Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Infektion mit SMART HDD

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.04.2012, 10:31   #1
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

vorgestern Abend hat es meine Frau beim Surfen erwischt - sie hat sich den SMART HDD Virus eingefangen.

Die Symptome: Schwarzer Desktop, alle Icons außer dem Papierkorb sind verschwunden, im Startmenü sind die Programme ebenfalls nicht mehr sichtbar, es öffnen sich viele Fenster mit Sicherheitsmeldungen.

Ich bin dann auf dieses Board gestoßen in der Hoffnung, dass mir jemand weiter helfen kann.

Wie in der Anleitung für Hilfesuchende beschrieben habe ich defogger und dds runtergeladen und die defogger_disable.log sowie dds.txt und attach.txt erstellt.

Ganz vielen Dank für Eure Hilfe schon jetzt!

Viele Grüße
stevenss


Hier die die defogger_disable.log:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:02 on 28/04/2012 (Marc Heczko)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         


Hier die dds.txt:

Code:
ATTFilter
.DDS Logfile:
Code:
ATTFilter
DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
Internet Explorer: 9.0.8112.16421
Run by *** at 11:04:40 on 2012-04-28
.
============== Running Processes ===============
.
C:\Users\***\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://de.yahoo.com/?r0=1308438719
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
uRun: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [yzoq.exe] "C:\Users\Marc Heczko\AppData\Roaming\Vyti\yzoq.exe"
uRun: [LHWmcRqHquM.exe] C:\ProgramData\LHWmcRqHquM.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} - hxxp://www.aquire.com/codebase71/OrgPubX_de.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801} : DhcpNameServer = 217.237.149.142 217.237.150.205
TCP: Interfaces\{80F31A78-2D93-427B-83F4-A82842672D11} : DhcpNameServer = 193.30.46.4 193.30.47.5
TCP: Interfaces\{C8EED7ED-5D61-41C3-A198-A61A6378A7F9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{C8EED7ED-5D61-41C3-A198-A61A6378A7F9}\25946514F575C414E4 : DhcpNameServer = 10.1.2.1
TCP: Interfaces\{C8EED7ED-5D61-41C3-A198-A61A6378A7F9}\4584F4D43554E4 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{C8EED7ED-5D61-41C3-A198-A61A6378A7F9}\64259445A51224F6870264F6E60275C414E40273237303 : DhcpNameServer = 192.168.1.1
Notify: VESWinlogon - VESWinlogon.dll
LSA: Notification Packages = scecli C:\Program Files\Protector Suite\psqlpwd.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun-x64: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun-x64: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe
mRun-x64: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
============= SERVICES / DRIVERS ===============
.
R? AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service
R? AntiVirSchedulerService;Avira Planer
R? AntiVirService;Avira Echtzeit Scanner
R? avgntflt;avgntflt
R? avkmgr;avkmgr
R? btusbflt;Bluetooth USB Filter
R? btwl2cap;Bluetooth L2CAP Service
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? ctxusbm;Citrix USB Monitor Driver
R? Fabs;FABS - Helping agent for MAGIX media database
R? FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance
R? Freemake Improver;Freemake Improver
R? fssfltr;fssfltr
R? fsssvc;Windows Live Family Safety-Dienst
R? gupdate;Google Update Service (gupdate)
R? IAStorDataMgrSvc;Intel(R) Rapid Storage Technology
R? Impcd;Impcd
R? IntcDAud;Intel(R) Display Audio
R? NVHDA;Service for NVIDIA High Definition Audio Driver
R? SampleCollector;VAIO Care Performance Service
R? SplashtopRemoteService;Splashtop© Remote Service
R? SSUService;Splashtop Software Updater Service
R? StorSvc;Speicherdienst
R? tap0801;TAP-Win32 Adapter V8
R? TeamViewer6;TeamViewer 6
R? UNS;Intel(R) Management & Security Application User Notification Service
R? USBAAPL64;Apple Mobile USB Driver
R? VAIO Power Management;VAIO Power Management
R? VCService;VCService
R? vpcuxd;USB-Virtualisierungsstubdienst
R? VSNService;VSNService
R? VUAgent;VUAgent
R? WatAdminSvc;Windows-Aktivierungstechnologieservice
S? HECIx64;Intel(R) Management Engine Interface
S? L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
S? LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter
S? LHidEqd;Logitech SetPoint Unifying KMDF HID Filter
S? NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber fr Windows 7 64-Bit
S? rimspci;rimspci
S? risdsnpe;risdsnpe
S? SFEP;Sony Firmware Extension Parser
S? shpf;Sony HDD Protection Filter Driver
S? vwififlt;Virtual WiFi Filter Driver
S? vwifimp;Microsoft Virtual WiFi Miniport Service
.
=============== Created Last 30 ================
.
2012-04-28 08:48:00	69000	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7047F00-63E1-45D1-808A-158CFB609C90}\offreg.dll
2012-04-25 18:16:23	221696	---ha-w-	C:\ProgramData\vF1xZNafTSNuaI.exe
2012-04-25 18:07:40	301056	---ha-w-	C:\ProgramData\LHWmcRqHquM.exe
2012-04-24 11:51:22	8917360	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A7047F00-63E1-45D1-808A-158CFB609C90}\mpengine.dll
2012-04-23 00:36:47	--------	d--h--w-	C:\Users\***\AppData\Roaming\Vyti
2012-04-23 00:36:47	--------	d--h--w-	C:\Users\***\AppData\Roaming\Awixw
2012-04-14 06:04:25	8766112	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-11 23:27:12	80896	----a-w-	C:\Windows\System32\imagehlp.dll
2012-04-11 23:27:12	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-11 23:27:12	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-04-11 23:27:12	22896	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 23:27:12	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-04-11 23:27:12	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
2012-04-11 23:27:12	158720	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-06 16:42:42	99840	----a-w-	C:\Windows\System32\Spool\prtprocs\x64\LXKPTPRC.DLL
2012-04-01 18:19:48	418464	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 15:55:00	--------	d-----w-	C:\Program Files\iTunes
2012-04-01 15:55:00	--------	d-----w-	C:\Program Files\iPod
2012-04-01 15:55:00	--------	d-----w-	C:\Program Files (x86)\iTunes
.
==================== Find3M  ====================
.
2012-04-14 06:04:30	70304	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-06 06:43:21	5504880	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:41	3958128	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41	3902320	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57	826368	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21	204800	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10	1541120	----a-w-	C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55	1837568	----a-w-	C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54	902656	----a-w-	C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54	320512	----a-w-	C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54	197120	----a-w-	C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38	1074176	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20	218624	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20	1170944	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19	739840	----a-w-	C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03	3143168	----a-w-	C:\Windows\System32\win32k.sys
2012-01-31 07:56:33	97312	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
.
============= FINISH: 11:04:55,70 ===============
         
--- --- ---


Hier die attach.txt:

Code:
ATTFilter
.
==== Installed Programs ======================
.
.
 Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
3D RealityMaps Viewer 1.2.5.3
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9.5.0 - Deutsch
Advertising Center
Aiseesoft Blu-ray Ripper
Aiseesoft iPad Converter Suite
Amazon MP3-Downloader 1.0.9
Amazon MP3 Downloader 1.0.12
AnyDVD
Apple Application Support
Apple Software Update
ArcSoft WebCam Companion 3
Avira Free Antivirus
Benutzerhandbuch EPSON BX635FWD Series
Business Contact Manager für Outlook 2007 SP2
Caillous Vorschule
Citrix Online Plug-in - Web
Citrix Online Plug-in (DV)
Citrix Online Plug-in (HDX)
Citrix Online Plug-in (USB)
Citrix Online Plug-in (Web)
dcmsvc 1.0
Designer 2.0
Download Navigator
Dropbox
Epson Connect Printer Setup
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Printer Finder
EPSON Scan
EpsonNet Print
eReg
erLT
Firebird SQL Server - MAGIX Edition
Free Video Converter V 2.92
Free YouTube Download 2.3
Freemake Video Converter Version 3.0.1
FreePDF (Remove only)
FreeRIP v2.90
Furnish Pro
Gelbe Reihe - Rinks & Lechts
Google Chrome
Google Update Helper
GPL Ghostscript 8.71
ImagXpress
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Intel(R) Turbo Boost Technology Driver
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Korean Fonts Support For Adobe Reader 9
Logitech Harmony Remote Software 7
Logitech SetPoint
Luka und der verborgene Schatz
MAGIX 3D Maker (embeded)
MAGIX Screenshare
MAGIX Speed burnR
MAGIX Speed burnR (MSI)
MAGIX Video deluxe MX (Tutorials)
MAGIX Video deluxe MX Download-Version
MAGIX Video deluxe MX Download-Version (Überblendeffekte)
MAGIX Video deluxe MX Download-Version (Demo)
MAGIX Video deluxe MX Download-Version (Designelemente)
MAGIX Video deluxe MX Download-Version (Individuelle Menüvorlagen)
MAGIX Video deluxe MX Download-Version (Menüvorlagen 1)
MAGIX Video deluxe MX Download-Version (Menüvorlagen 2)
MAGIX Video deluxe MX Download-Version (Titeleffekte)
MAGIX Xtreme Foto Designer 6
Menu Templates - Starter Kit
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (German) 2007
Microsoft Office Excel MUI (German) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (German) 2007
Microsoft Office Shared MUI (German) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (German) 2007
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Movie Templates - Starter Kit
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero Vision Help
NeroExpress
neroxml
Netzwerkhandbuch EPSON BX635FWD Series
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenVPN 2.1.1
Philips Songbird
PhotoScape
Pixie 1.7.6
QuickTime
Realtek High Definition Audio Driver
Remote Control USB Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Setting Utility Series
Splashtop Remote
System Requirements Lab
TeamViewer 6
uberOptions 4.80.5
UnderCoverXP 1.23
Uninstall 1.0.0.1
Unity Web Player
Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Outlook 2007 Help (KB963677)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
VAIO-Support für Übertragungen
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Energie Verwaltung
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Marketing Tools
VAIO Premium Partners
VAIO screensaver
VAIO Smart Network
VAIO Update
VAIO Wallpaper Contents
Warner Bros. Digital Copy Manager
Windows Live-Uploadtool
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Xilisoft Blu Ray Ripper
YouTube Downloader 2.7.2
.
==== End Of File ===========================
         

Alt 30.04.2012, 13:08   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 01.05.2012, 10:22   #3
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

vielen Dank erst einmal für Deine Hilfe!

Hier der log von malwarebytes:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.05

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Marc Heczko :: MARCHECZKO-VAIO [Administrator]

Schutz: Deaktiviert

01.05.2012 10:52:42
mbam-log-2012-05-01 (11-19-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 437587
Laufzeit: 11 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|LHWmcRqHquM.exe (Trojan.Agent.Gen) -> Daten: C:\ProgramData\LHWmcRqHquM.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\ProgramData\LHWmcRqHquM.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.
C:\ProgramData\vF1xZNafTSNuaI.exe (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.
C:\Users\Marc Heczko\AppData\Local\Temp\Bxe9YoKbNt39A9.exe.tmp (Trojan.Agent.Gen) -> Keine Aktion durchgeführt.

(Ende)
         
Die weiteren Schritte mache ich gleich.

Gruß
stevenss

Und hier die log.txt nach dem ESET-Scan:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-01 10:17:50
# local_time=2012-05-01 12:17:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1792 16777215 100 0 3763465 3763465 0 0
# compatibility_mode=5893 16776573 100 94 563 87494864 0 0
# compatibility_mode=8192 67108863 100 0 209 209 0 0
# scanned=258429
# found=8
# cleaned=0
# scan_time=2457
C:\Users\Marc Heczko\AppData\Local\Temp\FreemakeVideoConverter_3.0.1.1.exe	Win32/Toolbar.Zugo application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\Local\Temp\jar_cache130225693438736239.tmp	probably a variant of Java/TrojanDownloader.Agent.IVJRHQB trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\Local\Temp\jar_cache6467023332530213777.tmp	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\6470c6d8-73669880	Java/TrojanDownloader.Agent.NDR trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\754497e2-453ebf6b	Java/Exploit.Agent.NBC trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\f3d7faf-6ebc64f4	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Marc Heczko\AppData\Roaming\Vyti\yzoq.exe	Win32/Spy.Zbot.YW trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	Win32/Spy.Zbot.YW trojan	00000000000000000000000000000000	I
         
Viele Grüße
stevenss
__________________

Alt 01.05.2012, 16:17   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Zitat:
Keine Aktion durchgeführt.
-> No action taken.
Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.05.2012, 18:27   #5
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Sorry, hatte ich nicht geschrieben:
Die mit Malwarebytes gefundenen Dateien hatte ich entfernt.

Die mit ESET gefunden infizierten Dateien allerdings nicht (richtig?).

Viele Grüße
stevenss


Alt 01.05.2012, 18:31   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Na wenn du meinst, im Log von MBAM steht aber dass nichts entfernt wurde

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus nun wieder uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________
--> Infektion mit SMART HDD

Alt 01.05.2012, 22:27   #7
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

es kann sein, dass ich erst das log erstellt und dann entfernt habe (ist das möglich)? Ich weiß es nicht mehr genau. Habe zur Sicherheit Malwarebytes noch einmal per Vollscan alles scannen lassen und es sind keine infizierten Dateien mehr gefunden worden.

zu 1.) + 2.)
Im normalen Modus erscheinen die Fenster mit den Sicherheitsmeldungen nicht mehr, zudem kann ich wieder ins Netz (war zwischenzeitlich nicht mehr möglich). Nach wie vor ist der Bildschirmhintergrund schwarz und lässt sich auch über "Anpassen" nicht verändern.
Im Startmenü fehlen die zuletzt gestarteten Programme und innerhalb der einzelnen Ordner sind die Unterordner leer. Zudem fehlt der ganze rechte Bereich des Startmenüs, wo bspw. normalerweise die Systemsteuerung etc. aufgerufen werden kann.

Vielen Dank für Deine Hilfe und sorry, wenn ich mich etwas ungeschickt anstelle.

Gruß

stevenss

Alt 02.05.2012, 13:39   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 02.05.2012, 23:40   #9
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

alle Dateien sind wieder sichtbar, sowohl auf dem Desktop als auch Startmenü.

Soweit ich das beurteilen kann sieht zumindest nach Außen hin alles wieder normal aus. Dafür auf jeden Fall schon einmal vielen Dank !!!

Stehen jetzt noch weitere Schritte an?

Viele Grüße
stevenss

Alt 03.05.2012, 14:46   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 03.05.2012, 21:47   #11
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

hier die OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.05.2012 22:24:54 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,87 Gb Total Physical Memory | 3,92 Gb Available Physical Memory | 66,85% Memory free
11,73 Gb Paging File | 9,56 Gb Available in Paging File | 81,47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,49 Gb Total Space | 13,19 Gb Free Space | 11,83% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.03 22:22:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012.03.08 23:09:47 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
PRC - [2012.02.24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.23 12:22:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
PRC - [2012.02.20 21:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 09:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.20 17:12:04 | 000,074,752 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2011.06.07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2011.06.07 18:34:54 | 002,404,680 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.09 01:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
PRC - [2011.03.09 01:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010.10.12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
PRC - [2010.02.03 08:34:46 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2009.12.17 13:54:40 | 001,795,488 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2009.11.30 20:20:00 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.10.02 23:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.10.02 23:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.13 00:09:10 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.13 00:09:04 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.08.26 20:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2009.04.07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
PRC - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.03 01:11:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf293040f3a93afa1ea782487acae816\WindowsBase.ni.dll
MOD - [2012.05.03 01:11:37 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\20008c75bb41e2febf84d4d4aea5b4e8\System.ServiceProcess.ni.dll
MOD - [2012.05.03 01:11:34 | 012,432,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3afcd5168c7a6cb02eab99d7fd71e102\System.Windows.Forms.ni.dll
MOD - [2012.05.03 01:11:20 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\dbfe8642a8ed7b2b103ad28e0c96418a\System.Drawing.ni.dll
MOD - [2012.05.03 01:11:19 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\da5da08245467818759aa44c4eb948e1\System.Web.ni.dll
MOD - [2012.05.03 01:11:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5cae93d923c8378370758489e5535820\System.Runtime.Remoting.ni.dll
MOD - [2012.05.03 01:11:11 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\461d3b6b3f43e6fbe6c897d5936e17e4\System.Xml.ni.dll
MOD - [2012.05.03 01:11:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bc09ad2d49d8535371845cd7532f9271\System.Configuration.ni.dll
MOD - [2012.05.03 01:11:07 | 007,963,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9e0a3b9b9f457233a335d7fba8f95419\System.ni.dll
MOD - [2012.05.03 01:11:02 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\62a0b3e4b40ec0e8c5cfaa0c8848e64a\mscorlib.ni.dll
MOD - [2012.03.08 23:09:47 | 000,142,336 | ---- | M] () -- C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.05.27 17:52:22 | 000,375,296 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
MOD - [2010.02.03 17:10:43 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe
MOD - [2009.07.14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.04.07 14:53:32 | 000,030,440 | ---- | M] () -- C:\Program Files (x86)\dcmsvc\dcmsvc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.04.14 08:04:30 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.15 07:20:30 | 000,370,504 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.01.31 09:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 09:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.20 17:12:04 | 000,074,752 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2011.06.07 18:35:12 | 001,775,432 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.04.20 10:50:52 | 001,021,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.12.10 18:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010.12.07 12:32:02 | 002,228,008 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.12 01:47:44 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.11.30 20:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.25 20:06:06 | 000,821,760 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.10.02 23:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.09.28 10:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.09.21 17:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2009.09.21 17:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.01.16 10:51:44 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 09:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 09:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 15:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 13:35:24 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 13:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.12.12 01:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.11.24 22:25:07 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.11.24 22:24:10 | 007,773,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.11.18 22:04:10 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 22:04:09 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 22:04:09 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 22:04:08 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 22:03:38 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.11 04:05:01 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.09 22:05:19 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.09 22:04:24 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.11.02 03:47:16 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.10.29 22:09:32 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.10.29 22:09:23 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.10.08 22:10:52 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.10.02 22:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.08 19:13:16 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 18:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 18:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 22:03:08 | 000,025,120 | ---- | M] (Sony Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\shpf.sys -- (shpf)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005.04.13 23:17:52 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0801.sys -- (tap0801)
DRV - [2011.12.04 23:23:57 | 000,138,872 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2010.05.10 02:18:40 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?r0=1308438719
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\URLSearchHook: {7e111a5c-3d11-4f56-9463-5310c3c69025} - No CLSID value found
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes,DefaultScope = {D3E89C38-F96E-4FDE-BE0C-223025299528}
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{3C8E172D-8A10-4450-8BC4-50447C788BA2}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{4327DF69-3F6F-49B3-93BA-C159BD49F62A}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{495B087F-95EC-4EB0-88F1-1133FB47626A}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{65FC0015-EA4D-46B4-A060-F2AD201ED841}: "URL" = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{D3E89C38-F96E-4FDE-BE0C-223025299528}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: 7digital@songbirdnest.com:1.7.2.1667
FF - prefs.js..extensions.enabledItems: albumart@songbirdnest.com:1.0.8.1667
FF - prefs.js..extensions.enabledItems: cd-rip@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: concerts-philips@songbirdnest.com:1.0.5.1667
FF - prefs.js..extensions.enabledItems: ewaacdec@songbirdnest.com:1.0.1.1667
FF - prefs.js..extensions.enabledItems: ewmp3enc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: fileassociation@philips.com:3.2.0.1002
FF - prefs.js..extensions.enabledItems: gogear@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: gonzo@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: gracenote@songbirdnest.com:1.0.3.1667
FF - prefs.js..extensions.enabledItems: langpack-de@songbirdnest.com:1.7.2.1273013908
FF - prefs.js..extensions.enabledItems: mashTape@songbirdnest.com:1.1.3.1667
FF - prefs.js..extensions.enabledItems: msc@songbirdnest.com:1.0.4.1667
FF - prefs.js..extensions.enabledItems: mtp@songbirdnest.com:1.0.19.1667
FF - prefs.js..extensions.enabledItems: philips-addon-manager@philips.com:3.2.0.2202
FF - prefs.js..extensions.enabledItems: philips-branding@philips.com:3.2.0.2226
FF - prefs.js..extensions.enabledItems: philips-msc-mtp-switch@philips.com:3.2.0.2200
FF - prefs.js..extensions.enabledItems: philips-skin@philips.com:3.2.0.2207
FF - prefs.js..extensions.enabledItems: philips-ui@philips.com:3.2.0.2203
FF - prefs.js..extensions.enabledItems: purplerain@songbirdnest.com:1.7.2
FF - prefs.js..extensions.enabledItems: windowsmedia@songbirdnest.com:1.0.7.1667
FF - prefs.js..extensions.enabledItems: quicktime@songbirdnest.com:1.0.7.1667
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files (x86)\Google\Update\1.2.183.7\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\***\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
 
[2010.08.31 22:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.31 22:52:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2010.08.31 22:55:13 | 000,000,530 | ---- | M] () -- C:\Users\***\AppData\Roaming\Philips-Songbird\Profiles\rksceand.default\searchplugins\109158a0-4a53-4722-84ea-abb24e366d22.xml
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (7digital Music Store) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\7DIGITAL@SONGBIRDNEST.COM
[2010.08.31 22:51:37 | 000,000,000 | ---D | M] (Artwork Extras) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\ALBUMART@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (CD Rip Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CD-RIP@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (Concerts) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\CONCERTS-PHILIPS@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (AAC Decoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWAACDEC@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (MP3 Encoding Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\EWMP3ENC@SONGBIRDNEST.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (File association) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\FILEASSOCIATION@PHILIPS.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (Philips GoGear Device Manager) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GOGEAR@SONGBIRDNEST.COM
[2010.08.31 22:51:37 | 000,000,000 | ---D | M] (gonzo) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GONZO@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (Gracenote Metadata Lookup Provider) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\GRACENOTE@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] ("German (de) Language Pack") -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\LANGPACK-DE@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (mashTape) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MASHTAPE@SONGBIRDNEST.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (MSC Device Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MSC@SONGBIRDNEST.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (MTP Device Support) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\MTP@SONGBIRDNEST.COM
[2010.08.31 22:51:42 | 000,000,000 | ---D | M] (Philips addon manager) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-ADDON-MANAGER@PHILIPS.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (Philips Branding) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-BRANDING@PHILIPS.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (Philips auto msc-mtp switch) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-MSC-MTP-SWITCH@PHILIPS.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (Philips Skin) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-SKIN@PHILIPS.COM
[2010.08.31 22:51:41 | 000,000,000 | ---D | M] (Philips UI) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PHILIPS-UI@PHILIPS.COM
[2010.08.31 22:51:37 | 000,000,000 | ---D | M] (Purple Rain) -- C:\PROGRAM FILES (X86)\PHILIPS\PHILIPS SONGBIRD\EXTENSIONS\PURPLERAIN@SONGBIRDNEST.COM
[2010.08.31 22:55:00 | 000,000,000 | ---D | M] (QuickTime Playback) -- C:\USERS\***\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\RKSCEAND.DEFAULT\EXTENSIONS\QUICKTIME@SONGBIRDNEST.COM
[2010.08.31 22:55:01 | 000,000,000 | ---D | M] (Windows Media Playback) -- C:\USERS\***\APPDATA\ROAMING\PHILIPS-SONGBIRD\PROFILES\RKSCEAND.DEFAULT\EXTENSIONS\WINDOWSMEDIA@SONGBIRDNEST.COM
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [dcmsvc] C:\Program Files (x86)\dcmsvc\dcmsvc.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVE.EXE /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus Office BX635FWD" File not found
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [yzoq.exe] "C:\Users\***\AppData\Roaming\Vyti\yzoq.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Save YouTube Video - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Save YouTube Video - C:\Program Files (x86)\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} hxxp://www.aquire.com/codebase71/OrgPubX_de.cab (OrgPublisher PluginX)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E37588F-0867-4D56-8CF9-459548D4F801}: DhcpNameServer = 217.237.149.142 217.237.150.205
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80F31A78-2D93-427B-83F4-A82842672D11}: DhcpNameServer = 193.30.46.4 193.30.47.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8EED7ED-5D61-41C3-A198-A61A6378A7F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\Protector Suite\psqlpwd.dll) - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\Shell - "" = AutoRun
O33 - MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: openvpn-gui - hkey= - key= - C:\Program Files (x86)\OpenVPN\bin\openvpn-gui.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{1B73047C-4218-4379-84C8-BABB8379802B} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.xvid - xvidvfw.dll File not found
 
CREATERESTOREPOINT
System Restore Service not available.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.03 22:22:11 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.03 22:10:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.05.03 00:53:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.05.03 00:47:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.05.03 00:20:26 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Antiviren-Software & Logfiles
[2012.05.01 11:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.01 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.05.01 10:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.01 10:49:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.01 10:49:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.01 10:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.04.28 11:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.04.28 11:15:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012.04.25 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.04.23 02:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vyti
[2012.04.23 02:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Awixw
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.03 22:23:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.03 22:22:22 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.05.03 22:10:55 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 22:10:55 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.03 22:10:11 | 001,655,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.03 22:10:11 | 000,716,900 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.03 22:10:11 | 000,666,538 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.03 22:10:11 | 000,155,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.03 22:10:11 | 000,125,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.03 22:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.03 22:03:39 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.05.03 22:03:36 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.03 22:03:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.03 22:03:26 | 429,043,711 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 01:08:40 | 000,545,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.03 01:06:13 | 000,001,358 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.04.28 11:02:12 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.04.25 20:16:26 | 000,000,184 | ---- | M] () -- C:\ProgramData\-vF1xZNafTSNuaIr
[2012.04.25 20:16:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\-vF1xZNafTSNuaI
[2012.04.25 20:16:23 | 000,000,256 | ---- | M] () -- C:\ProgramData\vF1xZNafTSNuaI
[2012.04.08 00:05:50 | 000,000,198 | ---- | M] () -- C:\Users\***\AppData\Roaming\default.rss
[2012.04.08 00:03:52 | 000,009,318 | ---- | M] () -- C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML
[2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.03 01:06:13 | 000,001,358 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2012.05.03 00:14:36 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2012.05.03 00:14:36 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012.05.03 00:14:36 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Support für Übertragungen.lnk
[2012.05.03 00:14:36 | 000,002,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk
[2012.05.03 00:14:36 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012.05.03 00:14:36 | 000,001,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Documentation.lnk
[2012.05.03 00:14:36 | 000,001,817 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012.05.03 00:14:36 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2012.05.03 00:14:36 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.05.03 00:14:36 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.05.03 00:14:36 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012.05.03 00:14:36 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.05.03 00:14:36 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.05.03 00:14:36 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.05.03 00:14:36 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.05.03 00:14:36 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2012.05.03 00:14:36 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.05.03 00:14:36 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warner Bros. Digital Copy Manager.lnk
[2012.05.03 00:14:36 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Wiederherstellungscenter.lnk
[2012.05.03 00:14:36 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Premium Partners.lnk
[2012.05.03 00:14:36 | 000,000,988 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012.05.03 00:14:36 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2012.05.03 00:14:35 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.05.03 00:14:35 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.05.03 00:14:35 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.04.28 11:02:12 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.04.25 20:16:26 | 000,000,184 | ---- | C] () -- C:\ProgramData\-vF1xZNafTSNuaIr
[2012.04.25 20:16:26 | 000,000,000 | ---- | C] () -- C:\ProgramData\-vF1xZNafTSNuaI
[2012.04.25 20:16:23 | 000,000,256 | ---- | C] () -- C:\ProgramData\vF1xZNafTSNuaI
[2012.01.06 00:28:57 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\Youruan___blu-ray ripper.dat
[2012.01.02 00:27:58 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.11.17 12:58:03 | 000,000,066 | ---- | C] () -- C:\Windows\Advent.ini
[2011.04.22 23:31:44 | 000,000,198 | ---- | C] () -- C:\Users\***\AppData\Roaming\default.rss
[2010.07.09 19:36:11 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
 
========== LOP Check ==========
 
[2011.10.10 01:38:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3D RealityMaps Viewer
[2011.10.10 01:41:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.03.29 23:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.08.20 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2012.04.25 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awixw
[2011.01.09 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.09.09 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen
[2012.05.03 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.04.02 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2011.01.28 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2011.04.22 23:33:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2012.01.08 01:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.04.13 10:41:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2010.08.22 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Pacs-Lite
[2010.04.23 20:02:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.04.06 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2011.12.31 01:44:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mediAvatar
[2011.11.21 02:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MoveFab
[2010.08.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Philips-Songbird
[2010.02.13 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2012.04.25 00:08:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.12.29 15:36:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.05.03 01:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vyti
[2011.12.27 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2012.01.02 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
[2012.04.25 19:03:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.10 01:38:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\3D RealityMaps Viewer
[2011.01.09 00:21:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2011.10.10 01:41:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Alpen 3D Online
[2010.03.29 23:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2012.04.01 17:51:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.02.17 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ArcSoft
[2010.08.20 23:29:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2012.03.18 23:17:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.04.25 00:13:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Awixw
[2011.01.09 00:23:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.warnerbros.DigitalCopyManager.449F66ACC381FDC604DC2AA255FEECEEBBBEE1E5.1
[2011.09.09 12:16:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Cornelsen
[2012.05.03 22:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2012.01.05 23:53:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss
[2012.04.02 18:53:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson
[2011.01.28 22:18:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\fotobuch.de AG
[2011.04.22 23:33:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2012.01.08 01:18:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2010.02.13 15:04:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Google
[2010.04.13 10:41:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICAClient
[2010.02.13 14:57:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.12.25 00:24:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.02.13 21:47:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel
[2010.02.13 14:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2010.08.22 21:27:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\K-Pacs-Lite
[2010.04.23 20:02:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.04.23 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logishrd
[2010.04.23 20:07:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Logitech
[2010.02.13 15:05:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.04.06 22:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2012.05.01 10:49:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.31 01:44:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mediAvatar
[2012.04.07 12:22:11 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.11.21 02:10:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MoveFab
[2010.08.31 22:52:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.05.23 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nero
[2010.08.31 22:52:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Philips-Songbird
[2010.02.13 14:58:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Protector Suite
[2010.03.14 13:30:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Roxio Log Files
[2012.04.25 00:08:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Seas0nPass
[2010.07.10 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation
[2010.12.29 15:36:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011.01.28 18:17:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\U3
[2012.05.03 01:04:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vyti
[2011.12.27 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WindSolutions
[2010.10.16 14:28:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
[2012.01.02 00:16:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Xilisoft
 
< %APPDATA%\*.exe /s >
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.05.03 01:03:34 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2010.04.23 20:02:06 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2006.12.14 11:00:02 | 000,110,592 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\0000187B8572B1C2\cleanup.exe
[2007.02.12 18:46:54 | 003,096,576 | ---- | M] (SanDisk Corporation) -- C:\Users\***\AppData\Roaming\U3\0000187B8572B1C2\Launchpad Removal.exe
[2007.02.09 17:47:20 | 004,603,904 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\0000187B8572B1C2\LaunchPad.exe
[2006.12.14 11:00:02 | 000,049,152 | ---- | M] () -- C:\Users\***\AppData\Roaming\U3\0000187B8572B1C2\U3AccessGrant.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.02 22:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.10.02 22:58:58 | 000,537,112 | ---- | M] (Intel Corporation) MD5=631FA8935163B01FC0C02966CB3ADB92 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_b03f80929ac23556\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 143 bytes -> C:\Users\***\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

< End of report >
         
--- --- ---


[/code]

Vielen Dank und viele Grüße!
stevenss

Alt 04.05.2012, 10:41   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{3C8E172D-8A10-4450-8BC4-50447C788BA2}: "URL" = http://de.shopping.com/?linkin_id=8056363
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{4327DF69-3F6F-49B3-93BA-C159BD49F62A}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{495B087F-95EC-4EB0-88F1-1133FB47626A}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{65FC0015-EA4D-46B4-A060-F2AD201ED841}: "URL" = hhttp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\SearchScopes\{D3E89C38-F96E-4FDE-BE0C-223025299528}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
O3 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004\..\Toolbar\WebBrowser: (no name) - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No CLSID value found.
O4 - HKU\S-1-5-21-1256843111-3230359735-3565253942-1004..\Run: [yzoq.exe] "C:\Users\***\AppData\Roaming\Vyti\yzoq.exe" File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\Shell - "" = AutoRun
O33 - MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
[2012.04.25 20:16:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.04.23 02:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vyti
[2012.04.23 02:36:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Awixw
[2012.04.25 20:16:26 | 000,000,184 | ---- | M] () -- C:\ProgramData\-vF1xZNafTSNuaIr
[2012.04.25 20:16:26 | 000,000,000 | ---- | M] () -- C:\ProgramData\-vF1xZNafTSNuaI
[2012.04.25 20:16:23 | 000,000,256 | ---- | M] () -- C:\ProgramData\vF1xZNafTSNuaI
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.05.2012, 23:26   #13
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

hier das Logfile nach dem OTL-Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3C8E172D-8A10-4450-8BC4-50447C788BA2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C8E172D-8A10-4450-8BC4-50447C788BA2}\ not found.
Registry key HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\SearchScopes\{4327DF69-3F6F-49B3-93BA-C159BD49F62A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4327DF69-3F6F-49B3-93BA-C159BD49F62A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\SearchScopes\{495B087F-95EC-4EB0-88F1-1133FB47626A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{495B087F-95EC-4EB0-88F1-1133FB47626A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\SearchScopes\{65FC0015-EA4D-46B4-A060-F2AD201ED841}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65FC0015-EA4D-46B4-A060-F2AD201ED841}\ not found.
Registry key HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\SearchScopes\{D3E89C38-F96E-4FDE-BE0C-223025299528}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3E89C38-F96E-4FDE-BE0C-223025299528}\ not found.
Registry value HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7E111A5C-3D11-4F56-9463-5310C3C69025} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E111A5C-3D11-4F56-9463-5310C3C69025}\ not found.
Registry value HKEY_USERS\S-1-5-21-1256843111-3230359735-3565253942-1004\Software\Microsoft\Windows\CurrentVersion\Run\\yzoq.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4201271-9363-11df-87d7-0024be669732}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f4201271-9363-11df-87d7-0024be669732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f4201271-9363-11df-87d7-0024be669732}\ not found.
File D:\LaunchU3.exe -a not found.
C:\Users\Marc Heczko\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery folder moved successfully.
C:\Users\Marc Heczko\AppData\Roaming\Vyti folder moved successfully.
C:\Users\Marc Heczko\AppData\Roaming\Awixw folder moved successfully.
C:\ProgramData\-vF1xZNafTSNuaIr moved successfully.
C:\ProgramData\-vF1xZNafTSNuaI moved successfully.
C:\ProgramData\vF1xZNafTSNuaI moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Marc Heczko
->Temp folder emptied: 584363444 bytes
->Temporary Internet Files folder emptied: 683252688 bytes
->Java cache emptied: 14427493 bytes
->Flash cache emptied: 132625 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 321342916 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1310382 bytes
RecycleBin emptied: 9802160 bytes
 
Total Files Cleaned = 1.540,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Marc Heczko
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05052012_001746

Files\Folders moved on Reboot...
File\Folder C:\Users\Marc Heczko\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\4OMGLRLW\locher+f%C3%BCr+stammbuch;seg=GL_Visitors;items=0;sz=160x600;ord=1282291084620;tile=2;um=0;us=13;eb_trk=145789;pr=20;xp=20;np=20;cg=8e810fdd12a0a479e7523862fe5415af[1].htm not found!
C:\Users\Marc Heczko\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         
Danke und Grüße
stevenss

Alt 04.05.2012, 23:29   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.05.2012, 09:12   #15
stevenss
 
Infektion mit SMART HDD - Standard

Infektion mit SMART HDD



Hallo,

hier das log vom TDSSKiller:

Code:
ATTFilter
10:08:46.0276 2364	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
10:08:46.0736 2364	============================================================
10:08:46.0736 2364	Current date / time: 2012/05/05 10:08:46.0736
10:08:46.0736 2364	SystemInfo:
10:08:46.0736 2364	
10:08:46.0736 2364	OS Version: 6.1.7601 ServicePack: 1.0
10:08:46.0736 2364	Product type: Workstation
10:08:46.0736 2364	ComputerName: ***-VAIO
10:08:46.0736 2364	UserName: ***
10:08:46.0736 2364	Windows directory: C:\Windows
10:08:46.0736 2364	System windows directory: C:\Windows
10:08:46.0736 2364	Running under WOW64
10:08:46.0736 2364	Processor architecture: Intel x64
10:08:46.0736 2364	Number of processors: 4
10:08:46.0736 2364	Page size: 0x1000
10:08:46.0736 2364	Boot type: Normal boot
10:08:46.0736 2364	============================================================
10:08:46.0921 2364	Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:08:46.0926 2364	============================================================
10:08:46.0926 2364	\Device\Harddisk0\DR0:
10:08:46.0926 2364	MBR partitions:
10:08:46.0926 2364	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xF50800, BlocksNum 0x32000
10:08:46.0926 2364	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF82800, BlocksNum 0xDEF92B0
10:08:46.0926 2364	============================================================
10:08:46.0931 2364	C: <-> \Device\Harddisk0\DR0\Partition1
10:08:46.0931 2364	============================================================
10:08:46.0931 2364	Initialize success
10:08:46.0931 2364	============================================================
10:08:59.0962 5520	============================================================
10:08:59.0962 5520	Scan started
10:08:59.0962 5520	Mode: Manual; SigCheck; TDLFS; 
10:08:59.0962 5520	============================================================
10:09:00.0415 5520	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:09:00.0477 5520	1394ohci - ok
10:09:00.0493 5520	ACDaemon        (35f57598f0589feb3c3abc1621bf329f) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:09:00.0539 5520	ACDaemon - ok
10:09:00.0555 5520	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:09:00.0571 5520	ACPI - ok
10:09:00.0571 5520	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:09:00.0602 5520	AcpiPmi - ok
10:09:00.0649 5520	AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:09:00.0664 5520	AdobeFlashPlayerUpdateSvc - ok
10:09:00.0695 5520	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
10:09:00.0727 5520	adp94xx - ok
10:09:00.0742 5520	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
10:09:00.0758 5520	adpahci - ok
10:09:00.0773 5520	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
10:09:00.0805 5520	adpu320 - ok
10:09:00.0805 5520	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:09:00.0898 5520	AeLookupSvc - ok
10:09:00.0929 5520	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:09:00.0961 5520	AFD - ok
10:09:00.0961 5520	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:09:00.0976 5520	agp440 - ok
10:09:00.0992 5520	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:09:01.0007 5520	ALG - ok
10:09:01.0007 5520	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:09:01.0023 5520	aliide - ok
10:09:01.0023 5520	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:09:01.0039 5520	amdide - ok
10:09:01.0039 5520	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
10:09:01.0070 5520	AmdK8 - ok
10:09:01.0070 5520	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
10:09:01.0085 5520	AmdPPM - ok
10:09:01.0101 5520	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:09:01.0117 5520	amdsata - ok
10:09:01.0132 5520	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
10:09:01.0148 5520	amdsbs - ok
10:09:01.0148 5520	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:09:01.0163 5520	amdxata - ok
10:09:01.0179 5520	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:09:01.0195 5520	AntiVirSchedulerService - ok
10:09:01.0195 5520	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:09:01.0210 5520	AntiVirService - ok
10:09:01.0226 5520	AnyDVD          (7ce7d6019d0d73f9203ba4ff4ba35b6a) C:\Windows\system32\Drivers\AnyDVD.sys
10:09:01.0241 5520	AnyDVD - ok
10:09:01.0241 5520	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:09:01.0335 5520	AppID - ok
10:09:01.0335 5520	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:09:01.0382 5520	AppIDSvc - ok
10:09:01.0382 5520	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:09:01.0413 5520	Appinfo - ok
10:09:01.0429 5520	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:09:01.0444 5520	Apple Mobile Device - ok
10:09:01.0444 5520	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
10:09:01.0460 5520	AppMgmt - ok
10:09:01.0475 5520	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
10:09:01.0475 5520	arc - ok
10:09:01.0491 5520	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
10:09:01.0491 5520	arcsas - ok
10:09:01.0507 5520	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:09:01.0538 5520	AsyncMac - ok
10:09:01.0538 5520	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:09:01.0538 5520	atapi - ok
10:09:01.0616 5520	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
10:09:01.0678 5520	athr - ok
10:09:01.0756 5520	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:09:01.0834 5520	AudioEndpointBuilder - ok
10:09:01.0834 5520	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:09:01.0881 5520	AudioSrv - ok
10:09:01.0897 5520	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
10:09:01.0912 5520	avgntflt - ok
10:09:01.0912 5520	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
10:09:01.0928 5520	avipbb - ok
10:09:01.0928 5520	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
10:09:01.0943 5520	avkmgr - ok
10:09:01.0959 5520	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:09:01.0990 5520	AxInstSV - ok
10:09:02.0006 5520	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
10:09:02.0037 5520	b06bdrv - ok
10:09:02.0053 5520	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:09:02.0068 5520	b57nd60a - ok
10:09:02.0084 5520	BcmSqlStartupSvc (6163664c7e9cd110af70180c126c3fdc) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
10:09:02.0099 5520	BcmSqlStartupSvc - ok
10:09:02.0099 5520	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:09:02.0115 5520	BDESVC - ok
10:09:02.0131 5520	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:09:02.0162 5520	Beep - ok
10:09:02.0209 5520	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:09:02.0240 5520	BFE - ok
10:09:02.0287 5520	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:09:02.0380 5520	BITS - ok
10:09:02.0380 5520	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
10:09:02.0396 5520	blbdrive - ok
10:09:02.0427 5520	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:09:02.0443 5520	Bonjour Service - ok
10:09:02.0458 5520	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:09:02.0474 5520	bowser - ok
10:09:02.0474 5520	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
10:09:02.0505 5520	BrFiltLo - ok
10:09:02.0505 5520	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
10:09:02.0521 5520	BrFiltUp - ok
10:09:02.0536 5520	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:09:02.0583 5520	Browser - ok
10:09:02.0614 5520	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:09:02.0630 5520	Brserid - ok
10:09:02.0645 5520	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:09:02.0661 5520	BrSerWdm - ok
10:09:02.0661 5520	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:09:02.0692 5520	BrUsbMdm - ok
10:09:02.0692 5520	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:09:02.0708 5520	BrUsbSer - ok
10:09:02.0723 5520	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
10:09:02.0739 5520	BthEnum - ok
10:09:02.0739 5520	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
10:09:02.0770 5520	BTHMODEM - ok
10:09:02.0770 5520	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
10:09:02.0801 5520	BthPan - ok
10:09:02.0833 5520	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
10:09:02.0848 5520	BTHPORT - ok
10:09:02.0864 5520	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:09:02.0911 5520	bthserv - ok
10:09:02.0926 5520	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
10:09:02.0926 5520	BTHUSB - ok
10:09:02.0942 5520	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
10:09:02.0942 5520	btusbflt - ok
10:09:02.0957 5520	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
10:09:02.0957 5520	btwaudio - ok
10:09:02.0973 5520	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
10:09:02.0973 5520	btwavdt - ok
10:09:03.0020 5520	btwdins         (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
10:09:03.0035 5520	btwdins - ok
10:09:03.0035 5520	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
10:09:03.0051 5520	btwl2cap - ok
10:09:03.0051 5520	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
10:09:03.0067 5520	btwrchid - ok
10:09:03.0067 5520	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:09:03.0103 5520	cdfs - ok
10:09:03.0113 5520	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:09:03.0123 5520	cdrom - ok
10:09:03.0128 5520	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:09:03.0158 5520	CertPropSvc - ok
10:09:03.0163 5520	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
10:09:03.0173 5520	circlass - ok
10:09:03.0193 5520	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:09:03.0203 5520	CLFS - ok
10:09:03.0213 5520	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:09:03.0223 5520	clr_optimization_v2.0.50727_32 - ok
10:09:03.0233 5520	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:09:03.0243 5520	clr_optimization_v2.0.50727_64 - ok
10:09:03.0258 5520	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:09:03.0273 5520	clr_optimization_v4.0.30319_32 - ok
10:09:03.0283 5520	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:09:03.0293 5520	clr_optimization_v4.0.30319_64 - ok
10:09:03.0293 5520	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
10:09:03.0308 5520	CmBatt - ok
10:09:03.0308 5520	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:09:03.0318 5520	cmdide - ok
10:09:03.0343 5520	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:09:03.0358 5520	CNG - ok
10:09:03.0363 5520	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
10:09:03.0373 5520	Compbatt - ok
10:09:03.0378 5520	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:09:03.0393 5520	CompositeBus - ok
10:09:03.0393 5520	COMSysApp - ok
10:09:03.0398 5520	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
10:09:03.0408 5520	crcdisk - ok
10:09:03.0424 5520	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:09:03.0455 5520	CryptSvc - ok
10:09:03.0480 5520	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
10:09:03.0502 5520	CSC - ok
10:09:03.0537 5520	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
10:09:03.0573 5520	CscService - ok
10:09:03.0583 5520	ctxusbm         (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
10:09:03.0597 5520	ctxusbm - ok
10:09:03.0630 5520	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:09:03.0700 5520	DcomLaunch - ok
10:09:03.0720 5520	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:09:03.0784 5520	defragsvc - ok
10:09:03.0792 5520	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:09:03.0832 5520	DfsC - ok
10:09:03.0852 5520	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:09:03.0894 5520	Dhcp - ok
10:09:03.0899 5520	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:09:03.0930 5520	discache - ok
10:09:03.0935 5520	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
10:09:03.0945 5520	Disk - ok
10:09:03.0956 5520	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:09:03.0968 5520	Dnscache - ok
10:09:03.0982 5520	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:09:04.0021 5520	dot3svc - ok
10:09:04.0030 5520	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:09:04.0047 5520	Dot4 - ok
10:09:04.0052 5520	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:09:04.0068 5520	Dot4Print - ok
10:09:04.0074 5520	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:09:04.0092 5520	dot4usb - ok
10:09:04.0102 5520	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:09:04.0145 5520	DPS - ok
10:09:04.0149 5520	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:09:04.0166 5520	drmkaud - ok
10:09:04.0220 5520	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:09:04.0262 5520	DXGKrnl - ok
10:09:04.0271 5520	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:09:04.0312 5520	EapHost - ok
10:09:04.0475 5520	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
10:09:04.0557 5520	ebdrv - ok
10:09:04.0599 5520	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:09:04.0621 5520	EFS - ok
10:09:04.0663 5520	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:09:04.0702 5520	ehRecvr - ok
10:09:04.0714 5520	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:09:04.0738 5520	ehSched - ok
10:09:04.0750 5520	ElbyCDIO        (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:09:04.0765 5520	ElbyCDIO - ok
10:09:04.0798 5520	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
10:09:04.0832 5520	elxstor - ok
10:09:04.0837 5520	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:09:04.0851 5520	ErrDev - ok
10:09:04.0878 5520	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:09:04.0927 5520	EventSystem - ok
10:09:05.0006 5520	EvtEng          (51643ee2712d9212e1e53ca7e8d8eb4a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
10:09:05.0058 5520	EvtEng - ok
10:09:05.0113 5520	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:09:05.0175 5520	exfat - ok
10:09:05.0181 5520	Fabs - ok
10:09:05.0197 5520	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:09:05.0243 5520	fastfat - ok
10:09:05.0282 5520	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:09:05.0318 5520	Fax - ok
10:09:05.0325 5520	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
10:09:05.0345 5520	fdc - ok
10:09:05.0349 5520	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:09:05.0403 5520	fdPHost - ok
10:09:05.0409 5520	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:09:05.0444 5520	FDResPub - ok
10:09:05.0451 5520	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:09:05.0462 5520	FileInfo - ok
10:09:05.0467 5520	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:09:05.0501 5520	Filetrace - ok
10:09:05.0638 5520	FirebirdServerMAGIXInstance (5bd96d8c5411ace71a7eaacaf0ef2903) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
10:09:05.0711 5520	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
10:09:05.0711 5520	FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
10:09:05.0746 5520	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
10:09:05.0759 5520	flpydisk - ok
10:09:05.0775 5520	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:09:05.0794 5520	FltMgr - ok
10:09:05.0855 5520	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:09:05.0901 5520	FontCache - ok
10:09:05.0917 5520	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:09:05.0917 5520	FontCache3.0.0.0 - ok
10:09:05.0932 5520	Freemake Improver (37c2ff67a2565286f1c1c1072be74678) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
10:09:05.0948 5520	Freemake Improver ( UnsignedFile.Multi.Generic ) - warning
10:09:05.0948 5520	Freemake Improver - detected UnsignedFile.Multi.Generic (1)
10:09:05.0964 5520	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:09:05.0979 5520	FsDepends - ok
10:09:05.0979 5520	fssfltr         (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
10:09:05.0995 5520	fssfltr - ok
10:09:06.0042 5520	fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
10:09:06.0073 5520	fsssvc - ok
10:09:06.0088 5520	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
10:09:06.0104 5520	Fs_Rec - ok
10:09:06.0120 5520	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:09:06.0151 5520	fvevol - ok
10:09:06.0151 5520	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
10:09:06.0166 5520	gagp30kx - ok
10:09:06.0166 5520	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:09:06.0166 5520	GEARAspiWDM - ok
10:09:06.0213 5520	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:09:06.0276 5520	gpsvc - ok
10:09:06.0291 5520	gupdate         (626a24ed1228580b9518c01930936df9) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:09:06.0291 5520	gupdate - ok
10:09:06.0291 5520	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:09:06.0307 5520	hcw85cir - ok
10:09:06.0322 5520	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:09:06.0354 5520	HdAudAddService - ok
10:09:06.0354 5520	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:09:06.0369 5520	HDAudBus - ok
10:09:06.0385 5520	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\drivers\HECIx64.sys
10:09:06.0385 5520	HECIx64 - ok
10:09:06.0385 5520	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
10:09:06.0400 5520	HidBatt - ok
10:09:06.0416 5520	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
10:09:06.0432 5520	HidBth - ok
10:09:06.0432 5520	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
10:09:06.0447 5520	HidIr - ok
10:09:06.0463 5520	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:09:06.0494 5520	hidserv - ok
10:09:06.0494 5520	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:09:06.0510 5520	HidUsb - ok
10:09:06.0525 5520	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:09:06.0556 5520	hkmsvc - ok
10:09:06.0572 5520	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:09:06.0588 5520	HomeGroupListener - ok
10:09:06.0588 5520	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:09:06.0603 5520	HomeGroupProvider - ok
10:09:06.0619 5520	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:09:06.0619 5520	HpSAMD - ok
10:09:06.0666 5520	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:09:06.0744 5520	HTTP - ok
10:09:06.0744 5520	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:09:06.0759 5520	hwpolicy - ok
10:09:06.0759 5520	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:09:06.0775 5520	i8042prt - ok
10:09:06.0806 5520	iaStor          (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\drivers\iaStor.sys
10:09:06.0822 5520	iaStor - ok
10:09:06.0837 5520	IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10:09:06.0837 5520	IAStorDataMgrSvc - ok
10:09:06.0868 5520	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:09:06.0884 5520	iaStorV - ok
10:09:06.0900 5520	IDriverT        (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:09:06.0900 5520	IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:09:06.0900 5520	IDriverT - detected UnsignedFile.Multi.Generic (1)
10:09:06.0946 5520	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:09:06.0978 5520	idsvc - ok
10:09:07.0430 5520	igfx            (b36e6868cf289040795c1fa0d0feb399) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:09:07.0570 5520	igfx ( UnsignedFile.Multi.Generic ) - warning
10:09:07.0570 5520	igfx - detected UnsignedFile.Multi.Generic (1)
10:09:07.0617 5520	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
10:09:07.0633 5520	iirsp - ok
10:09:07.0680 5520	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:09:07.0726 5520	IKEEXT - ok
10:09:07.0742 5520	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
10:09:07.0742 5520	Impcd - ok
10:09:07.0867 5520	IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
10:09:07.0929 5520	IntcAzAudAddService - ok
10:09:07.0976 5520	IntcDAud        (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
10:09:07.0992 5520	IntcDAud ( UnsignedFile.Multi.Generic ) - warning
10:09:07.0992 5520	IntcDAud - detected UnsignedFile.Multi.Generic (1)
10:09:08.0007 5520	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:09:08.0007 5520	intelide - ok
10:09:08.0023 5520	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
10:09:08.0038 5520	intelppm - ok
10:09:08.0054 5520	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:09:08.0085 5520	IPBusEnum - ok
10:09:08.0101 5520	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:09:08.0132 5520	IpFilterDriver - ok
10:09:08.0163 5520	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:09:08.0194 5520	iphlpsvc - ok
10:09:08.0210 5520	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:09:08.0226 5520	IPMIDRV - ok
10:09:08.0226 5520	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:09:08.0272 5520	IPNAT - ok
10:09:08.0319 5520	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
10:09:08.0366 5520	iPod Service - ok
10:09:08.0366 5520	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:09:08.0397 5520	IRENUM - ok
10:09:08.0397 5520	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:09:08.0413 5520	isapnp - ok
10:09:08.0428 5520	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:09:08.0444 5520	iScsiPrt - ok
10:09:08.0460 5520	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:09:08.0460 5520	kbdclass - ok
10:09:08.0475 5520	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:09:08.0491 5520	kbdhid - ok
10:09:08.0491 5520	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:09:08.0506 5520	KeyIso - ok
10:09:08.0506 5520	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:09:08.0522 5520	KSecDD - ok
10:09:08.0522 5520	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:09:08.0538 5520	KSecPkg - ok
10:09:08.0538 5520	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:09:08.0569 5520	ksthunk - ok
10:09:08.0584 5520	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:09:08.0631 5520	KtmRm - ok
10:09:08.0631 5520	L1C             (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
10:09:08.0647 5520	L1C - ok
10:09:08.0662 5520	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:09:08.0694 5520	LanmanServer - ok
10:09:08.0694 5520	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:09:08.0725 5520	LanmanWorkstation - ok
10:09:08.0740 5520	LBTServ         (88e52495b47c67126b510af53fdb0bc7) C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
10:09:08.0756 5520	LBTServ - ok
10:09:08.0756 5520	LEqdUsb         (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
10:09:08.0772 5520	LEqdUsb - ok
10:09:08.0772 5520	LHidEqd         (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
10:09:08.0772 5520	LHidEqd - ok
10:09:08.0787 5520	LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
10:09:08.0787 5520	LHidFilt - ok
10:09:08.0803 5520	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:09:08.0834 5520	lltdio - ok
10:09:08.0850 5520	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:09:08.0881 5520	lltdsvc - ok
10:09:08.0881 5520	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:09:08.0912 5520	lmhosts - ok
10:09:08.0912 5520	LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
10:09:08.0928 5520	LMouFilt - ok
10:09:08.0943 5520	LMS             (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:09:08.0943 5520	LMS ( UnsignedFile.Multi.Generic ) - warning
10:09:08.0943 5520	LMS - detected UnsignedFile.Multi.Generic (1)
10:09:08.0959 5520	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
10:09:08.0974 5520	LSI_FC - ok
10:09:08.0974 5520	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
10:09:08.0990 5520	LSI_SAS - ok
10:09:08.0990 5520	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
10:09:09.0006 5520	LSI_SAS2 - ok
10:09:09.0006 5520	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
10:09:09.0021 5520	LSI_SCSI - ok
10:09:09.0037 5520	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:09:09.0068 5520	luafv - ok
10:09:09.0068 5520	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
10:09:09.0084 5520	MBAMProtector - ok
10:09:09.0115 5520	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:09:09.0130 5520	MBAMService - ok
10:09:09.0146 5520	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:09:09.0146 5520	Mcx2Svc - ok
10:09:09.0162 5520	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
10:09:09.0177 5520	megasas - ok
10:09:09.0193 5520	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
10:09:09.0208 5520	MegaSR - ok
10:09:09.0208 5520	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:09:09.0255 5520	MMCSS - ok
10:09:09.0255 5520	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:09:09.0286 5520	Modem - ok
10:09:09.0286 5520	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:09:09.0302 5520	monitor - ok
10:09:09.0302 5520	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:09:09.0318 5520	mouclass - ok
10:09:09.0318 5520	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:09:09.0333 5520	mouhid - ok
10:09:09.0333 5520	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:09:09.0349 5520	mountmgr - ok
10:09:09.0364 5520	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:09:09.0364 5520	mpio - ok
10:09:09.0380 5520	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:09:09.0411 5520	mpsdrv - ok
10:09:09.0442 5520	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:09:09.0505 5520	MpsSvc - ok
10:09:09.0505 5520	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:09:09.0520 5520	MRxDAV - ok
10:09:09.0536 5520	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:09:09.0536 5520	mrxsmb - ok
10:09:09.0552 5520	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:09:09.0567 5520	mrxsmb10 - ok
10:09:09.0583 5520	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:09:09.0598 5520	mrxsmb20 - ok
10:09:09.0598 5520	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:09:09.0614 5520	msahci - ok
10:09:09.0614 5520	MSCSPTISRV      (8e46a7bac823dd82d4fb2a34c3df4c1d) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
10:09:09.0614 5520	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - warning
10:09:09.0614 5520	MSCSPTISRV - detected UnsignedFile.Multi.Generic (1)
10:09:09.0630 5520	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:09:09.0645 5520	msdsm - ok
10:09:09.0645 5520	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:09:09.0661 5520	MSDTC - ok
10:09:09.0676 5520	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:09:09.0708 5520	Msfs - ok
10:09:09.0708 5520	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:09:09.0739 5520	mshidkmdf - ok
10:09:09.0739 5520	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:09:09.0754 5520	msisadrv - ok
10:09:09.0754 5520	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:09:09.0786 5520	MSiSCSI - ok
10:09:09.0801 5520	msiserver - ok
10:09:09.0801 5520	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:09:09.0832 5520	MSKSSRV - ok
10:09:09.0832 5520	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:09:09.0864 5520	MSPCLOCK - ok
10:09:09.0864 5520	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:09:09.0895 5520	MSPQM - ok
10:09:09.0910 5520	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:09:09.0926 5520	MsRPC - ok
10:09:09.0942 5520	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:09:09.0942 5520	mssmbios - ok
10:09:09.0957 5520	MSSQL$MSSMLBIZ - ok
10:09:09.0957 5520	MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
10:09:09.0973 5520	MSSQLServerADHelper - ok
10:09:09.0973 5520	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:09:10.0004 5520	MSTEE - ok
10:09:10.0004 5520	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
10:09:10.0020 5520	MTConfig - ok
10:09:10.0020 5520	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:09:10.0035 5520	Mup - ok
10:09:10.0051 5520	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:09:10.0098 5520	napagent - ok
10:09:10.0113 5520	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:09:10.0129 5520	NativeWifiP - ok
10:09:10.0191 5520	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:09:10.0222 5520	NDIS - ok
10:09:10.0222 5520	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:09:10.0269 5520	NdisCap - ok
10:09:10.0269 5520	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:09:10.0300 5520	NdisTapi - ok
10:09:10.0316 5520	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:09:10.0332 5520	Ndisuio - ok
10:09:10.0347 5520	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:09:10.0378 5520	NdisWan - ok
10:09:10.0394 5520	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:09:10.0410 5520	NDProxy - ok
10:09:10.0472 5520	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
10:09:10.0503 5520	Nero BackItUp Scheduler 4.0 - ok
10:09:10.0519 5520	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:09:10.0566 5520	NetBIOS - ok
10:09:10.0581 5520	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:09:10.0612 5520	NetBT - ok
10:09:10.0612 5520	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:09:10.0628 5520	Netlogon - ok
10:09:10.0644 5520	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:09:10.0690 5520	Netman - ok
10:09:10.0706 5520	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:09:10.0753 5520	netprofm - ok
10:09:10.0768 5520	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:09:10.0768 5520	NetTcpPortSharing - ok
10:09:11.0127 5520	NETw5s64        (4d85a450edef10c38882182753a49aae) C:\Windows\system32\DRIVERS\NETw5s64.sys
10:09:11.0283 5520	NETw5s64 - ok
10:09:11.0330 5520	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
10:09:11.0346 5520	nfrd960 - ok
10:09:11.0361 5520	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:09:11.0408 5520	NlaSvc - ok
10:09:11.0408 5520	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:09:11.0439 5520	Npfs - ok
10:09:11.0455 5520	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:09:11.0486 5520	nsi - ok
10:09:11.0486 5520	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:09:11.0517 5520	nsiproxy - ok
10:09:11.0611 5520	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:09:11.0689 5520	Ntfs - ok
10:09:11.0736 5520	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:09:11.0782 5520	Null - ok
10:09:11.0782 5520	NVHDA           (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
10:09:11.0798 5520	NVHDA - ok
10:09:12.0391 5520	nvlddmkm        (ca8447574e9dae22250c723819d3ef96) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:09:12.0547 5520	nvlddmkm - ok
10:09:12.0594 5520	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:09:12.0609 5520	nvraid - ok
10:09:12.0625 5520	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:09:12.0640 5520	nvstor - ok
10:09:12.0656 5520	nvsvc           (ad1e49bceb5d446a271c43bfa8fd71d2) C:\Windows\system32\nvvsvc.exe
10:09:12.0672 5520	nvsvc - ok
10:09:12.0687 5520	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:09:12.0703 5520	nv_agp - ok
10:09:12.0734 5520	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:09:12.0750 5520	odserv - ok
10:09:12.0765 5520	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:09:12.0781 5520	ohci1394 - ok
10:09:12.0796 5520	OpenVPNService  (ccaf7108859b6b1698a4223e2760b578) C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
10:09:12.0796 5520	OpenVPNService ( UnsignedFile.Multi.Generic ) - warning
10:09:12.0796 5520	OpenVPNService - detected UnsignedFile.Multi.Generic (1)
10:09:12.0812 5520	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:09:12.0828 5520	ose - ok
10:09:12.0843 5520	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:09:12.0874 5520	p2pimsvc - ok
10:09:12.0906 5520	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:09:12.0921 5520	p2psvc - ok
10:09:12.0937 5520	PACSPTISVR      (753a8f339f231d2b857e2ccd51a6e6ca) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
10:09:12.0937 5520	PACSPTISVR ( UnsignedFile.Multi.Generic ) - warning
10:09:12.0937 5520	PACSPTISVR - detected UnsignedFile.Multi.Generic (1)
10:09:12.0952 5520	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
10:09:12.0968 5520	Parport - ok
10:09:12.0984 5520	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:09:12.0999 5520	partmgr - ok
10:09:13.0015 5520	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:09:13.0046 5520	PcaSvc - ok
10:09:13.0062 5520	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:09:13.0077 5520	pci - ok
10:09:13.0077 5520	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:09:13.0093 5520	pciide - ok
10:09:13.0108 5520	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
10:09:13.0124 5520	pcmcia - ok
10:09:13.0124 5520	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:09:13.0140 5520	pcw - ok
10:09:13.0171 5520	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:09:13.0249 5520	PEAUTH - ok
10:09:13.0327 5520	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
10:09:13.0374 5520	PeerDistSvc - ok
10:09:13.0405 5520	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:09:13.0436 5520	PerfHost - ok
10:09:13.0545 5520	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:09:13.0654 5520	pla - ok
10:09:13.0670 5520	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:09:13.0701 5520	PlugPlay - ok
10:09:13.0701 5520	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:09:13.0717 5520	PNRPAutoReg - ok
10:09:13.0732 5520	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:09:13.0764 5520	PNRPsvc - ok
10:09:13.0795 5520	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:09:13.0842 5520	PolicyAgent - ok
10:09:13.0857 5520	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:09:13.0888 5520	Power - ok
10:09:13.0904 5520	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:09:13.0935 5520	PptpMiniport - ok
10:09:13.0935 5520	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
10:09:13.0951 5520	Processor - ok
10:09:13.0966 5520	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:09:13.0998 5520	ProfSvc - ok
10:09:13.0998 5520	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:09:14.0013 5520	ProtectedStorage - ok
10:09:14.0029 5520	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:09:14.0060 5520	Psched - ok
10:09:14.0138 5520	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
10:09:14.0200 5520	ql2300 - ok
10:09:14.0247 5520	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
10:09:14.0263 5520	ql40xx - ok
10:09:14.0278 5520	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:09:14.0310 5520	QWAVE - ok
10:09:14.0325 5520	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:09:14.0341 5520	QWAVEdrv - ok
10:09:14.0341 5520	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:09:14.0403 5520	RasAcd - ok
10:09:14.0403 5520	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:09:14.0434 5520	RasAgileVpn - ok
10:09:14.0450 5520	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:09:14.0481 5520	RasAuto - ok
10:09:14.0481 5520	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:09:14.0512 5520	Rasl2tp - ok
10:09:14.0528 5520	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:09:14.0575 5520	RasMan - ok
10:09:14.0575 5520	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:09:14.0606 5520	RasPppoe - ok
10:09:14.0622 5520	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:09:14.0653 5520	RasSstp - ok
10:09:14.0668 5520	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:09:14.0700 5520	rdbss - ok
10:09:14.0700 5520	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:09:14.0715 5520	rdpbus - ok
10:09:14.0715 5520	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:09:14.0746 5520	RDPCDD - ok
10:09:14.0762 5520	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
10:09:14.0778 5520	RDPDR - ok
10:09:14.0778 5520	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:09:14.0809 5520	RDPENCDD - ok
10:09:14.0809 5520	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:09:14.0840 5520	RDPREFMP - ok
10:09:14.0856 5520	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:09:14.0871 5520	RDPWD - ok
10:09:14.0887 5520	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:09:14.0887 5520	rdyboost - ok
10:09:14.0934 5520	RegSrvc         (3b71b5b91e7dca93585d5a86c897adc4) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
10:09:14.0949 5520	RegSrvc - ok
10:09:14.0965 5520	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:09:15.0012 5520	RemoteAccess - ok
10:09:15.0012 5520	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:09:15.0043 5520	RemoteRegistry - ok
10:09:15.0058 5520	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
10:09:15.0074 5520	RFCOMM - ok
10:09:15.0090 5520	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
10:09:15.0105 5520	rimspci - ok
10:09:15.0105 5520	risdsnpe        (aa7b4ac7cb1281349cd61de067f00d5d) C:\Windows\system32\drivers\risdsne64.sys
10:09:15.0121 5520	risdsnpe - ok
10:09:15.0121 5520	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:09:15.0152 5520	RpcEptMapper - ok
10:09:15.0152 5520	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:09:15.0168 5520	RpcLocator - ok
10:09:15.0199 5520	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:09:15.0230 5520	RpcSs - ok
10:09:15.0246 5520	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:09:15.0277 5520	rspndr - ok
10:09:15.0292 5520	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
10:09:15.0292 5520	s3cap - ok
10:09:15.0308 5520	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:09:15.0324 5520	SamSs - ok
10:09:15.0324 5520	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:09:15.0339 5520	sbp2port - ok
10:09:15.0355 5520	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:09:15.0402 5520	SCardSvr - ok
10:09:15.0402 5520	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:09:15.0433 5520	scfilter - ok
10:09:15.0495 5520	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:09:15.0558 5520	Schedule - ok
10:09:15.0573 5520	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:09:15.0604 5520	SCPolicySvc - ok
10:09:15.0620 5520	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
10:09:15.0636 5520	sdbus - ok
10:09:15.0651 5520	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:09:15.0651 5520	SDRSVC - ok
10:09:15.0667 5520	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:09:15.0698 5520	secdrv - ok
10:09:15.0698 5520	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:09:15.0729 5520	seclogon - ok
10:09:15.0729 5520	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:09:15.0760 5520	SENS - ok
10:09:15.0776 5520	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:09:15.0776 5520	SensrSvc - ok
10:09:15.0792 5520	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
10:09:15.0792 5520	Serenum - ok
10:09:15.0807 5520	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
10:09:15.0807 5520	Serial - ok
10:09:15.0823 5520	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
10:09:15.0823 5520	sermouse - ok
10:09:15.0838 5520	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:09:15.0870 5520	SessionEnv - ok
10:09:15.0885 5520	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
10:09:15.0885 5520	SFEP - ok
10:09:15.0885 5520	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:09:15.0901 5520	sffdisk - ok
10:09:15.0901 5520	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:09:15.0916 5520	sffp_mmc - ok
10:09:15.0916 5520	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:09:15.0932 5520	sffp_sd - ok
10:09:15.0932 5520	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
10:09:15.0948 5520	sfloppy - ok
10:09:15.0963 5520	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:09:16.0010 5520	SharedAccess - ok
10:09:16.0026 5520	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:09:16.0057 5520	ShellHWDetection - ok
10:09:16.0072 5520	shpf            (c06ccd29f5c15b610237e86f82085e77) C:\Windows\system32\DRIVERS\shpf.sys
10:09:16.0072 5520	shpf - ok
10:09:16.0088 5520	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
10:09:16.0088 5520	SiSRaid2 - ok
10:09:16.0104 5520	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
10:09:16.0104 5520	SiSRaid4 - ok
10:09:16.0119 5520	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:09:16.0150 5520	Smb - ok
10:09:16.0150 5520	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:09:16.0166 5520	SNMPTRAP - ok
10:09:16.0260 5520	SplashtopRemoteService (bb2e1cc0adabdfe1a7ec810854ea00f1) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
10:09:16.0322 5520	SplashtopRemoteService - ok
10:09:16.0353 5520	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:09:16.0369 5520	spldr - ok
10:09:16.0400 5520	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:09:16.0447 5520	Spooler - ok
10:09:16.0634 5520	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:09:16.0712 5520	sppsvc - ok
10:09:16.0759 5520	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:09:16.0790 5520	sppuinotify - ok
10:09:16.0806 5520	SPTISRV         (e3e6c96b0ef4492c3c8fd0deef4e35a1) C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe
10:09:16.0821 5520	SPTISRV ( UnsignedFile.Multi.Generic ) - warning
10:09:16.0821 5520	SPTISRV - detected UnsignedFile.Multi.Generic (1)
10:09:16.0837 5520	SQLBrowser      (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
10:09:16.0852 5520	SQLBrowser - ok
10:09:16.0868 5520	SQLWriter       (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
10:09:16.0868 5520	SQLWriter - ok
10:09:16.0915 5520	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:09:16.0930 5520	srv - ok
10:09:16.0962 5520	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:09:16.0977 5520	srv2 - ok
10:09:16.0993 5520	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:09:17.0008 5520	srvnet - ok
10:09:17.0024 5520	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:09:17.0071 5520	SSDPSRV - ok
10:09:17.0086 5520	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:09:17.0118 5520	SstpSvc - ok
10:09:17.0149 5520	SSUService      (1cfa4a1f3c7bb4c8f299e00428eb8677) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
10:09:17.0149 5520	SSUService - ok
10:09:17.0164 5520	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
10:09:17.0164 5520	stexstor - ok
10:09:17.0196 5520	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:09:17.0227 5520	stisvc - ok
10:09:17.0227 5520	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
10:09:17.0242 5520	storflt - ok
10:09:17.0242 5520	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
10:09:17.0258 5520	StorSvc - ok
10:09:17.0258 5520	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
10:09:17.0274 5520	storvsc - ok
10:09:17.0274 5520	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:09:17.0274 5520	swenum - ok
10:09:17.0305 5520	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:09:17.0352 5520	swprv - ok
10:09:17.0367 5520	SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
10:09:17.0383 5520	SynTP - ok
10:09:17.0476 5520	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:09:17.0539 5520	SysMain - ok
10:09:17.0586 5520	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:09:17.0601 5520	TabletInputService - ok
10:09:17.0617 5520	tap0801         (8502bfc9c990567e4049358ec063d621) C:\Windows\system32\DRIVERS\tap0801.sys
10:09:17.0617 5520	tap0801 ( UnsignedFile.Multi.Generic ) - warning
10:09:17.0617 5520	tap0801 - detected UnsignedFile.Multi.Generic (1)
10:09:17.0632 5520	tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
10:09:17.0648 5520	tap0901 - ok
10:09:17.0664 5520	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:09:17.0710 5520	TapiSrv - ok
10:09:17.0726 5520	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:09:17.0757 5520	TBS - ok
10:09:17.0851 5520	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:09:17.0929 5520	Tcpip - ok
10:09:18.0069 5520	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:09:18.0116 5520	TCPIP6 - ok
10:09:18.0163 5520	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:09:18.0210 5520	tcpipreg - ok
10:09:18.0225 5520	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:09:18.0225 5520	TDPIPE - ok
10:09:18.0241 5520	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:09:18.0241 5520	TDTCP - ok
10:09:18.0256 5520	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:09:18.0288 5520	tdx - ok
10:09:18.0412 5520	TeamViewer6     (839e88db24d2d8f05b72e12b175951ca) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
10:09:18.0459 5520	TeamViewer6 - ok
10:09:18.0506 5520	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:09:18.0522 5520	TermDD - ok
10:09:18.0553 5520	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:09:18.0615 5520	TermService - ok
10:09:18.0615 5520	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:09:18.0631 5520	Themes - ok
10:09:18.0646 5520	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:09:18.0678 5520	THREADORDER - ok
10:09:18.0678 5520	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:09:18.0724 5520	TrkWks - ok
10:09:18.0724 5520	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:09:18.0756 5520	TrustedInstaller - ok
10:09:18.0771 5520	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:09:18.0802 5520	tssecsrv - ok
10:09:18.0802 5520	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:09:18.0818 5520	TsUsbFlt - ok
10:09:18.0818 5520	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:09:18.0849 5520	tunnel - ok
10:09:18.0865 5520	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
10:09:18.0865 5520	uagp35 - ok
10:09:18.0896 5520	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:09:18.0927 5520	udfs - ok
10:09:18.0943 5520	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:09:18.0943 5520	UI0Detect - ok
10:09:18.0958 5520	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:09:18.0958 5520	uliagpkx - ok
10:09:18.0974 5520	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:09:18.0990 5520	umbus - ok
10:09:18.0990 5520	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:09:19.0005 5520	UmPass - ok
10:09:19.0021 5520	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
10:09:19.0021 5520	UmRdpService - ok
10:09:19.0146 5520	UNS             (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:09:19.0208 5520	UNS ( UnsignedFile.Multi.Generic ) - warning
10:09:19.0208 5520	UNS - detected UnsignedFile.Multi.Generic (1)
10:09:19.0255 5520	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:09:19.0302 5520	upnphost - ok
10:09:19.0317 5520	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:09:19.0317 5520	USBAAPL64 ( UnsignedFile.Multi.Generic ) - warning
10:09:19.0317 5520	USBAAPL64 - detected UnsignedFile.Multi.Generic (1)
10:09:19.0333 5520	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:09:19.0348 5520	usbccgp - ok
10:09:19.0348 5520	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:09:19.0364 5520	usbcir - ok
10:09:19.0380 5520	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
10:09:19.0380 5520	usbehci - ok
10:09:19.0411 5520	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:09:19.0426 5520	usbhub - ok
10:09:19.0426 5520	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
10:09:19.0442 5520	usbohci - ok
10:09:19.0442 5520	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:09:19.0473 5520	usbprint - ok
10:09:19.0473 5520	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:09:19.0489 5520	usbscan - ok
10:09:19.0504 5520	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
10:09:19.0520 5520	USBSTOR - ok
10:09:19.0520 5520	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:09:19.0536 5520	usbuhci - ok
10:09:19.0551 5520	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:09:19.0567 5520	usbvideo - ok
10:09:19.0582 5520	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:09:19.0629 5520	UxSms - ok
10:09:19.0645 5520	VAIO Event Service (6b31c9cb94927dbeeb62e15275f4cc54) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
10:09:19.0645 5520	VAIO Event Service - ok
10:09:19.0676 5520	VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
10:09:19.0692 5520	VAIO Power Management - ok
10:09:19.0707 5520	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:09:19.0723 5520	VaultSvc - ok
10:09:19.0723 5520	VCService       (d347d3abe070aa09c22fc37121555d52) C:\Program Files\Sony\VAIO Care\VCService.exe
10:09:19.0738 5520	VCService - ok
10:09:19.0738 5520	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:09:19.0754 5520	vdrvroot - ok
10:09:19.0785 5520	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:09:19.0832 5520	vds - ok
10:09:19.0832 5520	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:09:19.0848 5520	vga - ok
10:09:19.0863 5520	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:09:19.0894 5520	VgaSave - ok
10:09:19.0910 5520	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:09:19.0910 5520	vhdmp - ok
10:09:19.0926 5520	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:09:19.0926 5520	viaide - ok
10:09:19.0941 5520	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
10:09:19.0957 5520	vmbus - ok
10:09:19.0957 5520	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
10:09:19.0972 5520	VMBusHID - ok
10:09:19.0988 5520	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:09:19.0988 5520	volmgr - ok
10:09:20.0004 5520	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:09:20.0019 5520	volmgrx - ok
10:09:20.0035 5520	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:09:20.0050 5520	volsnap - ok
10:09:20.0066 5520	vpcbus          (b4a73ca4ef9a02b9738cea9ad5fe5917) C:\Windows\system32\DRIVERS\vpchbus.sys
10:09:20.0082 5520	vpcbus - ok
10:09:20.0082 5520	vpcnfltr        (e675fb2b48c54f09895482e2253b289c) C:\Windows\system32\DRIVERS\vpcnfltr.sys
10:09:20.0097 5520	vpcnfltr - ok
10:09:20.0113 5520	vpcusb          (5fb42082b0d19a0268705f1dd343df20) C:\Windows\system32\DRIVERS\vpcusb.sys
10:09:20.0113 5520	vpcusb - ok
10:09:20.0128 5520	vpcuxd          (63f4e10873beb4124028c6d1a66b0968) C:\Windows\system32\drivers\vpcuxd.sys
10:09:20.0128 5520	vpcuxd - ok
10:09:20.0160 5520	vpcvmm          (207b6539799cc1c112661a9b620dd233) C:\Windows\system32\drivers\vpcvmm.sys
10:09:20.0160 5520	vpcvmm - ok
10:09:20.0175 5520	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
10:09:20.0191 5520	vsmraid - ok
10:09:20.0238 5520	VSNService      (33655f6b36aa8702960ab1568ed82a01) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
10:09:20.0253 5520	VSNService ( UnsignedFile.Multi.Generic ) - warning
10:09:20.0253 5520	VSNService - detected UnsignedFile.Multi.Generic (1)
10:09:20.0331 5520	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:09:20.0425 5520	VSS - ok
10:09:20.0487 5520	VUAgent         (0260e5f1790f90e8d7ec0588227aa42c) C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
10:09:20.0534 5520	VUAgent - ok
10:09:20.0565 5520	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:09:20.0596 5520	vwifibus - ok
10:09:20.0612 5520	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:09:20.0643 5520	vwififlt - ok
10:09:20.0643 5520	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:09:20.0674 5520	vwifimp - ok
10:09:20.0706 5520	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:09:20.0768 5520	W32Time - ok
10:09:20.0784 5520	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
10:09:20.0799 5520	WacomPen - ok
10:09:20.0799 5520	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0846 5520	WANARP - ok
10:09:20.0846 5520	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:09:20.0893 5520	Wanarpv6 - ok
10:09:20.0955 5520	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:09:21.0002 5520	WatAdminSvc - ok
10:09:21.0096 5520	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:09:21.0142 5520	wbengine - ok
10:09:21.0205 5520	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:09:21.0236 5520	WbioSrvc - ok
10:09:21.0252 5520	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:09:21.0298 5520	wcncsvc - ok
10:09:21.0314 5520	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:09:21.0330 5520	WcsPlugInService - ok
10:09:21.0345 5520	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
10:09:21.0361 5520	Wd - ok
10:09:21.0392 5520	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:09:21.0408 5520	Wdf01000 - ok
10:09:21.0423 5520	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:09:21.0470 5520	WdiServiceHost - ok
10:09:21.0470 5520	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:09:21.0501 5520	WdiSystemHost - ok
10:09:21.0517 5520	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:09:21.0548 5520	WebClient - ok
10:09:21.0564 5520	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:09:21.0610 5520	Wecsvc - ok
10:09:21.0626 5520	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:09:21.0657 5520	wercplsupport - ok
10:09:21.0657 5520	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:09:21.0688 5520	WerSvc - ok
10:09:21.0704 5520	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:09:21.0735 5520	WfpLwf - ok
10:09:21.0735 5520	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:09:21.0751 5520	WIMMount - ok
10:09:21.0751 5520	WinDefend - ok
10:09:21.0766 5520	WinHttpAutoProxySvc - ok
10:09:21.0782 5520	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:09:21.0813 5520	Winmgmt - ok
10:09:21.0922 5520	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:09:22.0000 5520	WinRM - ok
10:09:22.0063 5520	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
10:09:22.0094 5520	WinUsb - ok
10:09:22.0141 5520	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:09:22.0203 5520	Wlansvc - ok
10:09:22.0328 5520	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:09:22.0406 5520	wlidsvc - ok
10:09:22.0453 5520	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:09:22.0484 5520	WmiAcpi - ok
10:09:22.0515 5520	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:09:22.0531 5520	wmiApSrv - ok
10:09:22.0546 5520	WMPNetworkSvc - ok
10:09:22.0562 5520	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:09:22.0578 5520	WPCSvc - ok
10:09:22.0593 5520	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:09:22.0624 5520	WPDBusEnum - ok
10:09:22.0624 5520	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:09:22.0687 5520	ws2ifsl - ok
10:09:22.0702 5520	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:09:22.0734 5520	wscsvc - ok
10:09:22.0734 5520	WSearch - ok
10:09:22.0874 5520	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:09:22.0968 5520	wuauserv - ok
10:09:23.0014 5520	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:09:23.0077 5520	WudfPf - ok
10:09:23.0092 5520	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:09:23.0139 5520	WUDFRd - ok
10:09:23.0139 5520	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:09:23.0170 5520	wudfsvc - ok
10:09:23.0186 5520	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:09:23.0217 5520	WwanSvc - ok
10:09:23.0233 5520	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
10:09:23.0264 5520	\Device\Harddisk0\DR0 - ok
10:09:23.0264 5520	Boot (0x1200)   (35bd7533a112e91dbbcc89bd54feb048) \Device\Harddisk0\DR0\Partition0
10:09:23.0264 5520	\Device\Harddisk0\DR0\Partition0 - ok
10:09:23.0280 5520	Boot (0x1200)   (9e44d6111e4823c6d6a2ff1927a6e2d8) \Device\Harddisk0\DR0\Partition1
10:09:23.0280 5520	\Device\Harddisk0\DR0\Partition1 - ok
10:09:23.0280 5520	============================================================
10:09:23.0280 5520	Scan finished
10:09:23.0280 5520	============================================================
10:09:23.0295 5024	Detected object count: 14
10:09:23.0295 5024	Actual detected object count: 14
10:09:48.0770 5024	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0770 5024	Freemake Improver ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	Freemake Improver ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0770 5024	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0770 5024	igfx ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0770 5024	IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0770 5024	LMS ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0770 5024	LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	MSCSPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	OpenVPNService ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	OpenVPNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	PACSPTISVR ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	PACSPTISVR ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	SPTISRV ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	SPTISRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	tap0801 ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	tap0801 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	UNS ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0786 5024	USBAAPL64 ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0786 5024	USBAAPL64 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
10:09:48.0801 5024	VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
10:09:48.0801 5024	VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip
         
Viele Grüße
stevenss

Antwort

Themen zu Infektion mit SMART HDD
adobe, adobe flash player, antivir, avg, avgnt, avira, converter, defender, desktop, explorer, flash player, helper, microsoft, monitor, notification, office 2007, pdf, performance, plug-in, programme, s.m.a.r.t., scan, secure, security, smart, software, surfen, system, virus, wallpaper, windows



Ähnliche Themen: Infektion mit SMART HDD


  1. Infektion gefunden unter Eset Smart Security
    Log-Analyse und Auswertung - 03.11.2014 (9)
  2. Avast: Infektion blockiert , Infektion: URL:Mal (bei Ebay.de)
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (3)
  3. Smart 1.2 ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (11)
  4. SMART HDD - Trojaner
    Log-Analyse und Auswertung - 23.07.2012 (7)
  5. Smart HDD Virus
    Plagegeister aller Art und deren Bekämpfung - 20.05.2012 (3)
  6. Smart HDD entfernen
    Plagegeister aller Art und deren Bekämpfung - 16.05.2012 (30)
  7. SMART HDD entfernen
    Plagegeister aller Art und deren Bekämpfung - 30.04.2012 (3)
  8. Smart HDD Befall
    Plagegeister aller Art und deren Bekämpfung - 21.04.2012 (9)
  9. Smart HDD Trojaner
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (1)
  10. Smart HDD/ Wie entfernen?
    Log-Analyse und Auswertung - 14.04.2012 (14)
  11. Smart hdd
    Plagegeister aller Art und deren Bekämpfung - 12.04.2012 (24)
  12. SMART HHD und OTL
    Log-Analyse und Auswertung - 11.04.2012 (9)
  13. SMART HDD Virus
    Log-Analyse und Auswertung - 08.04.2012 (1)
  14. Probleme mit Smart HDD
    Plagegeister aller Art und deren Bekämpfung - 06.04.2012 (1)
  15. Smart HDD entfernen
    Antiviren-, Firewall- und andere Schutzprogramme - 06.04.2012 (1)
  16. Nach "smart protection 2012" infektion: System Clean?
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (11)
  17. Smart HDD entfernen
    Anleitungen, FAQs & Links - 14.12.2010 (2)

Zum Thema Infektion mit SMART HDD - Hallo, vorgestern Abend hat es meine Frau beim Surfen erwischt - sie hat sich den SMART HDD Virus eingefangen. Die Symptome: Schwarzer Desktop, alle Icons außer dem Papierkorb sind verschwunden, - Infektion mit SMART HDD...
Archiv
Du betrachtest: Infektion mit SMART HDD auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.