Bundespolizei hat mein Betriebssystem gesperrt

tuderich · 16.03.2012, 19:11

Hallo!

Habe mir auch diesen Virus eingefangen und habe gelesen (auf diesem Board natürlich), dass ich den SREP Scan von Larusso machen soll.

Das habe ich auch gemacht und habe jetzt die Shell Datei. Soll ich die einfach hier einfügen?

Vielen Dank im Voraus!

cosinus · 17.03.2012, 15:57

Eigentlich sollen andere Tools und damit auch SREP nicht einfach so ausgeführt werden. Aber wenn du es schon gemacht hast, ja poste das Log

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

tuderich · 17.03.2012, 16:55

Sorry, das wusste ich nicht. Hier ist der Code

Code:

ATTFilter

WIN_7 X64 
Running from G:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.


[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
winlogon.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
srep.exe


HKLM\..\Run [IAStorIcon] = C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\..\Run [Adobe Reader Speed Launcher] = "c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKLM\..\Run [Adobe ARM] = "c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\..\Run [ISBMgr.exe] = "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
HKLM\..\Run [StartCCC] = "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
HKLM\..\Run [PMBVolumeWatcher] = c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
HKLM\..\Run [MarketingTools] = C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
HKLM\..\Run [avgnt] = "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [] = 
HKLM\..\Run [ApnUpdater] = "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
HKLM\..\Run [facemoods] = "C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I
HKLM\..\Run [SunJavaUpdateSched] = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\..\Run [APSDaemon] = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\..\Run [QuickTime Task] = "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
HKLM\..\Run [iTunesHelper] = "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKCU\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKCU\..\Run [Sony Ericsson PC Companion] = "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
HKCU\..\Run [Sony PC Companion] = "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background

HKU\.DEFAULT\..\Winlogon; Shell = 
HKU\S-1-5-19\..\Winlogon; Shell = 
HKU\S-1-5-20\..\Winlogon; Shell = 
HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Winlogon; Shell = 
HKU\S-1-5-21-133344265-2073515673-3491639903-1000_Classes\..\Winlogon; Shell = 
HKU\S-1-5-18\..\Winlogon; Shell = 

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Run [msnmsgr] = "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Run [Sony Ericsson PC Companion] = "C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe" /Background
HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Run [Sony PC Companion] = "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background


x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2868224- ]
No action taken
HKCUx6464\..\Winlogon; Shell = 
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell = 

==== FINISH 16.03-18.58 ====

cosinus · 19.03.2012, 15:06

Eine Info ob der normale Modus funktioniert wäre auch mal nicht verkehrt gewesen

Wenn der immer noch nicht geht, probierst du den abgesicherten Modus mit Netzwerk:
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

tuderich · 19.03.2012, 19:10

Wenn der normale Modus noch funktionieren würde, dann hätte ich glaub ich nich so ein riesen Problem

Naja, der normale Modus geht nicht. Mir wird nur der Bibliotheksordner geöffnet, und danach hab ich vllt 2 Min. bis dann das hübsche Fenster mit der Polizeibenachrichtigung kommt.

Abgesicherte Modi funktionieren alle 3 ohne Probleme

cosinus · 19.03.2012, 19:14

Na, dann geh mal in den abgesicherten mit Netzwerk. Da wirst du erstmal MBAM/ESET probieren können:

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

tuderich · 28.03.2012, 18:13

Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.28.04

Windows 7 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7600.16385
Vaio :: 2D-VAIO [Administrator]

28.03.2012 16:48:27
mbam-log-2012-03-28 (16-48-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 360160
Laufzeit: 54 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Vaio\AppData\Local\Temp\arg180763.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Vaio\AppData\Local\Temp\fsa166438.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Vaio\AppData\Local\Temp\jag148027.exe (Trojan.Ransom.BP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg180763.exe.lnk (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsa166438.exe.lnk (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jag148027.exe.lnk (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c57403424ecf0d4fafce7e87ee008795
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-28 05:02:54
# local_time=2012-03-28 07:02:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1797 16775166 100 94 1036268 69482220 1026902 0
# compatibility_mode=5893 16776573 100 94 20559959 84580207 0 0
# compatibility_mode=8192 67108863 100 0 246 246 0 0
# scanned=179968
# found=2
# cleaned=0
# scan_time=3816
C:\Users\Vaio\AppData\Local\Temp\V73pEqk9.exe.part	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Vaio\AppData\Local\Temp\ICReinstall\Facemoods.exe	probably a variant of Win32/InstallCore.A application (unable to clean)	00000000000000000000000000000000	I

ich hoffe, das passt so

cosinus · 28.03.2012, 20:36

Geht der normale Modus wieder?

tuderich · 28.03.2012, 21:45

JAAAAAA!!! Danke danke danke! Wie kann ich euch nur danken!

Ich freu mich wie ein junges Huhn!!

Muss ich jetzt sonst noch was machen?

cosinus · 29.03.2012, 12:59

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

tuderich · 30.03.2012, 08:06

Code:

ATTFilter

OTL logfile created on: 30.03.2012 08:48:41 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Vaio\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 63,96% Memory free
7,71 Gb Paging File | 6,01 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,14 Gb Total Space | 204,90 Gb Free Space | 45,02% Space Free | Partition Type: NTFS
 
Computer Name: 2D-VAIO | User Name: Vaio | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.30 08:46:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
PRC - [2012.01.27 11:57:10 | 000,441,016 | ---- | M] (Sony) -- C:\Program Files (x86)\SONY\Sony PC Companion\PCCompanion.exe
PRC - [2012.01.11 09:39:28 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\SONY\Sony PC Companion\PCCompanionInfo.exe
PRC - [2011.11.04 21:56:00 | 000,186,760 | ---- | M] () -- C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
PRC - [2011.10.06 02:24:28 | 000,132,936 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.08.23 22:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.08.04 11:34:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 09:49:55 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2011.07.14 11:55:18 | 000,329,432 | ---- | M] (facemoods.com) -- C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
PRC - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.03.19 09:50:22 | 000,088,576 | ---- | M] (ZTE) -- C:\Program Files (x86)\Ge org Internet Manager\Bin\mcserver.exe
PRC - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\dbus-daemon.exe
PRC - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\db_daemon.exe
PRC - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\gconfd-2.exe
PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2009.12.01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.21 01:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.09.04 23:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.15 16:20:20 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.01.11 09:39:28 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\SONY\Sony PC Companion\PCCompanionInfo.exe
MOD - [2011.11.23 17:38:58 | 000,205,824 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2011.10.06 02:24:28 | 000,132,936 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
MOD - [2011.10.06 02:23:26 | 000,009,032 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\lang\gui-eng.dll
MOD - [2011.07.29 10:22:14 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.12.13 09:58:50 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\SONY\Sony PC Companion\TMonitorAPI.dll
MOD - [2010.03.31 07:51:44 | 000,089,600 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\itapi.dll
MOD - [2010.03.31 07:51:40 | 000,054,272 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\coder.dll
MOD - [2010.03.31 07:51:36 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\audio.dll
MOD - [2010.03.31 07:51:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\log.dll
MOD - [2010.03.19 09:50:12 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\libctlsvr.dll
MOD - [2010.01.26 12:35:46 | 000,215,552 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\dbus-daemon.exe
MOD - [2010.01.26 12:35:42 | 000,031,232 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\db_daemon.exe
MOD - [2010.01.26 12:35:36 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\gconfd-2.exe
MOD - [2010.01.26 12:35:34 | 000,055,808 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\libgconfbackend-xml.dll
MOD - [2010.01.26 12:35:20 | 000,157,696 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\libgconf-2.dll
MOD - [2010.01.26 12:35:06 | 000,594,432 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\dbus-1.dll
MOD - [2010.01.26 12:34:04 | 000,341,504 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\sqlite3.dll
MOD - [2009.07.14 06:55:57 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MOD - [2009.07.14 06:55:34 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e71959f4ec6eb386889050ac139835c7\System.ServiceProcess.ni.dll
MOD - [2009.07.14 06:55:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MOD - [2009.07.14 06:55:26 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MOD - [2009.07.14 06:55:14 | 003,313,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll
MOD - [2009.07.14 06:55:09 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MOD - [2009.07.14 06:55:06 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MOD - [2009.07.14 06:55:05 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MOD - [2009.07.14 06:55:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MOD - [2009.03.28 09:19:06 | 000,080,688 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\zlib1.dll
MOD - [2008.05.06 13:50:00 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\libxml2.dll
MOD - [2007.09.09 17:07:00 | 000,151,552 | ---- | M] () -- C:\Program Files (x86)\Ge org Internet Manager\Bin\libexpat.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.01.27 22:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.10.16 18:10:46 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2009.09.16 23:28:42 | 000,167,424 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Care\collsvc.exe -- (SampleCollector) Intel(R)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2011.11.04 21:56:00 | 000,186,760 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe -- (ScsiAccess)
SRV - [2011.10.06 02:24:34 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2011.10.06 02:21:56 | 000,288,088 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011.09.23 16:37:08 | 001,429,608 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.08.04 11:34:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.27 01:14:40 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.05.27 01:14:36 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.12.01 22:03:52 | 000,204,648 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 01:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 23:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.08.25 16:08:56 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.08.25 16:08:56 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.08.04 11:34:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.04 11:34:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.07.29 11:02:35 | 000,021,200 | ---- | M] (EnTech Taiwan) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TVicHW64.sys -- (TVICHW64)
DRV:64bit: - [2011.05.25 01:40:12 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2011.05.25 01:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.01.27 22:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 06:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.15 04:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009.12.15 04:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.11.24 03:49:44 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.11.24 03:49:44 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.11.24 03:49:44 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.11.24 03:49:44 | 000,011,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.10.09 04:47:00 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.08.05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.02.17 19:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes,DefaultScope = {E2929ED9-065E-441C-BD82-3218925438D0}
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{32AD10A4-AECD-449E-A739-0972D180F445}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{7E71486C-1B20-402E-B409-F542855316F7}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=f9855fb6-3c2c-4a3d-a53f-9058eac58a07&apn_sauid=4B8586E8-C839-4141-8B0E-2EE454621BA6&
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = hxxp://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{E2929ED9-065E-441C-BD82-3218925438D0}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_de
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{FAD309C7-AF02-4846-BA4E-11A80F6D1906}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=f9855fb6-3c2c-4a3d-a53f-9058eac58a07&apn_ptnrs=^AAA&apn_sauid=4B8586E8-C839-4141-8B0E-2EE454621BA6&apn_dtid=^YYYYYY^YY^AT&&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@photodex.com/PhotodexPresenter: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files (x86)\Ge org Internet Manager\Bin\addon [2010.04.01 14:29:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.09 10:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.03 18:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Extensions
[2012.03.04 20:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions
[2011.08.04 17:53:50 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.04 20:08:12 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.09.02 18:04:33 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com
[2011.11.13 14:17:21 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com
[2011.11.18 22:28:34 | 000,002,404 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\searchplugins\askcom.xml
[2012.03.28 22:47:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.01.15 16:19:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.03.28 22:47:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011.09.02 17:36:18 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.01.09 10:36:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 10:56:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.26 10:56:15 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.26 10:56:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.26 10:56:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.25 01:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
[2011.10.26 10:56:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.26 10:56:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programme\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-133344265-2073515673-3491639903-1000..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Vaio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - c:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5DB63988-98C6-4312-8B36-AA4B2FAA958F}: DhcpNameServer = 10.0.0.138 10.0.0.138
O18:64bit: - Protocol\Handler\cdo - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\Shell - "" = AutoRun
O33 - MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: mcmscsvc - Service
SafeBootMin:64bit: MCODS - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - Service
SafeBootMin: MCODS - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: mcmscsvc - Service
SafeBootNet:64bit: MCODS - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MpfService - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: mcmscsvc - Service
SafeBootNet: MCODS - Service
SafeBootNet: Messenger - Service
SafeBootNet: MpfService - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{906803B6-6DF0-4743-BBAE-B177976F61A8} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.30 08:46:56 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
[2012.03.28 22:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.28 17:55:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.28 16:47:32 | 000,000,000 | ---D | C] -- C:\Users\Vaio\AppData\Roaming\Malwarebytes
[2012.03.28 16:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.28 16:47:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.28 16:47:26 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.03.28 16:47:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.28 16:45:49 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Vaio\Desktop\mbam-setup-1.60.1.1000.exe
[2012.03.08 18:18:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 08:51:41 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 08:51:41 | 000,013,936 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 08:48:48 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 08:48:48 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 08:48:48 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 08:48:48 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 08:48:48 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 08:46:57 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Vaio\Desktop\OTL.exe
[2012.03.30 08:43:55 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.03.30 08:43:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 08:43:37 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.28 22:43:20 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.03.28 19:12:50 | 000,003,864 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\wklnhst.dat
[2012.03.28 16:47:27 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.28 16:46:05 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Vaio\Desktop\mbam-setup-1.60.1.1000.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.28 16:47:27 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.08 18:18:28 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.02.22 17:09:49 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2011.11.18 22:39:39 | 000,193,664 | ---- | C] () -- C:\Windows\SysWow64\bmsdk.exe
[2011.11.18 22:39:39 | 000,002,960 | ---- | C] () -- C:\Windows\SysWow64\boc.ini
[2011.11.18 22:39:39 | 000,000,516 | ---- | C] () -- C:\Windows\SysWow64\bocinstall.ini
[2011.09.02 18:32:27 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2011.09.02 18:32:13 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2011.09.01 23:26:27 | 000,510,976 | ---- | C] () -- C:\Windows\SysWow64\synsoacc.dll
[2011.08.04 15:03:48 | 000,003,864 | ---- | C] () -- C:\Users\Vaio\AppData\Roaming\wklnhst.dat
[2011.08.04 13:10:21 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.29 09:36:49 | 000,002,119 | ---- | C] () -- C:\Windows\SysWow64\McOEMAppRules.dat
 
========== LOP Check ==========
 
[2012.01.15 18:13:59 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Amazon
[2011.09.02 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Ashampoo Cover Studio
[2011.09.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Audacity
[2012.01.18 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\DVDVideoSoft
[2011.08.04 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.18 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Ge org Internet Manager
[2011.09.02 18:32:42 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\MAGIX
[2011.11.04 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Netscape
[2012.01.15 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\OpenOffice.org
[2011.11.04 21:55:33 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Photodex
[2011.09.11 21:46:07 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Steinberg
[2012.01.04 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Watchtower
[2012.03.30 08:43:55 | 000,000,324 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2011.12.31 14:38:37 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.04 22:31:00 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Adobe
[2012.01.15 18:13:59 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Amazon
[2011.08.04 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Apple Computer
[2011.09.20 15:23:23 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\ArcSoft
[2011.09.02 18:39:57 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Ashampoo Cover Studio
[2011.07.29 10:17:57 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\ATI
[2011.09.18 13:17:19 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Audacity
[2011.08.31 22:16:55 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Avira
[2011.12.01 14:54:20 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\DVD Flick
[2011.12.02 15:31:44 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\dvdcss
[2012.01.18 18:32:53 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\DVDVideoSoft
[2011.08.04 17:53:50 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.11.18 22:45:50 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Ge org Internet Manager
[2011.08.03 18:35:55 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Google
[2011.07.29 10:16:48 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Identities
[2011.07.29 10:18:06 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Intel Corporation
[2011.08.03 18:37:43 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Macromedia
[2011.09.02 18:32:42 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\MAGIX
[2012.03.28 16:47:32 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Malwarebytes
[2010.01.30 02:45:13 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Media Center Programs
[2012.01.08 23:03:04 | 000,000,000 | --SD | M] -- C:\Users\Vaio\AppData\Roaming\Microsoft
[2011.11.04 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Mozilla
[2011.12.02 00:59:32 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\NCH Software
[2011.11.04 21:56:10 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Netscape
[2012.01.15 16:21:25 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\OpenOffice.org
[2011.11.04 21:55:33 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Photodex
[2011.12.01 14:59:05 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Roxio
[2011.07.29 10:14:45 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Sony Corporation
[2011.09.11 21:46:07 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Steinberg
[2012.02.05 18:17:01 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\vlc
[2012.01.04 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\Vaio\AppData\Roaming\Watchtower
 
< %APPDATA%\*.exe /s >
[2011.08.09 11:30:00 | 003,085,984 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Vaio\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2011.09.17 10:39:30 | 003,623,592 | ---- | M] (Ask) -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2007.11.27 09:41:32 | 000,405,504 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\NCH Software\Components\mp3el2\lame.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.11.21 01:09:48 | 000,537,112 | ---- | M] (Intel Corporation) MD5=073A606333B6F7BBF20AA856DF7F0997 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_53f33454d751d4bd\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:28 | 010,973,696 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll
 
<           >

< End of report >

cosinus · 30.03.2012, 10:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{7E71486C-1B20-402E-B409-F542855316F7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=DVS2&o=1586&src=crm&q={searchTerms}&locale=de_US&apn_ptnrs=^AAA&apn_dtid=^YYYYYY^YY^AT&apn_uid=f9855fb6-3c2c-4a3d-a53f-9058eac58a07&apn_sauid=4B8586E8-C839-4141-8B0E-2EE454621BA6&
IE - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}: "URL" = http://search.hotspotshield.com/g/results.php?c=s&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.hotmail.com"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=f9855fb6-3c2c-4a3d-a53f-9058eac58a07&apn_ptnrs=^AAA&apn_sauid=4B8586E8-C839-4141-8B0E-2EE454621BA6&apn_dtid=^YYYYYY^YY^AT&&q="
FF - user.js - File not found
[2011.09.02 18:04:33 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com
[2011.11.13 14:17:21 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com
[2011.11.18 22:28:34 | 000,002,404 | ---- | M] () -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\searchplugins\askcom.xml
[2011.05.25 01:41:10 | 000,001,847 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-133344265-2073515673-3491639903-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\Shell - "" = AutoRun
O33 - MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
[2011.09.17 10:39:30 | 003,623,592 | ---- | M] (Ask) -- C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
:Files
C:\Program Files (x86)\Ask.com
C:\Program Files (x86)\facemoods.com
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

tuderich · 01.04.2012, 12:04

Code:

ATTFilter

All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-133344265-2073515673-3491639903-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7E71486C-1B20-402E-B409-F542855316F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E71486C-1B20-402E-B409-F542855316F7}\ not found.
Registry key HKEY_USERS\S-1-5-21-133344265-2073515673-3491639903-1000\Software\Microsoft\Internet Explorer\SearchScopes\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c99fdc39-a1ae-4b24-8d71-e5274f8d7c54}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "www.hotmail.com" removed from browser.startup.homepage
Prefs.js: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVS2&o=1586&locale=de_US&apn_uid=f9855fb6-3c2c-4a3d-a53f-9058eac58a07&apn_ptnrs=^AAA&apn_sauid=4B8586E8-C839-4141-8B0E-2EE454621BA6&apn_dtid=^YYYYYY^YY^AT&&q=" removed from keyword.URL
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-09-Nov-2011-19-47-33-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-11-21-56-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-04-Aug-2011-19-31-51-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-30-Oct-2011-20-49-23-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-11-Sep-2011-17-52-42-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-18-Nov-2011-20-28-33-GMT folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Vaio\AppData\Roaming\mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\searchplugins\askcom.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\privatesearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}\ deleted successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-133344265-2073515673-3491639903-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files (x86)\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03f5466c-396a-11e1-b17b-506313fcf851}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03f5466c-396a-11e1-b17b-506313fcf851}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03f5466c-396a-11e1-b17b-506313fcf851}\ not found.
File G:\LaunchU3.exe -a not found.
File C:\Users\Vaio\AppData\Roaming\Mozilla\Firefox\Profiles\bct2bxr2.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
========== FILES ==========
C:\Program Files (x86)\Ask.com\Updater folder moved successfully.
C:\Program Files (x86)\Ask.com\assets\oobe folder moved successfully.
C:\Program Files (x86)\Ask.com\assets folder moved successfully.
C:\Program Files (x86)\Ask.com folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11 folder moved successfully.
C:\Program Files (x86)\facemoods.com\facemoods folder moved successfully.
C:\Program Files (x86)\facemoods.com folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Vaio
->Temp folder emptied: 506453829 bytes
->Temporary Internet Files folder emptied: 96177497 bytes
->Java cache emptied: 291701 bytes
->FireFox cache emptied: 1136646230 bytes
->Flash cache emptied: 3090188 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31141281 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 191412 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.692,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Vaio
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04012012_125620

Files\Folders moved on Reboot...
C:\Users\Vaio\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 02.04.2012, 10:53

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

tuderich · 05.04.2012, 15:25

Code:

ATTFilter

16:20:29.0917 6136	TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
16:20:30.0214 6136	============================================================
16:20:30.0214 6136	Current date / time: 2012/04/05 16:20:30.0214
16:20:30.0214 6136	SystemInfo:
16:20:30.0214 6136	
16:20:30.0229 6136	OS Version: 6.1.7600 ServicePack: 0.0
16:20:30.0229 6136	Product type: Workstation
16:20:30.0229 6136	ComputerName: 2D-VAIO
16:20:30.0229 6136	UserName: Vaio
16:20:30.0229 6136	Windows directory: C:\Windows
16:20:30.0229 6136	System windows directory: C:\Windows
16:20:30.0229 6136	Running under WOW64
16:20:30.0229 6136	Processor architecture: Intel x64
16:20:30.0229 6136	Number of processors: 4
16:20:30.0229 6136	Page size: 0x1000
16:20:30.0229 6136	Boot type: Normal boot
16:20:30.0229 6136	============================================================
16:20:30.0775 6136	Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:20:30.0775 6136	\Device\Harddisk0\DR0:
16:20:30.0775 6136	MBR used
16:20:30.0775 6136	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x150A000, BlocksNum 0x32000
16:20:30.0775 6136	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x153C000, BlocksNum 0x38E49800
16:20:30.0791 6136	Initialize success
16:20:30.0791 6136	============================================================
16:20:45.0191 1216	============================================================
16:20:45.0191 1216	Scan started
16:20:45.0191 1216	Mode: Manual; SigCheck; TDLFS; 
16:20:45.0191 1216	============================================================
16:20:45.0690 1216	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\drivers\1394ohci.sys
16:20:45.0815 1216	1394ohci - ok
16:20:45.0924 1216	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
16:20:45.0971 1216	ACDaemon - ok
16:20:46.0080 1216	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\drivers\ACPI.sys
16:20:46.0111 1216	ACPI - ok
16:20:46.0158 1216	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
16:20:46.0236 1216	AcpiPmi - ok
16:20:46.0330 1216	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
16:20:46.0392 1216	adp94xx - ok
16:20:46.0423 1216	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
16:20:46.0454 1216	adpahci - ok
16:20:46.0517 1216	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
16:20:46.0548 1216	adpu320 - ok
16:20:46.0595 1216	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:20:46.0782 1216	AeLookupSvc - ok
16:20:46.0907 1216	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
16:20:47.0000 1216	AFD - ok
16:20:47.0032 1216	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:20:47.0047 1216	agp440 - ok
16:20:47.0094 1216	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:20:47.0156 1216	ALG - ok
16:20:47.0219 1216	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:20:47.0234 1216	aliide - ok
16:20:47.0297 1216	AMD External Events Utility (3260756e234083bd2bd1709c60b6e6d7) C:\Windows\system32\atiesrxx.exe
16:20:47.0359 1216	AMD External Events Utility - ok
16:20:47.0437 1216	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:20:47.0453 1216	amdide - ok
16:20:47.0500 1216	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
16:20:47.0546 1216	AmdK8 - ok
16:20:47.0640 1216	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
16:20:47.0671 1216	AmdPPM - ok
16:20:47.0765 1216	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
16:20:47.0796 1216	amdsata - ok
16:20:47.0843 1216	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
16:20:47.0858 1216	amdsbs - ok
16:20:47.0890 1216	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
16:20:47.0905 1216	amdxata - ok
16:20:47.0999 1216	AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:20:48.0014 1216	AntiVirSchedulerService - ok
16:20:48.0061 1216	AntiVirService  (72d90e56563165984224493069c69ed4) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:20:48.0077 1216	AntiVirService - ok
16:20:48.0155 1216	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
16:20:48.0280 1216	AppID - ok
16:20:48.0342 1216	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:20:48.0420 1216	AppIDSvc - ok
16:20:48.0436 1216	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
16:20:48.0482 1216	Appinfo - ok
16:20:48.0592 1216	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:20:48.0607 1216	Apple Mobile Device - ok
16:20:48.0670 1216	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
16:20:48.0685 1216	arc - ok
16:20:48.0763 1216	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
16:20:48.0794 1216	arcsas - ok
16:20:48.0841 1216	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
16:20:48.0857 1216	ArcSoftKsUFilter - ok
16:20:48.0935 1216	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:20:49.0028 1216	AsyncMac - ok
16:20:49.0060 1216	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:20:49.0075 1216	atapi - ok
16:20:49.0216 1216	athr            (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
16:20:49.0309 1216	athr - ok
16:20:49.0559 1216	atikmdag        (f3a362b683b6158cc47d7e8e58b7ddc9) C:\Windows\system32\DRIVERS\atikmdag.sys
16:20:49.0777 1216	atikmdag - ok
16:20:49.0840 1216	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:20:49.0933 1216	AudioEndpointBuilder - ok
16:20:49.0980 1216	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
16:20:50.0058 1216	AudioSrv - ok
16:20:50.0152 1216	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
16:20:50.0167 1216	avgntflt - ok
16:20:50.0214 1216	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
16:20:50.0230 1216	avipbb - ok
16:20:50.0276 1216	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
16:20:50.0354 1216	AxInstSV - ok
16:20:50.0448 1216	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
16:20:50.0510 1216	b06bdrv - ok
16:20:50.0542 1216	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:20:50.0588 1216	b57nd60a - ok
16:20:50.0682 1216	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:20:50.0713 1216	BDESVC - ok
16:20:50.0776 1216	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:20:50.0854 1216	Beep - ok
16:20:50.0900 1216	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
16:20:51.0010 1216	BFE - ok
16:20:51.0134 1216	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
16:20:51.0259 1216	BITS - ok
16:20:51.0337 1216	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
16:20:51.0368 1216	blbdrive - ok
16:20:51.0462 1216	BMLoad          (057f482cfdb57e75202e2e37795f2d3b) C:\Windows\system32\drivers\BMLoad.sys
16:20:51.0509 1216	BMLoad ( UnsignedFile.Multi.Generic ) - warning
16:20:51.0509 1216	BMLoad - detected UnsignedFile.Multi.Generic (1)
16:20:51.0571 1216	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:20:51.0602 1216	Bonjour Service - ok
16:20:51.0727 1216	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
16:20:51.0821 1216	bowser - ok
16:20:51.0852 1216	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
16:20:51.0868 1216	BrFiltLo - ok
16:20:51.0883 1216	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
16:20:51.0914 1216	BrFiltUp - ok
16:20:51.0961 1216	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
16:20:52.0039 1216	Browser - ok
16:20:52.0086 1216	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:20:52.0148 1216	Brserid - ok
16:20:52.0211 1216	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:20:52.0242 1216	BrSerWdm - ok
16:20:52.0304 1216	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:20:52.0336 1216	BrUsbMdm - ok
16:20:52.0382 1216	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:20:52.0429 1216	BrUsbSer - ok
16:20:52.0523 1216	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
16:20:52.0570 1216	BthEnum - ok
16:20:52.0601 1216	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
16:20:52.0648 1216	BTHMODEM - ok
16:20:52.0757 1216	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:20:52.0804 1216	BthPan - ok
16:20:52.0835 1216	BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
16:20:52.0882 1216	BTHPORT - ok
16:20:52.0975 1216	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:20:53.0053 1216	bthserv - ok
16:20:53.0147 1216	BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
16:20:53.0194 1216	BTHUSB - ok
16:20:53.0225 1216	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
16:20:53.0240 1216	btusbflt - ok
16:20:53.0287 1216	btwaudio        (4bdbdb86abba924e029fb2683be7c505) C:\Windows\system32\drivers\btwaudio.sys
16:20:53.0303 1216	btwaudio - ok
16:20:53.0365 1216	btwavdt         (5c849bd7c78791c5cee9f4651d7fe38d) C:\Windows\system32\drivers\btwavdt.sys
16:20:53.0381 1216	btwavdt - ok
16:20:53.0459 1216	btwdins         (31da517946ffe416442e864592548f8a) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
16:20:53.0506 1216	btwdins - ok
16:20:53.0599 1216	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
16:20:53.0599 1216	btwl2cap - ok
16:20:53.0646 1216	btwrchid        (3e1991afa851a36dc978b0a1b0535c8b) C:\Windows\system32\DRIVERS\btwrchid.sys
16:20:53.0646 1216	btwrchid - ok
16:20:53.0693 1216	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:20:53.0786 1216	cdfs - ok
16:20:53.0802 1216	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
16:20:53.0833 1216	cdrom - ok
16:20:53.0864 1216	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:20:53.0958 1216	CertPropSvc - ok
16:20:53.0989 1216	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
16:20:54.0036 1216	circlass - ok
16:20:54.0130 1216	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:20:54.0161 1216	CLFS - ok
16:20:54.0239 1216	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:20:54.0254 1216	clr_optimization_v2.0.50727_32 - ok
16:20:54.0379 1216	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:20:54.0395 1216	clr_optimization_v2.0.50727_64 - ok
16:20:54.0457 1216	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
16:20:54.0488 1216	CmBatt - ok
16:20:54.0520 1216	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:20:54.0535 1216	cmdide - ok
16:20:54.0598 1216	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
16:20:54.0660 1216	CNG - ok
16:20:54.0754 1216	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
16:20:54.0769 1216	Compbatt - ok
16:20:54.0785 1216	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\drivers\CompositeBus.sys
16:20:54.0832 1216	CompositeBus - ok
16:20:54.0847 1216	COMSysApp - ok
16:20:54.0878 1216	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
16:20:54.0878 1216	crcdisk - ok
16:20:54.0925 1216	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
16:20:54.0988 1216	CryptSvc - ok
16:20:55.0034 1216	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:20:55.0097 1216	DcomLaunch - ok
16:20:55.0175 1216	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:20:55.0268 1216	defragsvc - ok
16:20:55.0331 1216	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
16:20:55.0409 1216	DfsC - ok
16:20:55.0440 1216	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
16:20:55.0549 1216	Dhcp - ok
16:20:55.0658 1216	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:20:55.0736 1216	discache - ok
16:20:55.0752 1216	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
16:20:55.0768 1216	Disk - ok
16:20:55.0830 1216	Dnscache        (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll
16:20:55.0908 1216	Dnscache - ok
16:20:55.0939 1216	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
16:20:55.0986 1216	dot3svc - ok
16:20:56.0017 1216	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
16:20:56.0064 1216	DPS - ok
16:20:56.0095 1216	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:20:56.0111 1216	drmkaud - ok
16:20:56.0173 1216	DXGKrnl         (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
16:20:56.0251 1216	DXGKrnl - ok
16:20:56.0282 1216	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:20:56.0360 1216	EapHost - ok
16:20:56.0470 1216	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
16:20:56.0594 1216	ebdrv - ok
16:20:56.0688 1216	EFS             (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe
16:20:56.0719 1216	EFS - ok
16:20:56.0797 1216	ehRecvr         (b91d81b3b54a54ccafc03733dbc2e29e) C:\Windows\ehome\ehRecvr.exe
16:20:56.0875 1216	ehRecvr - ok
16:20:56.0922 1216	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:20:56.0953 1216	ehSched - ok
16:20:57.0016 1216	ElbyCDIO        (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:20:57.0031 1216	ElbyCDIO - ok
16:20:57.0094 1216	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
16:20:57.0125 1216	elxstor - ok
16:20:57.0156 1216	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:20:57.0187 1216	ErrDev - ok
16:20:57.0281 1216	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:20:57.0343 1216	EventSystem - ok
16:20:57.0421 1216	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:20:57.0499 1216	exfat - ok
16:20:57.0578 1216	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:20:57.0656 1216	fastfat - ok
16:20:57.0734 1216	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
16:20:57.0781 1216	Fax - ok
16:20:57.0843 1216	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
16:20:57.0875 1216	fdc - ok
16:20:57.0906 1216	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:20:57.0984 1216	fdPHost - ok
16:20:58.0015 1216	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:20:58.0077 1216	FDResPub - ok
16:20:58.0187 1216	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:20:58.0202 1216	FileInfo - ok
16:20:58.0233 1216	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:20:58.0296 1216	Filetrace - ok
16:20:58.0327 1216	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
16:20:58.0343 1216	flpydisk - ok
16:20:58.0374 1216	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
16:20:58.0389 1216	FltMgr - ok
16:20:58.0452 1216	FontCache       (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll
16:20:58.0530 1216	FontCache - ok
16:20:58.0608 1216	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:20:58.0623 1216	FontCache3.0.0.0 - ok
16:20:58.0717 1216	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:20:58.0733 1216	FsDepends - ok
16:20:58.0795 1216	fssfltr         (53dab1791917a72738539ad25c4eed7f) C:\Windows\system32\DRIVERS\fssfltr.sys
16:20:58.0795 1216	fssfltr - ok
16:20:58.0904 1216	fsssvc          (45b52394f9624237f33a8a3d73c0b221) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:20:58.0951 1216	fsssvc - ok
16:20:59.0029 1216	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
16:20:59.0045 1216	Fs_Rec - ok
16:20:59.0091 1216	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
16:20:59.0107 1216	fvevol - ok
16:20:59.0138 1216	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
16:20:59.0154 1216	gagp30kx - ok
16:20:59.0201 1216	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:20:59.0216 1216	GEARAspiWDM - ok
16:20:59.0247 1216	ggflt           (a4198f2bd8aa592cb90476277a81b5e1) C:\Windows\system32\DRIVERS\ggflt.sys
16:20:59.0263 1216	ggflt - ok
16:20:59.0325 1216	ggsemc          (d266350bdaab9eb6c1aec370eeaaff3a) C:\Windows\system32\DRIVERS\ggsemc.sys
16:20:59.0325 1216	ggsemc - ok
16:20:59.0388 1216	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
16:20:59.0466 1216	gpsvc - ok
16:20:59.0513 1216	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:20:59.0544 1216	hcw85cir - ok
16:20:59.0575 1216	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
16:20:59.0622 1216	HdAudAddService - ok
16:20:59.0653 1216	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:20:59.0700 1216	HDAudBus - ok
16:20:59.0731 1216	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
16:20:59.0747 1216	HECIx64 - ok
16:20:59.0793 1216	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
16:20:59.0825 1216	HidBatt - ok
16:20:59.0856 1216	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
16:20:59.0903 1216	HidBth - ok
16:20:59.0918 1216	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
16:20:59.0949 1216	HidIr - ok
16:21:00.0012 1216	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:21:00.0074 1216	hidserv - ok
16:21:00.0121 1216	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
16:21:00.0152 1216	HidUsb - ok
16:21:00.0183 1216	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
16:21:00.0246 1216	hkmsvc - ok
16:21:00.0293 1216	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
16:21:00.0324 1216	HomeGroupListener - ok
16:21:00.0355 1216	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
16:21:00.0402 1216	HomeGroupProvider - ok
16:21:00.0449 1216	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
16:21:00.0464 1216	HpSAMD - ok
16:21:00.0573 1216	hshld           (76c085eec136e7219fb2b9f58a8a1f8c) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
16:21:00.0589 1216	hshld - ok
16:21:00.0651 1216	HssDrv          (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
16:21:00.0667 1216	HssDrv - ok
16:21:00.0761 1216	HssSrv          (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
16:21:00.0776 1216	HssSrv - ok
16:21:00.0807 1216	HssTrayService  (9d4f6f660105798112ce7069d0cb9ab9) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
16:21:00.0823 1216	HssTrayService - ok
16:21:00.0823 1216	HssWd - ok
16:21:00.0917 1216	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
16:21:01.0026 1216	HTTP - ok
16:21:01.0057 1216	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
16:21:01.0073 1216	hwpolicy - ok
16:21:01.0104 1216	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:21:01.0135 1216	i8042prt - ok
16:21:01.0166 1216	iaStor          (073a606333b6f7bbf20aa856df7f0997) C:\Windows\system32\drivers\iaStor.sys
16:21:01.0197 1216	iaStor - ok
16:21:01.0260 1216	IAStorDataMgrSvc (cc800d2d9fd467542bac7c186c4774ad) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
16:21:01.0275 1216	IAStorDataMgrSvc - ok
16:21:01.0353 1216	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
16:21:01.0400 1216	iaStorV - ok
16:21:01.0478 1216	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:21:01.0541 1216	idsvc - ok
16:21:01.0790 1216	igfx            (31d1aff484d8a0906cf8d44251ec390f) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:21:02.0055 1216	igfx ( UnsignedFile.Multi.Generic ) - warning
16:21:02.0055 1216	igfx - detected UnsignedFile.Multi.Generic (1)
16:21:02.0133 1216	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
16:21:02.0149 1216	iirsp - ok
16:21:02.0227 1216	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
16:21:02.0336 1216	IKEEXT - ok
16:21:02.0430 1216	Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\drivers\Impcd.sys
16:21:02.0445 1216	Impcd - ok
16:21:02.0539 1216	IntcAzAudAddService (0f144e5f46cb9043004b5e84aa4bca6a) C:\Windows\system32\drivers\RTKVHD64.sys
16:21:02.0679 1216	IntcAzAudAddService - ok
16:21:02.0726 1216	IntcDAud        (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:21:02.0742 1216	IntcDAud ( UnsignedFile.Multi.Generic ) - warning
16:21:02.0742 1216	IntcDAud - detected UnsignedFile.Multi.Generic (1)
16:21:02.0773 1216	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:21:02.0789 1216	intelide - ok
16:21:02.0820 1216	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:21:02.0867 1216	intelppm - ok
16:21:02.0945 1216	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:21:03.0023 1216	IPBusEnum - ok
16:21:03.0069 1216	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:21:03.0147 1216	IpFilterDriver - ok
16:21:03.0225 1216	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
16:21:03.0319 1216	iphlpsvc - ok
16:21:03.0381 1216	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
16:21:03.0413 1216	IPMIDRV - ok
16:21:03.0428 1216	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:21:03.0506 1216	IPNAT - ok
16:21:03.0569 1216	iPod Service    (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
16:21:03.0631 1216	iPod Service - ok
16:21:03.0693 1216	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:21:03.0740 1216	IRENUM - ok
16:21:03.0756 1216	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:21:03.0771 1216	isapnp - ok
16:21:03.0818 1216	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\drivers\msiscsi.sys
16:21:03.0834 1216	iScsiPrt - ok
16:21:03.0865 1216	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
16:21:03.0881 1216	kbdclass - ok
16:21:03.0896 1216	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
16:21:03.0927 1216	kbdhid - ok
16:21:03.0959 1216	KeyIso          (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:21:03.0990 1216	KeyIso - ok
16:21:04.0037 1216	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
16:21:04.0068 1216	KSecDD - ok
16:21:04.0083 1216	KSecPkg         (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
16:21:04.0115 1216	KSecPkg - ok
16:21:04.0130 1216	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:21:04.0208 1216	ksthunk - ok
16:21:04.0239 1216	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:21:04.0317 1216	KtmRm - ok
16:21:04.0380 1216	LanmanServer    (c926920b8978de6acfe9e15c709e9b57) C:\Windows\system32\srvsvc.dll
16:21:04.0458 1216	LanmanServer - ok
16:21:04.0505 1216	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
16:21:04.0567 1216	LanmanWorkstation - ok
16:21:04.0629 1216	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:21:04.0692 1216	lltdio - ok
16:21:04.0723 1216	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:21:04.0817 1216	lltdsvc - ok
16:21:04.0863 1216	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:21:04.0941 1216	lmhosts - ok
16:21:05.0051 1216	LMS             (5460828f8951d310b42b442877603b8d) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
16:21:05.0066 1216	LMS - ok
16:21:05.0144 1216	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
16:21:05.0175 1216	LSI_FC - ok
16:21:05.0191 1216	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
16:21:05.0207 1216	LSI_SAS - ok
16:21:05.0222 1216	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
16:21:05.0253 1216	LSI_SAS2 - ok
16:21:05.0269 1216	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
16:21:05.0300 1216	LSI_SCSI - ok
16:21:05.0331 1216	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:21:05.0425 1216	luafv - ok
16:21:05.0472 1216	lxdx_device - ok
16:21:05.0550 1216	massfilter      (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
16:21:05.0581 1216	massfilter - ok
16:21:05.0675 1216	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
16:21:05.0706 1216	Mcx2Svc - ok
16:21:05.0737 1216	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
16:21:05.0753 1216	megasas - ok
16:21:05.0784 1216	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
16:21:05.0799 1216	MegaSR - ok
16:21:05.0846 1216	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:21:05.0924 1216	MMCSS - ok
16:21:05.0955 1216	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:21:06.0033 1216	Modem - ok
16:21:06.0127 1216	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:21:06.0174 1216	monitor - ok
16:21:06.0189 1216	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:21:06.0205 1216	mouclass - ok
16:21:06.0221 1216	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:21:06.0252 1216	mouhid - ok
16:21:06.0267 1216	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
16:21:06.0283 1216	mountmgr - ok
16:21:06.0314 1216	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
16:21:06.0330 1216	mpio - ok
16:21:06.0345 1216	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:21:06.0392 1216	mpsdrv - ok
16:21:06.0439 1216	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
16:21:06.0548 1216	MpsSvc - ok
16:21:06.0595 1216	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
16:21:06.0642 1216	MRxDAV - ok
16:21:06.0720 1216	mrxsmb          (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:21:06.0798 1216	mrxsmb - ok
16:21:06.0829 1216	mrxsmb10        (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:21:06.0907 1216	mrxsmb10 - ok
16:21:06.0954 1216	mrxsmb20        (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:21:07.0032 1216	mrxsmb20 - ok
16:21:07.0047 1216	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\drivers\msahci.sys
16:21:07.0063 1216	msahci - ok
16:21:07.0079 1216	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
16:21:07.0110 1216	msdsm - ok
16:21:07.0141 1216	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:21:07.0172 1216	MSDTC - ok
16:21:07.0219 1216	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:21:07.0281 1216	Msfs - ok
16:21:07.0297 1216	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:21:07.0344 1216	mshidkmdf - ok
16:21:07.0375 1216	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:21:07.0375 1216	msisadrv - ok
16:21:07.0422 1216	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:21:07.0484 1216	MSiSCSI - ok
16:21:07.0500 1216	msiserver - ok
16:21:07.0547 1216	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:21:07.0625 1216	MSKSSRV - ok
16:21:07.0656 1216	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:21:07.0718 1216	MSPCLOCK - ok
16:21:07.0734 1216	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:21:07.0796 1216	MSPQM - ok
16:21:07.0827 1216	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
16:21:07.0859 1216	MsRPC - ok
16:21:07.0905 1216	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:21:07.0921 1216	mssmbios - ok
16:21:07.0937 1216	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:21:08.0015 1216	MSTEE - ok
16:21:08.0030 1216	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
16:21:08.0046 1216	MTConfig - ok
16:21:08.0061 1216	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:21:08.0077 1216	Mup - ok
16:21:08.0108 1216	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
16:21:08.0202 1216	napagent - ok
16:21:08.0264 1216	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:21:08.0311 1216	NativeWifiP - ok
16:21:08.0358 1216	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
16:21:08.0420 1216	NDIS - ok
16:21:08.0451 1216	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:21:08.0545 1216	NdisCap - ok
16:21:08.0576 1216	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:21:08.0623 1216	NdisTapi - ok
16:21:08.0670 1216	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
16:21:08.0748 1216	Ndisuio - ok
16:21:08.0779 1216	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
16:21:08.0841 1216	NdisWan - ok
16:21:08.0935 1216	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
16:21:08.0997 1216	NDProxy - ok
16:21:09.0029 1216	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:21:09.0107 1216	NetBIOS - ok
16:21:09.0200 1216	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
16:21:09.0278 1216	NetBT - ok
16:21:09.0309 1216	Netlogon        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:21:09.0325 1216	Netlogon - ok
16:21:09.0356 1216	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:21:09.0450 1216	Netman - ok
16:21:09.0528 1216	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:21:09.0637 1216	netprofm - ok
16:21:09.0715 1216	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:21:09.0731 1216	NetTcpPortSharing - ok
16:21:09.0793 1216	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
16:21:09.0809 1216	nfrd960 - ok
16:21:09.0855 1216	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
16:21:09.0965 1216	NlaSvc - ok
16:21:09.0980 1216	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:21:10.0043 1216	Npfs - ok
16:21:10.0074 1216	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:21:10.0167 1216	nsi - ok
16:21:10.0214 1216	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:21:10.0277 1216	nsiproxy - ok
16:21:10.0355 1216	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
16:21:10.0433 1216	Ntfs - ok
16:21:10.0511 1216	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:21:10.0589 1216	Null - ok
16:21:10.0604 1216	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
16:21:10.0635 1216	nvraid - ok
16:21:10.0651 1216	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
16:21:10.0682 1216	nvstor - ok
16:21:10.0698 1216	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:21:10.0713 1216	nv_agp - ok
16:21:10.0760 1216	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:21:10.0776 1216	ohci1394 - ok
16:21:10.0807 1216	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:21:10.0869 1216	p2pimsvc - ok
16:21:10.0901 1216	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:21:10.0932 1216	p2psvc - ok
16:21:11.0025 1216	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
16:21:11.0041 1216	Parport - ok
16:21:11.0072 1216	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
16:21:11.0103 1216	partmgr - ok
16:21:11.0119 1216	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:21:11.0181 1216	PcaSvc - ok
16:21:11.0228 1216	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\drivers\pci.sys
16:21:11.0259 1216	pci - ok
16:21:11.0291 1216	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:21:11.0306 1216	pciide - ok
16:21:11.0337 1216	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
16:21:11.0353 1216	pcmcia - ok
16:21:11.0384 1216	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:21:11.0415 1216	pcw - ok
16:21:11.0462 1216	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:21:11.0540 1216	PEAUTH - ok
16:21:11.0603 1216	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:21:11.0634 1216	PerfHost - ok
16:21:11.0743 1216	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
16:21:11.0868 1216	pla - ok
16:21:11.0915 1216	PlugPlay        (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll
16:21:11.0993 1216	PlugPlay - ok
16:21:12.0102 1216	PMBDeviceInfoProvider (627fa58adc043704f9d14ca44340956f) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
16:21:12.0133 1216	PMBDeviceInfoProvider - ok
16:21:12.0211 1216	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:21:12.0242 1216	PNRPAutoReg - ok
16:21:12.0273 1216	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:21:12.0289 1216	PNRPsvc - ok
16:21:12.0336 1216	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
16:21:12.0445 1216	PolicyAgent - ok
16:21:12.0476 1216	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:21:12.0554 1216	Power - ok
16:21:12.0617 1216	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
16:21:12.0695 1216	PptpMiniport - ok
16:21:12.0710 1216	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
16:21:12.0726 1216	Processor - ok
16:21:12.0773 1216	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
16:21:12.0819 1216	ProfSvc - ok
16:21:12.0866 1216	ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:21:12.0897 1216	ProtectedStorage - ok
16:21:12.0960 1216	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
16:21:13.0038 1216	Psched - ok
16:21:13.0053 1216	PxHlpa64        (aed797cca02783296c68aa10d0cff8a9) C:\Windows\system32\Drivers\PxHlpa64.sys
16:21:13.0069 1216	PxHlpa64 - ok
16:21:13.0131 1216	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
16:21:13.0209 1216	ql2300 - ok
16:21:13.0225 1216	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
16:21:13.0241 1216	ql40xx - ok
16:21:13.0287 1216	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:21:13.0303 1216	QWAVE - ok
16:21:13.0334 1216	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:21:13.0381 1216	QWAVEdrv - ok
16:21:13.0397 1216	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:21:13.0475 1216	RasAcd - ok
16:21:13.0506 1216	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:21:13.0553 1216	RasAgileVpn - ok
16:21:13.0599 1216	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:21:13.0662 1216	RasAuto - ok
16:21:13.0709 1216	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:21:13.0787 1216	Rasl2tp - ok
16:21:13.0818 1216	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
16:21:13.0896 1216	RasMan - ok
16:21:13.0911 1216	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:21:13.0989 1216	RasPppoe - ok
16:21:14.0005 1216	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:21:14.0099 1216	RasSstp - ok
16:21:14.0130 1216	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
16:21:14.0223 1216	rdbss - ok
16:21:14.0301 1216	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
16:21:14.0333 1216	rdpbus - ok
16:21:14.0348 1216	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:21:14.0411 1216	RDPCDD - ok
16:21:14.0442 1216	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:21:14.0489 1216	RDPENCDD - ok
16:21:14.0520 1216	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:21:14.0567 1216	RDPREFMP - ok
16:21:14.0582 1216	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
16:21:14.0691 1216	RDPWD - ok
16:21:14.0723 1216	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
16:21:14.0754 1216	rdyboost - ok
16:21:14.0785 1216	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:21:14.0863 1216	RemoteAccess - ok
16:21:14.0910 1216	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:21:15.0019 1216	RemoteRegistry - ok
16:21:15.0097 1216	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:21:15.0159 1216	RFCOMM - ok
16:21:15.0191 1216	rimspci         (5ca4abd888b602551b59baa26941c167) C:\Windows\system32\drivers\rimssne64.sys
16:21:15.0222 1216	rimspci - ok
16:21:15.0300 1216	risdsnpe        (bb6e138aeb351728959da5e2731d8140) C:\Windows\system32\drivers\risdsne64.sys
16:21:15.0331 1216	risdsnpe - ok
16:21:15.0409 1216	Roxio UPnP Renderer 10 (d151224bc11078895a60fa970728ff59) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
16:21:15.0440 1216	Roxio UPnP Renderer 10 - ok
16:21:15.0456 1216	Roxio Upnp Server 10 (5022a927944878bd750960bd21e751af) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
16:21:15.0487 1216	Roxio Upnp Server 10 - ok
16:21:15.0565 1216	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:21:15.0643 1216	RpcEptMapper - ok
16:21:15.0674 1216	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:21:15.0705 1216	RpcLocator - ok
16:21:15.0768 1216	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
16:21:15.0846 1216	RpcSs - ok
16:21:15.0893 1216	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:21:15.0971 1216	rspndr - ok
16:21:16.0017 1216	RTHDMIAzAudService (4e821c740a675f6d040be41d59a62b1d) C:\Windows\system32\drivers\RtHDMIVX.sys
16:21:16.0033 1216	RTHDMIAzAudService - ok
16:21:16.0111 1216	SampleCollector (6b318f9443740a907d1c8f3460c19009) C:\Program Files\Sony\VAIO Care\collsvc.exe
16:21:16.0127 1216	SampleCollector ( UnsignedFile.Multi.Generic ) - warning
16:21:16.0127 1216	SampleCollector - detected UnsignedFile.Multi.Generic (1)
16:21:16.0189 1216	SamSs           (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:21:16.0205 1216	SamSs - ok
16:21:16.0236 1216	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
16:21:16.0267 1216	sbp2port - ok
16:21:16.0298 1216	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:21:16.0376 1216	SCardSvr - ok
16:21:16.0407 1216	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
16:21:16.0485 1216	scfilter - ok
16:21:16.0532 1216	Schedule        (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll
16:21:16.0641 1216	Schedule - ok
16:21:16.0673 1216	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
16:21:16.0735 1216	SCPolicySvc - ok
16:21:16.0813 1216	ScsiAccess      (958e956e119eb7b9aba142afed1b5ff4) C:\Program Files (x86)\Photodex\ProShowGold\ScsiAccess.exe
16:21:16.0844 1216	ScsiAccess - ok
16:21:16.0922 1216	sdbus           (4e54822ed2350eb1f31f95f0fd674ef3) C:\Windows\system32\DRIVERS\sdbus.sys
16:21:16.0954 1216	sdbus - ok
16:21:16.0985 1216	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
16:21:17.0047 1216	SDRSVC - ok
16:21:17.0094 1216	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:21:17.0188 1216	secdrv - ok
16:21:17.0219 1216	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
16:21:17.0312 1216	seclogon - ok
16:21:17.0328 1216	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:21:17.0406 1216	SENS - ok
16:21:17.0468 1216	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:21:17.0515 1216	SensrSvc - ok
16:21:17.0546 1216	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
16:21:17.0578 1216	Serenum - ok
16:21:17.0593 1216	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
16:21:17.0624 1216	Serial - ok
16:21:17.0640 1216	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
16:21:17.0671 1216	sermouse - ok
16:21:17.0718 1216	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
16:21:17.0765 1216	SessionEnv - ok
16:21:17.0858 1216	SFEP            (70f9c476b62de4f2823e918a6c181ade) C:\Windows\system32\drivers\SFEP.sys
16:21:17.0890 1216	SFEP - ok
16:21:17.0921 1216	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:21:17.0968 1216	sffdisk - ok
16:21:17.0983 1216	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:21:18.0014 1216	sffp_mmc - ok
16:21:18.0030 1216	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\drivers\sffp_sd.sys
16:21:18.0046 1216	sffp_sd - ok
16:21:18.0077 1216	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
16:21:18.0108 1216	sfloppy - ok
16:21:18.0202 1216	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:21:18.0295 1216	SharedAccess - ok
16:21:18.0373 1216	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
16:21:18.0420 1216	ShellHWDetection - ok
16:21:18.0498 1216	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
16:21:18.0514 1216	SiSRaid2 - ok
16:21:18.0545 1216	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
16:21:18.0560 1216	SiSRaid4 - ok
16:21:18.0592 1216	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:21:18.0670 1216	Smb - ok
16:21:18.0701 1216	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:21:18.0732 1216	SNMPTRAP - ok
16:21:18.0810 1216	SOHCImp         (98886c88a1cb13d61672ae2c638b7e1c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
16:21:18.0826 1216	SOHCImp - ok
16:21:18.0857 1216	SOHDBSvr        (442a13f395546f4564c377296d43b564) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
16:21:18.0857 1216	SOHDBSvr - ok
16:21:18.0904 1216	SOHDms          (556681be668d71dc162391a45422b52c) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
16:21:18.0935 1216	SOHDms - ok
16:21:18.0982 1216	SOHDs           (72b46103e4111439109acf5882627c24) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
16:21:18.0997 1216	SOHDs - ok
16:21:19.0028 1216	SOHPlMgr        (725b6e9cd1959271ac993dc035e1606d) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
16:21:19.0044 1216	SOHPlMgr - ok
16:21:19.0169 1216	Sony PC Companion (5177d14a78e60fd61dcfc6b388e7e971) C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
16:21:19.0184 1216	Sony PC Companion - ok
16:21:19.0278 1216	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:21:19.0309 1216	spldr - ok
16:21:19.0372 1216	Spooler         (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe
16:21:19.0418 1216	Spooler - ok
16:21:19.0528 1216	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
16:21:19.0668 1216	sppsvc - ok
16:21:19.0762 1216	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:21:19.0824 1216	sppuinotify - ok
16:21:19.0902 1216	srv             (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
16:21:19.0996 1216	srv - ok
16:21:20.0105 1216	srv2            (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
16:21:20.0183 1216	srv2 - ok
16:21:20.0198 1216	srvnet          (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
16:21:20.0261 1216	srvnet - ok
16:21:20.0339 1216	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:21:20.0417 1216	SSDPSRV - ok
16:21:20.0464 1216	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:21:20.0542 1216	SstpSvc - ok
16:21:20.0604 1216	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
16:21:20.0620 1216	stexstor - ok
16:21:20.0682 1216	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
16:21:20.0744 1216	stisvc - ok
16:21:20.0807 1216	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:21:20.0822 1216	swenum - ok
16:21:20.0854 1216	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:21:20.0932 1216	swprv - ok
16:21:20.0963 1216	SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys
16:21:20.0994 1216	SynTP - ok
16:21:21.0103 1216	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
16:21:21.0212 1216	SysMain - ok
16:21:21.0244 1216	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
16:21:21.0275 1216	TabletInputService - ok
16:21:21.0368 1216	taphss          (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
16:21:21.0384 1216	taphss - ok
16:21:21.0415 1216	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
16:21:21.0493 1216	TapiSrv - ok
16:21:21.0524 1216	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:21:21.0556 1216	TBS - ok
16:21:21.0665 1216	Tcpip           (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
16:21:21.0774 1216	Tcpip - ok
16:21:21.0852 1216	TCPIP6          (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
16:21:21.0899 1216	TCPIP6 - ok
16:21:21.0992 1216	tcpipBM         (1a95043750e359f993154ef8559be518) C:\Windows\system32\drivers\tcpipBM.sys
16:21:22.0024 1216	tcpipBM ( UnsignedFile.Multi.Generic ) - warning
16:21:22.0024 1216	tcpipBM - detected UnsignedFile.Multi.Generic (1)
16:21:22.0117 1216	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
16:21:22.0195 1216	tcpipreg - ok
16:21:22.0226 1216	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:21:22.0304 1216	TDPIPE - ok
16:21:22.0320 1216	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
16:21:22.0382 1216	TDTCP - ok
16:21:22.0414 1216	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
16:21:22.0460 1216	tdx - ok
16:21:22.0507 1216	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\drivers\termdd.sys
16:21:22.0523 1216	TermDD - ok
16:21:22.0570 1216	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
16:21:22.0679 1216	TermService - ok
16:21:22.0710 1216	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:21:22.0726 1216	Themes - ok
16:21:22.0757 1216	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:21:22.0804 1216	THREADORDER - ok
16:21:22.0819 1216	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:21:22.0882 1216	TrkWks - ok
16:21:22.0928 1216	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
16:21:22.0960 1216	TrustedInstaller - ok
16:21:23.0022 1216	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:21:23.0084 1216	tssecsrv - ok
16:21:23.0116 1216	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
16:21:23.0162 1216	tunnel - ok
16:21:23.0194 1216	TVICHW64        (1a006963644c7fde5be60036f3a43e68) C:\Windows\system32\DRIVERS\TVICHW64.SYS
16:21:23.0209 1216	TVICHW64 - ok
16:21:23.0240 1216	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
16:21:23.0256 1216	uagp35 - ok
16:21:23.0350 1216	uCamMonitor     (63f6d08c54d5b3c1b12a6172032055c7) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
16:21:23.0365 1216	uCamMonitor - ok
16:21:23.0443 1216	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
16:21:23.0537 1216	udfs - ok
16:21:23.0584 1216	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:21:23.0630 1216	UI0Detect - ok
16:21:23.0677 1216	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:21:23.0693 1216	uliagpkx - ok
16:21:23.0724 1216	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
16:21:23.0755 1216	umbus - ok
16:21:23.0771 1216	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
16:21:23.0802 1216	UmPass - ok
16:21:23.0942 1216	UNS             (9e89c2d6945389270de067ce51ff7425) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
16:21:24.0036 1216	UNS - ok
16:21:24.0114 1216	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:21:24.0208 1216	upnphost - ok
16:21:24.0270 1216	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:21:24.0317 1216	USBAAPL64 - ok
16:21:24.0379 1216	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
16:21:24.0426 1216	usbccgp - ok
16:21:24.0442 1216	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:21:24.0473 1216	usbcir - ok
16:21:24.0488 1216	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\drivers\usbehci.sys
16:21:24.0520 1216	usbehci - ok
16:21:24.0551 1216	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
16:21:24.0598 1216	usbhub - ok
16:21:24.0629 1216	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
16:21:24.0660 1216	usbohci - ok
16:21:24.0676 1216	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
16:21:24.0707 1216	usbprint - ok
16:21:24.0738 1216	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:21:24.0769 1216	USBSTOR - ok
16:21:24.0800 1216	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
16:21:24.0816 1216	usbuhci - ok
16:21:24.0847 1216	usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
16:21:24.0878 1216	usbvideo - ok
16:21:24.0910 1216	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:21:24.0988 1216	UxSms - ok
16:21:25.0066 1216	VAIO Entertainment TV Device Arbitration Service (4e7135d6d0127067e4cfee12259f895d) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
16:21:25.0081 1216	VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - warning
16:21:25.0081 1216	VAIO Entertainment TV Device Arbitration Service - detected UnsignedFile.Multi.Generic (1)
16:21:25.0175 1216	VAIO Event Service (d4197cf0c8567046fd4af28ff47af528) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
16:21:25.0190 1216	VAIO Event Service - ok
16:21:25.0253 1216	VAIO Power Management (b8c9a7010afd5cbbe194cb9ef7c4fd14) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
16:21:25.0284 1216	VAIO Power Management - ok
16:21:25.0346 1216	VaultSvc        (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe
16:21:25.0378 1216	VaultSvc - ok
16:21:25.0456 1216	VCFw            (6a740f5ff3246c3be3dd317299efc88e) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
16:21:25.0487 1216	VCFw - ok
16:21:25.0565 1216	VcmIAlzMgr      (10e212bfb7eab152a64c1aaec2f7f4e0) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
16:21:25.0596 1216	VcmIAlzMgr - ok
16:21:25.0643 1216	VcmINSMgr       (9d9b34b430b4dc683112f59c80d20ab8) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
16:21:25.0658 1216	VcmINSMgr - ok
16:21:25.0721 1216	VcmXmlIfHelper  (8efaaccc7bfa1e9031efdfb01a1b0d69) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
16:21:25.0736 1216	VcmXmlIfHelper - ok
16:21:25.0814 1216	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:21:25.0830 1216	vdrvroot - ok
16:21:25.0861 1216	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
16:21:25.0924 1216	vds - ok
16:21:25.0955 1216	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:21:25.0970 1216	vga - ok
16:21:26.0002 1216	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:21:26.0080 1216	VgaSave - ok
16:21:26.0095 1216	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
16:21:26.0111 1216	vhdmp - ok
16:21:26.0126 1216	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:21:26.0142 1216	viaide - ok
16:21:26.0173 1216	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
16:21:26.0189 1216	volmgr - ok
16:21:26.0220 1216	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
16:21:26.0251 1216	volmgrx - ok
16:21:26.0267 1216	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\drivers\volsnap.sys
16:21:26.0314 1216	volsnap - ok
16:21:26.0360 1216	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
16:21:26.0376 1216	vsmraid - ok
16:21:26.0485 1216	VSNService      (047f22bdfdae6df6f1e47e747a1237a2) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
16:21:26.0548 1216	VSNService ( UnsignedFile.Multi.Generic ) - warning
16:21:26.0548 1216	VSNService - detected UnsignedFile.Multi.Generic (1)
16:21:26.0657 1216	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
16:21:26.0750 1216	VSS - ok
16:21:26.0891 1216	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
16:21:26.0953 1216	VUAgent - ok
16:21:27.0031 1216	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:21:27.0062 1216	vwifibus - ok
16:21:27.0094 1216	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:21:27.0140 1216	vwififlt - ok
16:21:27.0172 1216	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:21:27.0203 1216	vwifimp - ok
16:21:27.0281 1216	VzCdbSvc        (d8bef4ac1eac809dbdbd441d6cff6c4c) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
16:21:27.0296 1216	VzCdbSvc ( UnsignedFile.Multi.Generic ) - warning
16:21:27.0296 1216	VzCdbSvc - detected UnsignedFile.Multi.Generic (1)
16:21:27.0390 1216	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:21:27.0452 1216	W32Time - ok
16:21:27.0499 1216	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
16:21:27.0530 1216	WacomPen - ok
16:21:27.0562 1216	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:27.0655 1216	WANARP - ok
16:21:27.0655 1216	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
16:21:27.0718 1216	Wanarpv6 - ok
16:21:27.0780 1216	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
16:21:27.0874 1216	wbengine - ok
16:21:27.0905 1216	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:21:27.0936 1216	WbioSrvc - ok
16:21:27.0952 1216	wcncsvc         (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll
16:21:27.0998 1216	wcncsvc - ok
16:21:28.0014 1216	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:21:28.0061 1216	WcsPlugInService - ok
16:21:28.0092 1216	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
16:21:28.0108 1216	Wd - ok
16:21:28.0154 1216	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:21:28.0201 1216	Wdf01000 - ok
16:21:28.0232 1216	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:21:28.0295 1216	WdiServiceHost - ok
16:21:28.0295 1216	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:21:28.0326 1216	WdiSystemHost - ok
16:21:28.0357 1216	WebClient       (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll
16:21:28.0388 1216	WebClient - ok
16:21:28.0435 1216	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:21:28.0513 1216	Wecsvc - ok
16:21:28.0560 1216	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:21:28.0638 1216	wercplsupport - ok
16:21:28.0654 1216	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:21:28.0700 1216	WerSvc - ok
16:21:28.0794 1216	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:21:28.0856 1216	WfpLwf - ok
16:21:28.0888 1216	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:21:28.0903 1216	WIMMount - ok
16:21:28.0950 1216	WinDefend - ok
16:21:28.0950 1216	WinHttpAutoProxySvc - ok
16:21:29.0028 1216	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:21:29.0106 1216	Winmgmt - ok
16:21:29.0231 1216	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
16:21:29.0371 1216	WinRM - ok
16:21:29.0418 1216	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
16:21:29.0449 1216	WinUsb - ok
16:21:29.0527 1216	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:21:29.0605 1216	Wlansvc - ok
16:21:29.0652 1216	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:21:29.0668 1216	WmiAcpi - ok
16:21:29.0746 1216	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:21:29.0792 1216	wmiApSrv - ok
16:21:29.0855 1216	WMPNetworkSvc - ok
16:21:29.0902 1216	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:21:29.0948 1216	WPCSvc - ok
16:21:29.0964 1216	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
16:21:30.0011 1216	WPDBusEnum - ok
16:21:30.0089 1216	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:21:30.0167 1216	ws2ifsl - ok
16:21:30.0182 1216	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:21:30.0214 1216	wscsvc - ok
16:21:30.0276 1216	WSDPrintDevice  (8d918b1db190a4d9b1753a66fa8c96e8) C:\Windows\system32\DRIVERS\WSDPrint.sys
16:21:30.0307 1216	WSDPrintDevice - ok
16:21:30.0354 1216	WSearch - ok
16:21:30.0463 1216	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
16:21:30.0604 1216	wuauserv - ok
16:21:30.0666 1216	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
16:21:30.0744 1216	WudfPf - ok
16:21:30.0775 1216	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:21:30.0853 1216	WUDFRd - ok
16:21:30.0931 1216	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
16:21:31.0009 1216	wudfsvc - ok
16:21:31.0040 1216	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:21:31.0087 1216	WwanSvc - ok
16:21:31.0212 1216	yukonw7         (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
16:21:31.0274 1216	yukonw7 - ok
16:21:31.0368 1216	ZTEusbmdm6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
16:21:31.0415 1216	ZTEusbmdm6k - ok
16:21:31.0462 1216	ZTEusbnmea      (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
16:21:31.0493 1216	ZTEusbnmea - ok
16:21:31.0540 1216	ZTEusbser6k     (ff5a03a65b68db7e02a12880399d40d4) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
16:21:31.0571 1216	ZTEusbser6k - ok
16:21:31.0618 1216	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:21:31.0867 1216	\Device\Harddisk0\DR0 - ok
16:21:31.0867 1216	Boot (0x1200)   (805458da2f692192a631c0ae4ad458af) \Device\Harddisk0\DR0\Partition0
16:21:31.0867 1216	\Device\Harddisk0\DR0\Partition0 - ok
16:21:31.0898 1216	Boot (0x1200)   (e1a55b468856e4ad868888498345ccaa) \Device\Harddisk0\DR0\Partition1
16:21:31.0898 1216	\Device\Harddisk0\DR0\Partition1 - ok
16:21:31.0898 1216	============================================================
16:21:31.0898 1216	Scan finished
16:21:31.0898 1216	============================================================
16:21:31.0930 3968	Detected object count: 8
16:21:31.0930 3968	Actual detected object count: 8
16:21:48.0200 3968	BMLoad ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0200 3968	BMLoad ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	igfx ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	igfx ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	IntcDAud ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	IntcDAud ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	SampleCollector ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	SampleCollector ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	tcpipBM ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	tcpipBM ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	VAIO Entertainment TV Device Arbitration Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	VSNService ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	VSNService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:21:48.0216 3968	VzCdbSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:21:48.0216 3968	VzCdbSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:22:01.0788 3996	Deinitialize success

28.03.2012, 20:36	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Bundespolizei hat mein Betriebssystem gesperrt Geht der normale Modus wieder? __________________ Logfiles bitte immer in CODE-Tags posten

Bundespolizei hat mein Betriebssystem gesperrt

Log-Analyse und Auswertung: Bundespolizei hat mein Betriebssystem gesperrt