 . 2012-07-03 20:45	--------	d-----w-	c:\users\Tismo\.thumbnails
2012-07-03 20:38 . 2012-07-05 13:32	--------	d-----w-	c:\users\Tismo\.gimp-2.8
2012-07-03 19:22 . 2012-07-03 19:22	--------	d-----w-	c:\program files (x86)\EA GAMES
2012-07-02 11:10 . 2012-07-02 11:10	--------	d-----w-	c:\users\Tismo\AppData\Local\fontconfig
2012-07-02 11:10 . 2012-07-02 11:10	--------	d-----w-	c:\users\Tismo\AppData\Local\gegl-0.2
2012-07-02 11:02 . 2012-07-02 11:03	--------	d-----w-	c:\program files\GIMP 2
2012-06-28 16:22 . 2012-06-28 16:22	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-06-28 16:22 . 2012-06-28 16:22	--------	d-----w-	c:\program files (x86)\Oracle
2012-06-28 16:20 . 2012-05-04 17:29	772504	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-06-28 16:20 . 2012-06-28 16:20	--------	d-----w-	c:\program files (x86)\Java
2012-06-21 22:42 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 22:42 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 22:42 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 22:42 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 22:41 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 22:41 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 22:41 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 22:41 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 22:41 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-14 11:58 . 2012-04-26 05:41	77312	----a-w-	c:\windows\system32\rdpwsx.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-27 18:12 . 2012-04-14 15:54	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-27 18:12 . 2011-08-10 19:09	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-15 16:14 . 2011-12-11 14:50	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-05-15 16:14 . 2011-12-11 14:50	139360	----a-w-	c:\windows\system32\drivers\avfwot.sys
2012-05-15 16:14 . 2011-12-11 14:50	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-05-15 16:14 . 2011-12-11 14:50	114128	----a-w-	c:\windows\system32\drivers\avfwim.sys
2012-05-04 17:29 . 2011-07-18 21:13	687504	----a-w-	c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files (x86)\ICQ7.7\ICQ.exe" [2012-01-23 127040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-15 348624]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
watchmi tray.lnk - c:\windows\Installer\{AA4D1C5E-116A-4FF4-AA91-28F526868203}\SHCT_TRAY_PROGRAMG_A10D8603999C4E9488776EF2533C58C9.exe [2011-12-11 300416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-08-12 1255736]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2012-05-15 139360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-12-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2012-05-15 619472]
S2 AntiVirMailService;Avira Email Schutz;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2012-05-15 375760]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-15 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-15 465360]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 L4301_Solar;Logitech Solar Keyboard Service;c:\program files\Logitech\SolarApp\L4301_Solar.exe [2010-10-26 403536]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S2 watchmi;watchmi service;c:\program files (x86)\watchmi\TvdService.exe [2010-12-06 62464]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-06-02 128488]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-06-02 401896]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2012-05-15 114128]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-03-11 56344]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-05-17 533096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 87633611
*Deregistered* - 87633611
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-05-09 11821160]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2010-11-03 1580368]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MedionReminder"="c:\program files (x86)\CyberLink\PowerRecover\Reminder.exe" [2011-05-25 443688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.t-online.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-BrowserChoice - c:\windows\System32\browserchoice.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-11  15:35:41
ComboFix-quarantined-files.txt  2012-07-11 13:35
.
Vor Suchlauf: 7 Verzeichnis(se), 1.874.022.866.944 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 1.873.671.069.696 Bytes frei
.
- - End Of File - - 10F8620F4A5C31F6029D4E9CC80E4AC0

cosinus · 11.07.2012, 14:53

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Kingdom1543 · 11.07.2012, 15:36

Das GMER-Log:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-11 16:13:27
Windows 6.1.7601 Service Pack 1 
Running: rrwz1m8x.exe


---- Files - GMER 1.0.15 ----

File  C:\ProgramData\Microsoft\RAC\Temp\sql5880.tmp  20480 bytes
File  C:\ProgramData\Microsoft\RAC\Temp\sql5891.tmp  20480 bytes

---- EOF - GMER 1.0.15 ----

Das OSAM-Log:

Code:

ATTFilter

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:19:27 on 11.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"nvpciflt" (nvpciflt) - ? - C:\Windows\System32\DRIVERS\nvpciflt.sys  (File not found)
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys
"wsvd" (wsvd) - "CyberLink" - C:\Windows\System32\DRIVERS\wsvd.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\Program Files (x86)\myMugle\Skype4COM.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{DE902992-61FC-4A01-8091-53E1895C9775} "CDR Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{7AD101F2-0B93-4D66-A1CA-DF73F3C4377B} "CDR preview provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll
{7FA63AC0-F5BC-4F3B-A9CF-94328D812B62} "CDR Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll
{1462EBAA-96E7-4D93-9A66-0E4068DE4FCF} "CDR Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{DE902994-61FC-4A01-8091-53E1895C9775} "CMX Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{1462EBAC-96E7-4D93-9A66-0E4068DE4FCF} "CMX Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{DE902993-61FC-4A01-8091-53E1895C9775} "CPT Icon Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{7FA63AC1-F5BC-4F3B-A9CF-94328D812B62} "CPT Property Handler" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellVista.dll
{1462EBAB-96E7-4D93-9A66-0E4068DE4FCF} "CPT Thumbnail provider" - "Corel Corporation" - c:\Program Files (x86)\Common Files\Corel\Shared\Shell\Extension\x86\ShellXP.dll
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\MSOHEVI.DLL
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
"ICQ7.7" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7.7\ICQ.exe
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Tismo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"watchmi tray.lnk" - ? - C:\Program Files (x86)\watchmi\TvdTray.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files (x86)\ICQ7.7\ICQ.exe" silent loginmode=4
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"BrStsMon00" - "Brother Industries, Ltd." - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
"CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"ControlCenter3" - "Brother Industries, Ltd." - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Email Schutz" (AntiVirMailService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
"Avira FireWall" (AntiVirFirewallService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"BrYNSvc" (BrYNSvc) - "Brother Industries, Ltd." - C:\Program Files (x86)\Browny02\BrYNSvc.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Logitech Solar Keyboard Service" (L4301_Solar) - "Logitech, Inc." - C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
"watchmi service" (watchmi) - ? - C:\Program Files (x86)\watchmi\TvdService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - "ScreenTime Media" - C:\Windows\system32\Fliqlo.scr

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----
"AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

und das aswMBR-Log (aswMBR ist wie erwähnt abgestürzt, danach dann Scan mit AV Scan "none") :

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-11 16:29:15
-----------------------------
16:29:15.367    OS Version: Windows x64 6.1.7601 Service Pack 1
16:29:15.382    Number of processors: 4 586 0x2A07
16:29:15.382    ComputerName: TISMO-PC  UserName: Tismo
16:29:26.271    Initialize success
16:29:29.266    AVAST engine defs: 12071101
16:29:39.671    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
16:29:39.671    Disk 0 Vendor: ST2000DL CC45 Size: 1907729MB BusType: 3
16:29:39.718    Disk 0 MBR read successfully
16:29:39.718    Disk 0 MBR scan
16:29:39.718    Disk 0 unknown MBR code
16:29:39.734    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
16:29:39.749    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS      1855403 MB offset 206848
16:29:39.796    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        51200 MB offset 3800072192
16:29:39.812    Disk 0 Partition 4 00     12  Compaq diag NTFS         1024 MB offset 3904929792
16:29:39.859    Disk 0 scanning C:\Windows\system32\drivers
16:29:55.427    Service scanning
16:30:11.729    Modules scanning
16:30:11.729    Disk 0 trace - called modules:
16:30:11.761    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
16:30:11.761    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f72060]
16:30:11.761    3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800482d050]
16:30:11.776    Scan finished successfully
16:30:30.496    Disk 0 MBR has been saved successfully to "C:\Users\Tismo\Desktop\MBR.dat"
16:30:30.496    The log file has been saved successfully to "C:\Users\Tismo\Desktop\aswMBR Log.txt"

cosinus · 11.07.2012, 21:56

Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Kingdom1543 · 12.07.2012, 16:29

Eine kurze Frage bevor ich deine Anweisung ausführe:

Sollte ich jetzt die Daten sichern, kann ich dann überhaupt sicher sein, dass ich nicht einen Virus, etc. mitsichere - z.B. indem ich die Daten auf einen USB-Stick kopiere. Ebenso müsste ich dann mein komplettes iPod/iTunes Backup auf Datenträger brennen. Sind diese dann anschließend als sicher oder als potentiell noch infiziert zu betrachten?

cosinus · 12.07.2012, 19:00

Es ist doch völlig egal ob noch Daten infiziert sein könnten oder nicht!
1. gibt es eh keine 100% Sicherheit
2. ist die Sicherung dafür gedacht, dass du noch alle Daten hast falls beim MBR-Fix richtig was schiefgeht

wenn die Platte komplett blank sein sollte wird es dir nichts bringen, gar kein Backup gemacht zu haben!

Nochmal ein paar Hinweise zum Backup:
Das einfachste wäre es wohl alle Dateien und wichtigen persönlichen Ordner auf eine ext. Platte zu kopieren. Dann hast du deine Daten gesichert, zB nach einem Systemcrash kannst du Windows dann manuell sauber neu installieren und die Daten aus der einfachen manuellen Backupmethode einfach wieder zurückkopieren

Man kann aber auch Abbilder eines gesamten System (besser gesagt der gesamten Platte oder von einzelnen oder auch mehreren Partitionen erstellen), Denkanstoß hier => http://www.trojaner-board.de/115678-...r-backups.html

Wenn du eine Festplatte von WesternDigital oder Seagate hast, bekommst du ein AcronisTrueImage für lau (das aber ohne SecureZone soweit ich weiß, ich empfehle aber eh Images auf externe Platten, diese sollten nur angesteckt sein wenn man das Backup braucht bzw. ein Backup erstellen muss!)

WesternDigtal => http://filepony.de/download-acronis_...ge_wd_edition/
Seagate => http://filepony.de/download-seagate_discwizard/

Mit Windows7 hat man auch ein Bordmitteln für die Imageerstellung zB hier => [Anleitung] Komplettes Image-Backup (Systemabbild) von Windows 7 erstellen - Anleitungen / Tutorials / FAQ (Windows 7)

Gibt auch andere Programme, wie zB Drive Snapshot - Disk Image Backup leicht gemacht