Hallo,

MAM zeigt mir an das der Laptop mit spyware.zbot befallen ist.
Habe den OTL Bericht angehängt.
Was nun? Bitte Hilfe.

MfG

Zitat:

MAM zeigt mir an das der Laptop mit spyware.zbot befallen ist.

Schön und wo sind die Logs dazu?

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520


Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

• Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
• Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
• Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
• Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

hier bitte:

Code: Alles auswählenAufklappen

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.01.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Thomas Marquardt :: TOMSTOP [limitiert]

01.02.2013 14:40:38
MBAM-log-2013-02-01 (14-45-30).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 212300
Laufzeit: 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Thomas Marquardt\AppData\Local\Temp\monxw.exe (Spyware.Zbot) -> Keine Aktion durchgeführt.
C:\Users\Thomas Marquardt\AppData\Local\Temp\{10F24-53F3F4-53F7F4} (Spyware.Zbot) -> Keine Aktion durchgeführt.

(Ende)
         

Sorry habe gesehen es muss ein vollständiger Scan sein. Werde ihn sofort durchführen.

Nein! Mach bitte jetzt KEINEN Vollscan!

mh läuft schon.. abbrechen oder laufen lassen?

Brich es ab

getan, was passiert als nächstes?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Ne hab mc affee stinger drüber laufen lassen, aber der hatte nichts gefunden.
Soll ich um sicher zu gehen noch ein weiteres Programm drüber laufen lassen?

Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus.

aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

ok GMER ging, asw musste ich mit none machen.

gmer log:

Code: Alles auswählenAufklappen

ATTFilter

GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-01 17:15:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0005 465,76GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\THOMAS~1\AppData\Local\Temp\fxldipoc.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     00000000777d1401 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       00000000777d1419 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     00000000777d1431 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     00000000777d144a 2 bytes [7D, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        00000000777d14dd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 00000000777d14f5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        00000000777d150d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 00000000777d1525 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       00000000777d153d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            00000000777d1555 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     00000000777d156d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       00000000777d1585 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          00000000777d159d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       00000000777d15b5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     00000000777d15cd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 00000000777d16b2 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1892] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 00000000777d16bd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3080] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint                                                                   0000000077cd000c 1 byte [C3]
.text  C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3080] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin                                                              0000000077d5f85a 5 bytes JMP 0000000177d0d571
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                                   00000000777d1401 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                                     00000000777d1419 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                                   00000000777d1431 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                                   00000000777d144a 2 bytes [7D, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                                      00000000777d14dd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                               00000000777d14f5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                                      00000000777d150d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                               00000000777d1525 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                                     00000000777d153d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                                          00000000777d1555 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                                   00000000777d156d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                                     00000000777d1585 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                                        00000000777d159d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                                     00000000777d15b5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                                   00000000777d15cd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                               00000000777d16b2 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Samsung\Kies\Kies.exe[3104] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                               00000000777d16bd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                          00000000777d1401 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                            00000000777d1419 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                          00000000777d1431 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                          00000000777d144a 2 bytes [7D, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                             00000000777d14dd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                      00000000777d14f5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                             00000000777d150d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                      00000000777d1525 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                            00000000777d153d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                 00000000777d1555 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                          00000000777d156d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                            00000000777d1585 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                               00000000777d159d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                            00000000777d15b5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                          00000000777d15cd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                      00000000777d16b2 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe[3316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                      00000000777d16bd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                     00000000777d1401 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                       00000000777d1419 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                     00000000777d1431 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                     00000000777d144a 2 bytes [7D, 77]
.text  ...                                                                                                                                                                                          * 9
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                        00000000777d14dd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                 00000000777d14f5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                        00000000777d150d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                 00000000777d1525 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                       00000000777d153d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                            00000000777d1555 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                     00000000777d156d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                       00000000777d1585 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                          00000000777d159d 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                       00000000777d15b5 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                     00000000777d15cd 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                 00000000777d16b2 2 bytes [7D, 77]
.text  C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                 00000000777d16bd 2 bytes [7D, 77]

---- User IAT/EAT - GMER 2.0 ----

IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId]              [7fef8dd2750] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId]          [7fef8dd2b98] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId]  [7fef8dd7de0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId]           [7fef8dd8130] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId]   [7fef8dd1908] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession]            [7fef8dd1c00] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload]           [7fef8dd81d8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet]                   [7fef8dd2878] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString]     [7fef8dd7a5c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmIncrement]             [7fef8dd6c48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord]      [7fef8dd77bc] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion]         [7fef8dd7064] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession]          [7fef8dd6544] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
IAT    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[1324] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession]            [7fef8dd5e30] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll

---- EOF - GMER 2.0 ----
         

asw log:

Code: Alles auswählenAufklappen

ATTFilter

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-01 17:42:29
-----------------------------
17:42:29.067    OS Version: Windows x64 6.1.7601 Service Pack 1
17:42:29.067    Number of processors: 4 586 0x2A07
17:42:29.067    ComputerName: TOMSTOP  UserName: 
17:42:30.167    Initialize success
17:42:37.923    AVAST engine defs: 13020100
17:42:47.892    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:42:47.892    Disk 0 Vendor: ST950032 0005 Size: 476940MB BusType: 3
17:42:48.032    Disk 0 MBR read successfully
17:42:48.048    Disk 0 MBR scan
17:42:48.048    Disk 0 Windows 7 default MBR code
17:42:48.079    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
17:42:48.095    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       461734 MB offset 409600
17:42:48.126    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        14902 MB offset 946040832
17:42:48.151    Disk 0 Partition 4 00     0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
17:42:48.231    Disk 0 scanning C:\Windows\system32\drivers
17:43:05.614    Service scanning
17:43:34.733    Modules scanning
17:43:34.743    Disk 0 trace - called modules:
17:43:35.143    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 
17:43:35.153    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004dc5060]
17:43:35.163    3 CLASSPNP.SYS[fffff88001bc643f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004a33050]
17:43:35.173    Scan finished successfully
17:44:08.180    Disk 0 MBR has been saved successfully to "C:\Users\Thomas Marquardt\Desktop\MBR.dat"
17:44:08.180    The log file has been saved successfully to "C:\Users\Thomas Marquardt\Desktop\aswMBR.txt"
         

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

done:

Code: Alles auswählenAufklappen

ATTFilter

20:07:04.0855 5392  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:07:05.0229 5392  ============================================================
20:07:05.0229 5392  Current date / time: 2013/02/01 20:07:05.0229
20:07:05.0229 5392  SystemInfo:
20:07:05.0229 5392  
20:07:05.0229 5392  OS Version: 6.1.7601 ServicePack: 1.0
20:07:05.0229 5392  Product type: Workstation
20:07:05.0229 5392  ComputerName: TOMSTOP
20:07:05.0229 5392  UserName: Thomas Marquardt
20:07:05.0229 5392  Windows directory: C:\Windows
20:07:05.0229 5392  System windows directory: C:\Windows
20:07:05.0229 5392  Running under WOW64
20:07:05.0229 5392  Processor architecture: Intel x64
20:07:05.0229 5392  Number of processors: 4
20:07:05.0229 5392  Page size: 0x1000
20:07:05.0229 5392  Boot type: Normal boot
20:07:05.0229 5392  ============================================================
20:07:05.0791 5392  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:07:05.0822 5392  ============================================================
20:07:05.0822 5392  \Device\Harddisk0\DR0:
20:07:05.0822 5392  MBR partitions:
20:07:05.0822 5392  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:07:05.0822 5392  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x385D3000
20:07:05.0822 5392  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38637000, BlocksNum 0x1D1B000
20:07:05.0822 5392  \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
20:07:05.0822 5392  ============================================================
20:07:05.0869 5392  C: <-> \Device\Harddisk0\DR0\Partition2
20:07:05.0931 5392  D: <-> \Device\Harddisk0\DR0\Partition3
20:07:05.0947 5392  F: <-> \Device\Harddisk0\DR0\Partition4
20:07:05.0947 5392  ============================================================
20:07:05.0947 5392  Initialize success
20:07:05.0947 5392  ============================================================
20:07:48.0785 4544  ============================================================
20:07:48.0785 4544  Scan started
20:07:48.0785 4544  Mode: Manual; SigCheck; TDLFS; 
20:07:48.0785 4544  ============================================================
20:07:49.0222 4544  ================ Scan system memory ========================
20:07:49.0222 4544  System memory - ok
20:07:49.0222 4544  ================ Scan services =============================
20:07:49.0409 4544  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
20:07:49.0549 4544  1394ohci - ok
20:07:49.0580 4544  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:07:49.0612 4544  ACPI - ok
20:07:49.0627 4544  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:07:49.0721 4544  AcpiPmi - ok
20:07:49.0830 4544  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:07:49.0861 4544  AdobeARMservice - ok
20:07:50.0033 4544  [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:07:50.0064 4544  AdobeFlashPlayerUpdateSvc - ok
20:07:50.0126 4544  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
20:07:50.0142 4544  adp94xx - ok
20:07:50.0204 4544  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
20:07:50.0236 4544  adpahci - ok
20:07:50.0251 4544  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
20:07:50.0267 4544  adpu320 - ok
20:07:50.0298 4544  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:07:50.0423 4544  AeLookupSvc - ok
20:07:50.0501 4544  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
20:07:50.0548 4544  AFD - ok
20:07:50.0594 4544  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
20:07:50.0626 4544  agp440 - ok
20:07:50.0657 4544  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
20:07:50.0704 4544  ALG - ok
20:07:50.0782 4544  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:07:50.0797 4544  aliide - ok
20:07:50.0813 4544  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
20:07:50.0813 4544  amdide - ok
20:07:50.0860 4544  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
20:07:50.0906 4544  AmdK8 - ok
20:07:50.0906 4544  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:07:50.0953 4544  AmdPPM - ok
20:07:51.0000 4544  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:07:51.0016 4544  amdsata - ok
20:07:51.0047 4544  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
20:07:51.0062 4544  amdsbs - ok
20:07:51.0078 4544  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:07:51.0078 4544  amdxata - ok
20:07:51.0125 4544  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
20:07:51.0328 4544  AppID - ok
20:07:51.0359 4544  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:07:51.0437 4544  AppIDSvc - ok
20:07:51.0515 4544  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\Windows\System32\appinfo.dll
20:07:51.0593 4544  Appinfo - ok
20:07:51.0655 4544  [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:07:51.0671 4544  Apple Mobile Device - ok
20:07:51.0718 4544  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
20:07:51.0733 4544  arc - ok
20:07:51.0733 4544  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
20:07:51.0749 4544  arcsas - ok
20:07:51.0780 4544  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:07:51.0842 4544  AsyncMac - ok
20:07:51.0874 4544  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
20:07:51.0905 4544  atapi - ok
20:07:51.0998 4544  [ 96ABF88241F90FF647E55C934C55C2F1 ] athr            C:\Windows\system32\DRIVERS\athrx.sys
20:07:52.0170 4544  athr - ok
20:07:52.0217 4544  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:07:52.0326 4544  AudioEndpointBuilder - ok
20:07:52.0357 4544  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:07:52.0388 4544  AudioSrv - ok
20:07:52.0451 4544  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:07:52.0513 4544  AxInstSV - ok
20:07:52.0544 4544  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
20:07:52.0591 4544  b06bdrv - ok
20:07:52.0638 4544  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:07:52.0685 4544  b57nd60a - ok
20:07:52.0778 4544  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe
20:07:52.0825 4544  BBSvc - ok
20:07:52.0856 4544  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
20:07:52.0888 4544  BBUpdate - ok
20:07:52.0934 4544  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:07:52.0966 4544  BDESVC - ok
20:07:52.0997 4544  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:07:53.0059 4544  Beep - ok
20:07:53.0153 4544  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
20:07:53.0246 4544  BFE - ok
20:07:53.0278 4544  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
20:07:53.0371 4544  BITS - ok
20:07:53.0418 4544  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:07:53.0449 4544  blbdrive - ok
20:07:53.0527 4544  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:07:53.0574 4544  Bonjour Service - ok
20:07:53.0605 4544  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:07:53.0652 4544  bowser - ok
20:07:53.0683 4544  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:07:53.0777 4544  BrFiltLo - ok
20:07:53.0792 4544  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:07:53.0808 4544  BrFiltUp - ok
20:07:53.0855 4544  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
20:07:53.0870 4544  Browser - ok
20:07:53.0902 4544  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:07:53.0933 4544  Brserid - ok
20:07:53.0964 4544  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:07:53.0980 4544  BrSerWdm - ok
20:07:54.0011 4544  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:07:54.0058 4544  BrUsbMdm - ok
20:07:54.0058 4544  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:07:54.0089 4544  BrUsbSer - ok
20:07:54.0120 4544  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
20:07:54.0136 4544  BTHMODEM - ok
20:07:54.0182 4544  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
20:07:54.0292 4544  bthserv - ok
20:07:54.0323 4544  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:07:54.0401 4544  cdfs - ok
20:07:54.0463 4544  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:07:54.0494 4544  cdrom - ok
20:07:54.0526 4544  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
20:07:54.0635 4544  CertPropSvc - ok
20:07:54.0666 4544  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
20:07:54.0682 4544  circlass - ok
20:07:54.0713 4544  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
20:07:54.0728 4544  CLFS - ok
20:07:54.0806 4544  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:07:54.0838 4544  clr_optimization_v2.0.50727_32 - ok
20:07:54.0869 4544  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:07:54.0884 4544  clr_optimization_v2.0.50727_64 - ok
20:07:54.0962 4544  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:07:54.0994 4544  clr_optimization_v4.0.30319_32 - ok
20:07:55.0025 4544  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:07:55.0056 4544  clr_optimization_v4.0.30319_64 - ok
20:07:55.0087 4544  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\Windows\system32\DRIVERS\clwvd.sys
20:07:55.0103 4544  clwvd - ok
20:07:55.0134 4544  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
20:07:55.0165 4544  CmBatt - ok
20:07:55.0196 4544  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:07:55.0212 4544  cmdide - ok
20:07:55.0274 4544  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\Windows\system32\Drivers\cng.sys
20:07:55.0337 4544  CNG - ok
20:07:55.0368 4544  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
20:07:55.0384 4544  Compbatt - ok
20:07:55.0446 4544  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
20:07:55.0493 4544  CompositeBus - ok
20:07:55.0508 4544  COMSysApp - ok
20:07:55.0540 4544  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
20:07:55.0555 4544  crcdisk - ok
20:07:55.0976 4544  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:07:56.0023 4544  CryptSvc - ok
20:07:56.0086 4544  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:07:56.0195 4544  DcomLaunch - ok
20:07:56.0226 4544  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
20:07:56.0273 4544  defragsvc - ok
20:07:56.0335 4544  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:07:56.0398 4544  DfsC - ok
20:07:56.0460 4544  [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
20:07:56.0476 4544  dg_ssudbus - ok
20:07:56.0538 4544  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:07:56.0616 4544  Dhcp - ok
20:07:56.0647 4544  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
20:07:56.0725 4544  discache - ok
20:07:56.0772 4544  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
20:07:56.0788 4544  Disk - ok
20:07:56.0819 4544  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:07:56.0881 4544  Dnscache - ok
20:07:56.0928 4544  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:07:57.0022 4544  dot3svc - ok
20:07:57.0053 4544  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
20:07:57.0100 4544  DPS - ok
20:07:57.0131 4544  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:07:57.0162 4544  drmkaud - ok
20:07:57.0224 4544  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:07:57.0302 4544  DXGKrnl - ok
20:07:57.0349 4544  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
20:07:57.0396 4544  EapHost - ok
20:07:57.0505 4544  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
20:07:57.0630 4544  ebdrv - ok
20:07:57.0692 4544  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
20:07:57.0755 4544  EFS - ok
20:07:57.0848 4544  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:07:57.0926 4544  ehRecvr - ok
20:07:57.0958 4544  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
20:07:57.0973 4544  ehSched - ok
20:07:58.0020 4544  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
20:07:58.0067 4544  elxstor - ok
20:07:58.0098 4544  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:07:58.0145 4544  ErrDev - ok
20:07:58.0223 4544  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
20:07:58.0285 4544  EventSystem - ok
20:07:58.0332 4544  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
20:07:58.0363 4544  exfat - ok
20:07:58.0379 4544  ezSharedSvc - ok
20:07:58.0410 4544  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:07:58.0488 4544  fastfat - ok
20:07:58.0566 4544  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
20:07:58.0660 4544  Fax - ok
20:07:58.0706 4544  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
20:07:58.0738 4544  fdc - ok
20:07:58.0769 4544  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
20:07:58.0831 4544  fdPHost - ok
20:07:58.0831 4544  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:07:58.0878 4544  FDResPub - ok
20:07:58.0909 4544  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:07:58.0925 4544  FileInfo - ok
20:07:58.0940 4544  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:07:58.0987 4544  Filetrace - ok
20:07:59.0034 4544  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
20:07:59.0065 4544  flpydisk - ok
20:07:59.0096 4544  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:07:59.0128 4544  FltMgr - ok
20:07:59.0190 4544  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\Windows\system32\FntCache.dll
20:07:59.0252 4544  FontCache - ok
20:07:59.0315 4544  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:07:59.0346 4544  FontCache3.0.0.0 - ok
20:07:59.0377 4544  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:07:59.0393 4544  FsDepends - ok
20:07:59.0408 4544  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:07:59.0408 4544  Fs_Rec - ok
20:07:59.0455 4544  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:07:59.0486 4544  fvevol - ok
20:07:59.0533 4544  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
20:07:59.0533 4544  gagp30kx - ok
20:07:59.0596 4544  [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:07:59.0611 4544  GEARAspiWDM - ok
20:07:59.0658 4544  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
20:07:59.0752 4544  gpsvc - ok
20:07:59.0767 4544  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:07:59.0814 4544  hcw85cir - ok
20:07:59.0892 4544  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:07:59.0923 4544  HdAudAddService - ok
20:07:59.0954 4544  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
20:07:59.0986 4544  HDAudBus - ok
20:08:00.0017 4544  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
20:08:00.0048 4544  HidBatt - ok
20:08:00.0079 4544  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
20:08:00.0126 4544  HidBth - ok
20:08:00.0157 4544  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
20:08:00.0204 4544  HidIr - ok
20:08:00.0235 4544  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
20:08:00.0298 4544  hidserv - ok
20:08:00.0344 4544  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:08:00.0360 4544  HidUsb - ok
20:08:00.0422 4544  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:08:00.0485 4544  hkmsvc - ok
20:08:00.0532 4544  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:08:00.0563 4544  HomeGroupListener - ok
20:08:00.0594 4544  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:08:00.0625 4544  HomeGroupProvider - ok
20:08:00.0688 4544  HP Support Assistant Service - ok
20:08:00.0766 4544  [ C930128C8F8FF03D8F8C42B570920D56 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
20:08:00.0781 4544  HP Wireless Assistant Service - ok
20:08:00.0812 4544  [ 3DC11A802353401332D49C3CBFBBE5FC ] HPClientSvc     C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
20:08:00.0828 4544  HPClientSvc - ok
20:08:00.0906 4544  [ 5DA42D24712E00728CEA2342A65009B2 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
20:08:00.0937 4544  hpqcxs08 - ok
20:08:00.0953 4544  [ D86A39BF100069444D026D22D9A6E555 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
20:08:00.0953 4544  hpqddsvc - ok
20:08:01.0062 4544  [ E7C7829BA0395E48F8C8FE16B8832344 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:08:01.0124 4544  hpqwmiex - ok
20:08:01.0187 4544  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:08:01.0202 4544  HpSAMD - ok
20:08:01.0265 4544  [ D4F91CF4DE215D6F14A06087D46725E4 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
20:08:01.0296 4544  HPSLPSVC - ok
20:08:01.0390 4544  [ F630DD7564EBB7248A13B1CC774D9EA6 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
20:08:01.0405 4544  HPWMISVC - ok
20:08:01.0468 4544  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:08:01.0546 4544  HTTP - ok
20:08:01.0592 4544  [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard      C:\Windows\system32\DRIVERS\ewusbmdm.sys
20:08:01.0624 4544  hwdatacard - ok
20:08:01.0670 4544  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:08:01.0686 4544  hwpolicy - ok
20:08:01.0717 4544  [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake       C:\Windows\system32\DRIVERS\ewusbfake.sys
20:08:01.0748 4544  hwusbfake - ok
20:08:01.0795 4544  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
20:08:01.0811 4544  i8042prt - ok
20:08:01.0858 4544  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
20:08:01.0873 4544  iaStor - ok
20:08:01.0920 4544  [ 983FC69644DDF0486C8DFEA262948D1A ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
20:08:01.0936 4544  IAStorDataMgrSvc - ok
20:08:01.0967 4544  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:08:02.0014 4544  iaStorV - ok
20:08:02.0092 4544  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:08:02.0154 4544  idsvc - ok
20:08:02.0435 4544  [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
20:08:02.0794 4544  igfx - ok
20:08:02.0825 4544  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
20:08:02.0840 4544  iirsp - ok
20:08:02.0887 4544  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
20:08:02.0965 4544  IKEEXT - ok
20:08:02.0996 4544  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
20:08:03.0043 4544  IntcDAud - ok
20:08:03.0059 4544  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
20:08:03.0074 4544  intelide - ok
20:08:03.0106 4544  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
20:08:03.0137 4544  intelppm - ok
20:08:03.0168 4544  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:08:03.0215 4544  IPBusEnum - ok
20:08:03.0246 4544  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:08:03.0308 4544  IpFilterDriver - ok
20:08:03.0340 4544  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:08:03.0371 4544  iphlpsvc - ok
20:08:03.0418 4544  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:08:03.0449 4544  IPMIDRV - ok
20:08:03.0480 4544  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:08:03.0527 4544  IPNAT - ok
20:08:03.0574 4544  [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:08:03.0620 4544  iPod Service - ok
20:08:03.0652 4544  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:08:03.0698 4544  IRENUM - ok
20:08:03.0745 4544  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:08:03.0761 4544  isapnp - ok
20:08:03.0808 4544  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:08:03.0839 4544  iScsiPrt - ok
20:08:03.0854 4544  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
20:08:03.0870 4544  kbdclass - ok
20:08:03.0886 4544  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
20:08:03.0901 4544  kbdhid - ok
20:08:03.0917 4544  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
20:08:03.0932 4544  KeyIso - ok
20:08:03.0964 4544  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:08:03.0979 4544  KSecDD - ok
20:08:04.0010 4544  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:08:04.0010 4544  KSecPkg - ok
20:08:04.0042 4544  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:08:04.0088 4544  ksthunk - ok
20:08:04.0120 4544  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:08:04.0182 4544  KtmRm - ok
20:08:04.0260 4544  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
20:08:04.0338 4544  LanmanServer - ok
20:08:04.0400 4544  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:08:04.0478 4544  LanmanWorkstation - ok
20:08:04.0541 4544  [ FA4A45C179AB0E0F1A31B9751D4B18D7 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:08:04.0572 4544  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:08:04.0572 4544  LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:08:04.0603 4544  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:08:04.0681 4544  lltdio - ok
20:08:04.0712 4544  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:08:04.0775 4544  lltdsvc - ok
20:08:04.0790 4544  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:08:04.0837 4544  lmhosts - ok
20:08:04.0853 4544  [ C463A25F01C6237295917417C5E9E344 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
20:08:04.0868 4544  LMS - ok
20:08:04.0900 4544  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
20:08:04.0915 4544  LSI_FC - ok
20:08:04.0931 4544  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
20:08:04.0946 4544  LSI_SAS - ok
20:08:04.0962 4544  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:08:04.0962 4544  LSI_SAS2 - ok
20:08:04.0993 4544  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:08:04.0993 4544  LSI_SCSI - ok
20:08:05.0024 4544  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
20:08:05.0102 4544  luafv - ok
20:08:05.0165 4544  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:08:05.0196 4544  Mcx2Svc - ok
20:08:05.0227 4544  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
20:08:05.0243 4544  megasas - ok
20:08:05.0274 4544  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
20:08:05.0290 4544  MegaSR - ok
20:08:05.0321 4544  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
20:08:05.0321 4544  MEIx64 - ok
20:08:05.0352 4544  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
20:08:05.0414 4544  MMCSS - ok
20:08:05.0430 4544  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
20:08:05.0477 4544  Modem - ok
20:08:05.0492 4544  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:08:05.0524 4544  monitor - ok
20:08:05.0586 4544  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:08:05.0602 4544  mouclass - ok
20:08:05.0648 4544  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:08:05.0664 4544  mouhid - ok
20:08:05.0711 4544  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:08:05.0726 4544  mountmgr - ok
20:08:05.0773 4544  [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:08:05.0789 4544  MozillaMaintenance - ok
20:08:05.0836 4544  [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
20:08:05.0867 4544  MpFilter - ok
20:08:05.0914 4544  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:08:05.0929 4544  mpio - ok
20:08:05.0976 4544  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:08:06.0038 4544  mpsdrv - ok
20:08:06.0101 4544  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:08:06.0194 4544  MpsSvc - ok
20:08:06.0226 4544  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:08:06.0257 4544  MRxDAV - ok
20:08:06.0288 4544  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:08:06.0304 4544  mrxsmb - ok
20:08:06.0335 4544  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:08:06.0366 4544  mrxsmb10 - ok
20:08:06.0397 4544  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:08:06.0413 4544  mrxsmb20 - ok
20:08:06.0444 4544  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:08:06.0460 4544  msahci - ok
20:08:06.0475 4544  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:08:06.0491 4544  msdsm - ok
20:08:06.0506 4544  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
20:08:06.0522 4544  MSDTC - ok
20:08:06.0553 4544  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:08:06.0584 4544  Msfs - ok
20:08:06.0600 4544  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:08:06.0647 4544  mshidkmdf - ok
20:08:06.0662 4544  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:08:06.0678 4544  msisadrv - ok
20:08:06.0709 4544  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:08:06.0756 4544  MSiSCSI - ok
20:08:06.0756 4544  msiserver - ok
20:08:06.0803 4544  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:08:06.0881 4544  MSKSSRV - ok
20:08:06.0943 4544  [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
20:08:06.0974 4544  MsMpSvc - ok
20:08:06.0990 4544  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:08:07.0052 4544  MSPCLOCK - ok
20:08:07.0068 4544  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:08:07.0115 4544  MSPQM - ok
20:08:07.0146 4544  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:08:07.0193 4544  MsRPC - ok
20:08:07.0224 4544  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
20:08:07.0240 4544  mssmbios - ok
20:08:07.0255 4544  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:08:07.0302 4544  MSTEE - ok
20:08:07.0333 4544  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
20:08:07.0333 4544  MTConfig - ok
20:08:07.0349 4544  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
20:08:07.0364 4544  Mup - ok
20:08:07.0411 4544  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
20:08:07.0458 4544  napagent - ok
20:08:07.0505 4544  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:08:07.0536 4544  NativeWifiP - ok
20:08:07.0583 4544  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:08:07.0630 4544  NDIS - ok
20:08:07.0645 4544  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:08:07.0723 4544  NdisCap - ok
20:08:07.0739 4544  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:08:07.0801 4544  NdisTapi - ok
20:08:07.0848 4544  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:08:07.0910 4544  Ndisuio - ok
20:08:07.0942 4544  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:08:07.0973 4544  NdisWan - ok
20:08:08.0004 4544  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:08:08.0082 4544  NDProxy - ok
20:08:08.0113 4544  [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
20:08:08.0144 4544  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:08:08.0144 4544  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:08:08.0176 4544  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:08:08.0254 4544  NetBIOS - ok
20:08:08.0285 4544  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:08:08.0316 4544  NetBT - ok
20:08:08.0347 4544  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
20:08:08.0363 4544  Netlogon - ok
20:08:08.0394 4544  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
20:08:08.0456 4544  Netman - ok
20:08:08.0472 4544  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
20:08:08.0534 4544  netprofm - ok
20:08:08.0550 4544  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:08:08.0566 4544  NetTcpPortSharing - ok
20:08:08.0737 4544  [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64        C:\Windows\system32\DRIVERS\netw5v64.sys
20:08:08.0924 4544  netw5v64 - ok
20:08:08.0971 4544  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
20:08:08.0971 4544  nfrd960 - ok
20:08:09.0018 4544  [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
20:08:09.0049 4544  NisDrv - ok
20:08:09.0096 4544  [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
20:08:09.0143 4544  NisSrv - ok
20:08:09.0174 4544  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:08:09.0205 4544  NlaSvc - ok
20:08:09.0221 4544  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:08:09.0268 4544  Npfs - ok
20:08:09.0283 4544  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
20:08:09.0361 4544  nsi - ok
20:08:09.0377 4544  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:08:09.0424 4544  nsiproxy - ok
20:08:09.0502 4544  [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:08:09.0580 4544  Ntfs - ok
20:08:09.0611 4544  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
20:08:09.0658 4544  Null - ok
20:08:09.0720 4544  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:08:09.0736 4544  nvraid - ok
20:08:09.0751 4544  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:08:09.0751 4544  nvstor - ok
20:08:09.0782 4544  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:08:09.0798 4544  nv_agp - ok
20:08:09.0860 4544  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:08:09.0907 4544  odserv - ok
20:08:09.0938 4544  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:08:09.0970 4544  ohci1394 - ok
20:08:10.0001 4544  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:08:10.0016 4544  ose - ok
20:08:10.0032 4544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:08:10.0079 4544  p2pimsvc - ok
20:08:10.0094 4544  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
20:08:10.0126 4544  p2psvc - ok
20:08:10.0141 4544  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:08:10.0172 4544  Parport - ok
20:08:10.0204 4544  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:08:10.0235 4544  partmgr - ok
20:08:10.0266 4544  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:08:10.0297 4544  PcaSvc - ok
20:08:10.0328 4544  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
20:08:10.0360 4544  pci - ok
20:08:10.0391 4544  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
20:08:10.0391 4544  pciide - ok
20:08:10.0422 4544  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
20:08:10.0438 4544  pcmcia - ok
20:08:10.0453 4544  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:08:10.0469 4544  pcw - ok
20:08:10.0500 4544  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:08:10.0562 4544  PEAUTH - ok
20:08:10.0640 4544  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:08:10.0687 4544  PerfHost - ok
20:08:10.0765 4544  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
20:08:10.0843 4544  pla - ok
20:08:10.0890 4544  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:08:10.0906 4544  PlugPlay - ok
20:08:10.0937 4544  [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
20:08:10.0952 4544  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:08:10.0952 4544  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:08:10.0968 4544  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:08:11.0015 4544  PNRPAutoReg - ok
20:08:11.0046 4544  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:08:11.0062 4544  PNRPsvc - ok
20:08:11.0108 4544  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:08:11.0202 4544  PolicyAgent - ok
20:08:11.0249 4544  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
20:08:11.0358 4544  Power - ok
20:08:11.0405 4544  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:08:11.0467 4544  PptpMiniport - ok
20:08:11.0498 4544  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
20:08:11.0530 4544  Processor - ok
20:08:11.0561 4544  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:08:11.0592 4544  ProfSvc - ok
20:08:11.0608 4544  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:08:11.0623 4544  ProtectedStorage - ok
20:08:11.0670 4544  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:08:11.0717 4544  Psched - ok
20:08:11.0795 4544  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
20:08:11.0857 4544  ql2300 - ok
20:08:11.0888 4544  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
20:08:11.0904 4544  ql40xx - ok
20:08:11.0935 4544  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
20:08:11.0951 4544  QWAVE - ok
20:08:11.0966 4544  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:08:11.0982 4544  QWAVEdrv - ok
20:08:11.0998 4544  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:08:12.0044 4544  RasAcd - ok
20:08:12.0060 4544  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:08:12.0091 4544  RasAgileVpn - ok
20:08:12.0122 4544  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
20:08:12.0185 4544  RasAuto - ok
20:08:12.0216 4544  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:08:12.0294 4544  Rasl2tp - ok
20:08:12.0325 4544  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
20:08:12.0388 4544  RasMan - ok
20:08:12.0419 4544  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:08:12.0481 4544  RasPppoe - ok
20:08:12.0512 4544  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:08:12.0575 4544  RasSstp - ok
20:08:12.0622 4544  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:08:12.0715 4544  rdbss - ok
20:08:12.0731 4544  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
20:08:12.0762 4544  rdpbus - ok
20:08:12.0793 4544  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:08:12.0887 4544  RDPCDD - ok
20:08:12.0902 4544  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:08:12.0965 4544  RDPENCDD - ok
20:08:12.0980 4544  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:08:13.0027 4544  RDPREFMP - ok
20:08:13.0058 4544  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:08:13.0074 4544  RDPWD - ok
20:08:13.0121 4544  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:08:13.0136 4544  rdyboost - ok
20:08:13.0152 4544  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:08:13.0214 4544  RemoteAccess - ok
20:08:13.0230 4544  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:08:13.0292 4544  RemoteRegistry - ok
20:08:13.0433 4544  [ 4D05898896EC49CF663DDA61041AB096 ] RichVideo       C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:08:13.0464 4544  RichVideo - ok
20:08:13.0480 4544  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:08:13.0526 4544  RpcEptMapper - ok
20:08:13.0542 4544  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
20:08:13.0558 4544  RpcLocator - ok
20:08:13.0604 4544  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
20:08:13.0667 4544  RpcSs - ok
20:08:13.0698 4544  [ CA327A84085F68200452E6761F943298 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
20:08:13.0714 4544  RSPCIESTOR - ok
20:08:13.0745 4544  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:08:13.0776 4544  rspndr - ok
20:08:13.0807 4544  [ B15C021C2C9BB217A799D9532E8F04D4 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:08:13.0823 4544  RTL8167 - ok
20:08:13.0838 4544  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
20:08:13.0854 4544  SamSs - ok
20:08:13.0870 4544  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:08:13.0885 4544  sbp2port - ok
20:08:13.0916 4544  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:08:13.0963 4544  SCardSvr - ok
20:08:13.0994 4544  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:08:14.0041 4544  scfilter - ok
20:08:14.0119 4544  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
20:08:14.0213 4544  Schedule - ok
20:08:14.0260 4544  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:08:14.0291 4544  SCPolicySvc - ok
20:08:14.0338 4544  [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus           C:\Windows\system32\drivers\sdbus.sys
20:08:14.0384 4544  sdbus - ok
20:08:14.0462 4544  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:08:14.0509 4544  SDRSVC - ok
20:08:14.0540 4544  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:08:14.0618 4544  secdrv - ok
20:08:14.0634 4544  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
20:08:14.0696 4544  seclogon - ok
20:08:14.0743 4544  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
20:08:14.0774 4544  SENS - ok
20:08:14.0821 4544  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:08:14.0837 4544  SensrSvc - ok
20:08:14.0852 4544  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:08:14.0868 4544  Serenum - ok
20:08:14.0899 4544  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:08:14.0962 4544  Serial - ok
20:08:14.0993 4544  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
20:08:15.0040 4544  sermouse - ok
20:08:15.0086 4544  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
20:08:15.0164 4544  SessionEnv - ok
20:08:15.0196 4544  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:08:15.0211 4544  sffdisk - ok
20:08:15.0227 4544  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:08:15.0242 4544  sffp_mmc - ok
20:08:15.0258 4544  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:08:15.0289 4544  sffp_sd - ok
20:08:15.0320 4544  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
20:08:15.0367 4544  sfloppy - ok
20:08:15.0398 4544  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:08:15.0492 4544  SharedAccess - ok
20:08:15.0539 4544  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:08:15.0648 4544  ShellHWDetection - ok
20:08:15.0679 4544  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:08:15.0679 4544  SiSRaid2 - ok
20:08:15.0710 4544  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
20:08:15.0710 4544  SiSRaid4 - ok
20:08:15.0742 4544  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:08:15.0820 4544  Smb - ok
20:08:15.0866 4544  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:08:15.0882 4544  SNMPTRAP - ok
20:08:15.0898 4544  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:08:15.0913 4544  spldr - ok
20:08:15.0944 4544  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
20:08:16.0022 4544  Spooler - ok
20:08:16.0132 4544  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
20:08:16.0288 4544  sppsvc - ok
20:08:16.0319 4544  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:08:16.0350 4544  sppuinotify - ok
20:08:16.0381 4544  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:08:16.0428 4544  srv - ok
20:08:16.0459 4544  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:08:16.0490 4544  srv2 - ok
20:08:16.0537 4544  [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA       C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:08:16.0553 4544  SrvHsfHDA - ok
20:08:16.0600 4544  [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92       C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:08:16.0693 4544  SrvHsfV92 - ok
20:08:16.0740 4544  [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac     C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:08:16.0787 4544  SrvHsfWinac - ok
20:08:16.0818 4544  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:08:16.0849 4544  srvnet - ok
20:08:16.0896 4544  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:08:16.0974 4544  SSDPSRV - ok
20:08:16.0974 4544  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:08:17.0021 4544  SstpSvc - ok
20:08:17.0052 4544  [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
20:08:17.0068 4544  ssudmdm - ok
20:08:17.0146 4544  [ 7C49A5E1943AFDA4672D80726AF3BAE4 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
20:08:17.0208 4544  STacSV - ok
20:08:17.0239 4544  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
20:08:17.0255 4544  stexstor - ok
20:08:17.0286 4544  [ 0AAD250A31A7EE96E0945AB9E1F3BAA7 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
20:08:17.0333 4544  STHDA - ok
20:08:17.0380 4544  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
20:08:17.0395 4544  StillCam - ok
20:08:17.0458 4544  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
20:08:17.0489 4544  stisvc - ok
20:08:17.0536 4544  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
20:08:17.0551 4544  swenum - ok
20:08:17.0598 4544  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
20:08:17.0676 4544  swprv - ok
20:08:17.0754 4544  [ 33E6A285DAA5134D8EA2247914C86C09 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
20:08:17.0848 4544  SynTP - ok
20:08:17.0910 4544  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
20:08:18.0004 4544  SysMain - ok
20:08:18.0035 4544  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:08:18.0082 4544  TabletInputService - ok
20:08:18.0097 4544  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:08:18.0144 4544  TapiSrv - ok
20:08:18.0175 4544  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
20:08:18.0206 4544  TBS - ok
20:08:18.0300 4544  [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:08:18.0378 4544  Tcpip - ok
20:08:18.0425 4544  [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:08:18.0472 4544  TCPIP6 - ok
20:08:18.0503 4544  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:08:18.0550 4544  tcpipreg - ok
20:08:18.0581 4544  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:08:18.0612 4544  TDPIPE - ok
20:08:18.0643 4544  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:08:18.0674 4544  TDTCP - ok
20:08:18.0706 4544  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:08:18.0752 4544  tdx - ok
20:08:18.0768 4544  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
20:08:18.0784 4544  TermDD - ok
20:08:18.0799 4544  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
20:08:18.0862 4544  TermService - ok
20:08:18.0877 4544  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
20:08:18.0908 4544  Themes - ok
20:08:18.0924 4544  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
20:08:18.0971 4544  THREADORDER - ok
20:08:19.0033 4544  [ 0B345FB8427D0DAAD7D82C74B9961C87 ] TridVid         C:\Windows\system32\DRIVERS\tridvid6010.sys
20:08:19.0064 4544  TridVid - ok
20:08:19.0111 4544  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
20:08:19.0174 4544  TrkWks - ok
20:08:19.0220 4544  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:08:19.0283 4544  TrustedInstaller - ok
20:08:19.0314 4544  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:08:19.0361 4544  tssecsrv - ok
20:08:19.0408 4544  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:08:19.0454 4544  TsUsbFlt - ok
20:08:19.0517 4544  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:08:19.0595 4544  tunnel - ok
20:08:19.0610 4544  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
20:08:19.0626 4544  uagp35 - ok
20:08:19.0673 4544  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:08:19.0735 4544  udfs - ok
20:08:19.0766 4544  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:08:19.0782 4544  UI0Detect - ok
20:08:19.0798 4544  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:08:19.0798 4544  uliagpkx - ok
20:08:19.0844 4544  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\drivers\umbus.sys
20:08:19.0876 4544  umbus - ok
20:08:19.0907 4544  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
20:08:19.0938 4544  UmPass - ok
20:08:20.0078 4544  [ 3A1ECEF8D49FC1A786A6CCD5A86A8878 ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
20:08:20.0188 4544  UNS - ok
20:08:20.0219 4544  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
20:08:20.0281 4544  upnphost - ok
20:08:20.0328 4544  [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
20:08:20.0359 4544  USBAAPL64 - ok
20:08:20.0390 4544  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
20:08:20.0437 4544  usbccgp - ok
20:08:20.0468 4544  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:08:20.0484 4544  usbcir - ok
20:08:20.0515 4544  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:08:20.0562 4544  usbehci - ok
20:08:20.0593 4544  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
20:08:20.0624 4544  usbhub - ok
20:08:20.0656 4544  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:08:20.0687 4544  usbohci - ok
20:08:20.0718 4544  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:08:20.0734 4544  usbprint - ok
20:08:20.0749 4544  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:08:20.0780 4544  USBSTOR - ok
20:08:20.0796 4544  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:08:20.0812 4544  usbuhci - ok
20:08:20.0874 4544  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
20:08:20.0921 4544  usbvideo - ok
20:08:20.0952 4544  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
20:08:21.0014 4544  UxSms - ok
20:08:21.0046 4544  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
20:08:21.0061 4544  VaultSvc - ok
20:08:21.0092 4544  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:08:21.0092 4544  vdrvroot - ok
20:08:21.0139 4544  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
20:08:21.0217 4544  vds - ok
20:08:21.0248 4544  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:08:21.0280 4544  vga - ok
20:08:21.0295 4544  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:08:21.0342 4544  VgaSave - ok
20:08:21.0389 4544  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:08:21.0420 4544  vhdmp - ok
20:08:21.0451 4544  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:08:21.0451 4544  viaide - ok
20:08:21.0482 4544  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:08:21.0498 4544  volmgr - ok
20:08:21.0545 4544  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:08:21.0560 4544  volmgrx - ok
20:08:21.0576 4544  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:08:21.0592 4544  volsnap - ok
20:08:21.0638 4544  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
20:08:21.0654 4544  vsmraid - ok
20:08:21.0716 4544  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
20:08:21.0779 4544  VSS - ok
20:08:21.0794 4544  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
20:08:21.0841 4544  vwifibus - ok
20:08:21.0888 4544  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
20:08:21.0935 4544  vwififlt - ok
20:08:21.0982 4544  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
20:08:22.0013 4544  vwifimp - ok
20:08:22.0044 4544  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
20:08:22.0091 4544  W32Time - ok
20:08:22.0122 4544  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
20:08:22.0138 4544  WacomPen - ok
20:08:22.0184 4544  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:08:22.0278 4544  WANARP - ok
20:08:22.0309 4544  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:08:22.0356 4544  Wanarpv6 - ok
20:08:22.0434 4544  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
20:08:22.0512 4544  WatAdminSvc - ok
20:08:22.0574 4544  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
20:08:22.0637 4544  wbengine - ok
20:08:22.0668 4544  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:08:22.0684 4544  WbioSrvc - ok
20:08:22.0730 4544  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:08:22.0793 4544  wcncsvc - ok
20:08:22.0808 4544  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:08:22.0824 4544  WcsPlugInService - ok
20:08:22.0840 4544  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
20:08:22.0855 4544  Wd - ok
20:08:22.0886 4544  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:08:22.0933 4544  Wdf01000 - ok
20:08:22.0949 4544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:08:23.0058 4544  WdiServiceHost - ok
20:08:23.0058 4544  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:08:23.0089 4544  WdiSystemHost - ok
20:08:23.0120 4544  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
20:08:23.0152 4544  WebClient - ok
20:08:23.0183 4544  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:08:23.0214 4544  Wecsvc - ok
20:08:23.0230 4544  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:08:23.0276 4544  wercplsupport - ok
20:08:23.0292 4544  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:08:23.0339 4544  WerSvc - ok
20:08:23.0370 4544  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:08:23.0401 4544  WfpLwf - ok
20:08:23.0417 4544  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:08:23.0432 4544  WIMMount - ok
20:08:23.0448 4544  WinDefend - ok
20:08:23.0448 4544  WinHttpAutoProxySvc - ok
20:08:23.0495 4544  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:08:23.0557 4544  Winmgmt - ok
20:08:23.0620 4544  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
20:08:23.0729 4544  WinRM - ok
20:08:23.0760 4544  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:08:23.0776 4544  WinUsb - ok
20:08:23.0822 4544  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:08:23.0885 4544  Wlansvc - ok
20:08:23.0932 4544  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
20:08:23.0947 4544  wlcrasvc - ok
20:08:24.0056 4544  [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:08:24.0134 4544  wlidsvc - ok
20:08:24.0166 4544  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
20:08:24.0197 4544  WmiAcpi - ok
20:08:24.0228 4544  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:08:24.0259 4544  wmiApSrv - ok
20:08:24.0290 4544  WMPNetworkSvc - ok
20:08:24.0306 4544  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:08:24.0322 4544  WPCSvc - ok
20:08:24.0368 4544  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:08:24.0384 4544  WPDBusEnum - ok
20:08:24.0400 4544  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:08:24.0446 4544  ws2ifsl - ok
20:08:24.0462 4544  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
20:08:24.0509 4544  wscsvc - ok
20:08:24.0509 4544  WSearch - ok
20:08:24.0602 4544  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:08:24.0727 4544  wuauserv - ok
20:08:24.0758 4544  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:08:24.0774 4544  WudfPf - ok
20:08:24.0790 4544  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:08:24.0821 4544  WUDFRd - ok
20:08:24.0852 4544  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:08:24.0899 4544  wudfsvc - ok
20:08:24.0930 4544  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:08:24.0961 4544  WwanSvc - ok
20:08:25.0008 4544  [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
20:08:25.0055 4544  yukonw7 - ok
20:08:25.0070 4544  ================ Scan global ===============================
20:08:25.0102 4544  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:08:25.0133 4544  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:08:25.0148 4544  [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll
20:08:25.0180 4544  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:08:25.0195 4544  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:08:25.0195 4544  [Global] - ok
20:08:25.0195 4544  ================ Scan MBR ==================================
20:08:25.0211 4544  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:08:25.0585 4544  \Device\Harddisk0\DR0 - ok
20:08:25.0585 4544  ================ Scan VBR ==================================
20:08:25.0585 4544  [ C09D8B5DFF29BE2E86DD267565C11770 ] \Device\Harddisk0\DR0\Partition1
20:08:25.0585 4544  \Device\Harddisk0\DR0\Partition1 - ok
20:08:25.0633 4544  [ 0086F370F8B5157660FC24CE32E4CA77 ] \Device\Harddisk0\DR0\Partition2
20:08:25.0633 4544  \Device\Harddisk0\DR0\Partition2 - ok
20:08:25.0664 4544  [ 6F4F6859D18CBF197B5DFAE4631743F7 ] \Device\Harddisk0\DR0\Partition3
20:08:25.0664 4544  \Device\Harddisk0\DR0\Partition3 - ok
20:08:25.0680 4544  [ B75AA039B5C25167BA99C92B3FB65D0D ] \Device\Harddisk0\DR0\Partition4
20:08:25.0695 4544  \Device\Harddisk0\DR0\Partition4 - ok
20:08:25.0695 4544  ============================================================
20:08:25.0695 4544  Scan finished
20:08:25.0695 4544  ============================================================
20:08:25.0711 3680  Detected object count: 3
20:08:25.0711 3680  Actual detected object count: 3
20:08:50.0780 3680  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:50.0780 3680  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:08:50.0780 3680  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:50.0780 3680  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
20:08:50.0780 3680  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:08:50.0780 3680  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

• Lade dir ComboFix hier herunter auf deinen Desktop.

• Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

• Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
  Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

• Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

so:

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-02-02.05 - Thomas Marquardt 02.02.2013  16:51:21.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4044.2553 [GMT 1:00]
ausgeführt von:: c:\users\Thomas Marquardt\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Thomas Marquardt\AppData\Roaming\Ohiswu
c:\users\Thomas Marquardt\AppData\Roaming\Ohiswu\xuaza.isy
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-01-02 bis 2013-02-02  ))))))))))))))))))))))))))))))
.
.
2013-02-02 15:57 . 2013-02-02 15:57	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-02-02 13:36 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6BDA0886-3E9D-4D12-8921-7844A0BEBE87}\mpengine.dll
2013-02-01 13:30 . 2013-01-08 05:32	9161176	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-02-01 13:25 . 2013-02-01 13:25	--------	d-----w-	c:\program files\Enigma Software Group
2013-02-01 13:24 . 2013-02-01 13:40	--------	d-----w-	c:\windows\AD637FE139704DA0A3EA3D0E49EB8437.TMP
2013-02-01 13:24 . 2013-02-01 13:24	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-02-01 10:26 . 2013-02-01 10:26	--------	d-----w-	c:\programdata\Kaspersky Lab
2013-01-31 15:50 . 2013-01-31 15:50	16200	----a-w-	c:\windows\stinger.sys
2013-01-31 15:50 . 2013-01-31 16:18	--------	d-----w-	c:\program files (x86)\stinger
2013-01-31 10:22 . 2013-01-31 10:23	--------	d-----w-	c:\program files (x86)\LinuxLive USB Creator
2013-01-31 09:54 . 2013-01-31 09:54	102912	----a-w-	c:\windows\SysWow64\vb6stkit.dll
2013-01-25 09:45 . 2013-01-25 09:45	119808	----a-r-	c:\users\Thomas Marquardt\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2013-01-25 09:45 . 2013-01-25 09:45	--------	d-----w-	c:\users\Thomas Marquardt\AppData\Local\Apps
2013-01-15 11:21 . 2013-01-15 11:21	--------	d-----w-	c:\users\Thomas Marquardt\AppData\Local\ElevatedDiagnostics
2013-01-15 02:51 . 2013-01-04 15:53	9060864	----a-w-	c:\windows\system32\mshtml.dll
2013-01-14 12:01 . 2013-01-12 02:30	95648	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-12 11:28 . 2013-01-12 11:28	--------	d-----w-	c:\users\Thomas Marquardt\AppData\Roaming\e-academy Inc
2013-01-12 11:28 . 2013-01-12 11:28	--------	d-----w-	c:\users\Thomas Marquardt\AppData\Local\e-academy Inc
2013-01-09 20:51 . 2012-11-09 05:45	750592	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 20:51 . 2012-11-09 04:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2013-01-09 20:43 . 2012-11-23 03:13	68608	----a-w-	c:\windows\system32\taskhost.exe
2013-01-09 20:43 . 2012-11-23 03:26	3149824	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 19:17 . 2013-01-09 19:17	16369160	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-01-08 20:16 . 2013-01-11 08:20	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2012-06-16 12:44	273840	------w-	c:\windows\system32\MpSigStub.exe
2013-01-10 21:20 . 2011-10-16 17:11	67599240	----a-w-	c:\windows\system32\MRT.exe
2013-01-09 19:17 . 2012-12-14 19:55	697864	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 19:17 . 2011-07-27 09:38	74248	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-18 01:06 . 2012-01-31 17:15	330240	----a-w-	c:\windows\MASetupCaller.dll
2012-12-18 01:06 . 2012-01-31 17:15	45320	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2012-12-16 17:11 . 2012-12-21 07:58	46080	----a-w-	c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 07:58	367616	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:58	295424	----a-w-	c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 07:58	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2012-12-14 18:52 . 2012-12-14 18:52	972264	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42A16D2E-4E31-4208-9FF1-C9B0AB67316E}\gapaengine.dll
2012-12-14 15:49 . 2012-12-14 19:01	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 21:02	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2012-11-12 12:28 . 2012-12-15 14:59	1638912	----a-w-	c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-15 14:59	1638912	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-15 14:59	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-15 14:59	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2012-02-10 09:28	1307928	----a-w-	c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-11-22 2736128]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-12-20 844296]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-12-20 1476104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-12-13 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-12-20 310280]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-24 116224]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2010-12-08 329832]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 TridVid;USB TV Tuner;c:\windows\system32\DRIVERS\tridvid6010.sys [2011-01-21 411648]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-23 2656280]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-10 31088]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-12-08 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-11-22 13:18	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-14 19:17]
.
2013-01-30 c:\windows\Tasks\HPCeeScheduleForTOMSTOP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16	2238976	----a-w-	c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-08 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-08 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-08 417304]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-12-13 524800]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.spiegel.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Thomas Marquardt\AppData\Roaming\Mozilla\Firefox\Profiles\29h1bxe5.default\
FF - prefs.js: browser.startup.homepage - www.spiegel.de
FF - ExtSQL: !HIDDEN! 2011-07-27 12:59; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-Diycuh - c:\users\Thomas Marquardt\AppData\Roaming\Qayca\adul.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-02  16:58:58
ComboFix-quarantined-files.txt  2013-02-02 15:58
.
Vor Suchlauf: 9 Verzeichnis(se), 398.061.776.896 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 398.005.665.792 Bytes frei
.
- - End Of File - - 0A13E90ED67F2BA7074355D9E7CEE577