Verschlüsselungs Tojaner Windows 7 64 bit

annamariawie · 18.05.2012, 20:48

Hallo zusammen!!

Habe mir heute den berühmten Verschlüsselungs-Trojaner eingefangen und mich schon den ganzen Tag versucht zu informieren wie ich vorgehen muss um diesen zu beseitigen! Ich habe in meiner ersten Verzweiflung versucht meinen Laptop auf einen früheren Zustand wiederherzustellen und durch diese Maßnahme kann ich wieder auf meinen Rechner zugreifen! Das große Problem ist nun das all meine Datein verschlüsselt sind wie mit folgende Dateinamen zB AGjXALsgndjDaDyG So und ähnlich sehen all meine Datein aus.

Das große Problem ist das ich nun absolut nicht weiss wie ich weitergehen soll, da alle Beträge 1. was anders sagen und 2. mir das Verständniss fehlt bei den vorgeschlagenen Methoden! Und bevor ich irgendwas und komplett falsch mache ( was meist mehr Probleme schafft und zum Chaos führt) wende ich mich mit einem eigenen Beitrag an euch!

Ich habe einen Dell Inspiron laptop mit windows 7 64 bit

Vielleicht kann mir jemand weiterhelfen??

DANKE!!

cosinus · 21.05.2012, 11:10

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

annamariawie · 29.05.2012, 19:31

Hier ist scan von Malwarebytes

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.29.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AnnaMariaWiegele :: ANNAMARIAWIEGEL [Administrator]

Schutz: Aktiviert

29.05.2012 19:18:49
mbam-log-2012-05-29 (19-18-49).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 335445
Laufzeit: 47 Minute(n), 

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

und eset online scanner

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=1c7e43ba18e61b488ab1be22ca6c57dd
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-29 05:10:42
# local_time=2012-05-29 07:10:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 4720 89937396 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=144887
# found=1
# cleaned=0
# scan_time=3895
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\IEBHO.dll	a variant of Win32/Toolbar.SearchSuite application (unable to clean)	00000000000000000000000000000000	I

so ....i weiss leider nichts damit anfangen und jetzt hoffe ich auf dich!! hab schon öfter den Malwarebytes scanner laufen lassen und es ist nie was gefunden worden!! die letzte option die ich habe ist meinen laptop auf fabrikatszustand zurückzuversetzen. Ich habe externe festplatte und habe davor regelmäßig das wichtigste gespeicher!! das problem is das rechner langsam läuft und viele programme die mit den dateien zusammenspielen auch nicht mehr funktionieren!!

danke für deine hilfe!!

glg anna

cosinus · 30.05.2012, 09:42

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

annamariawie · 30.05.2012, 14:08

1) Der normale Modus von Windows geht soweit uneingeschränkt. Nur all meine Dateien(ob Text-Musik-Bild oder sonstige Dateien) sind verschlüsselt. Ich habe Sie auch noch nicht probiert aufzumachen weil ich erlich gesagt Angst habe das etwas passiert! (bzw. sie können nicht aufgemacht werden da sie vom Rechner nicht gelesen werden können)
Weiters sind kleine Dinge wie Hintergrundbild und die Dell Andwender-Kartei gelöscht(welches wiederum mit den verschlüsselten Dateien zu tun hat...denke ich). Zusätzlich lief Rechner und das Internet am Anfang nicht gut (was sich mittlerweile auch so gut wie gelegt hat).Auf Itunes zB sind all meine Lieder weg ( denke es liegt wieder daran das all meine Musikdateien verschlüsselt sind)

2) Soweit ich jetzt alles durchgesehen habe fehlt nichts. Bis auf meine verschlüsselten Dateien, die nicht geöffnet werden können und die Programme die mit den Dateien in Verbindung stehen funktionieren nicht.

Und was hälst du nun davon?? Großes Dankeschön für deine Hilfe

glg Anna

cosinus · 30.05.2012, 14:39

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

annamariawie · 31.05.2012, 06:31

so und hier ist der customscan von otl

Code:

ATTFilter

OTL logfile created on: 30.05.2012 16:31:25 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\AnnaMariaWiegele\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,91 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,35% Memory free
7,82 Gb Paging File | 5,68 Gb Available in Paging File | 72,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,42 Gb Total Space | 529,70 Gb Free Space | 91,10% Space Free | Partition Type: NTFS
Drive F: | 24,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ANNAMARIAWIEGEL | User Name: AnnaMariaWiegele | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.30 16:27:28 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\AnnaMariaWiegele\Downloads\OTL.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.02.01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2012.01.05 20:58:30 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe
PRC - [2012.01.05 20:58:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\tele.ring Verbindungsmanager.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2011.08.12 09:46:02 | 000,520,330 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2011.08.01 19:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2010.11.17 19:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.06 06:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.11.03 19:01:20 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2010.11.03 18:53:28 | 000,897,088 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.11 14:57:21 | 000,014,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll
MOD - [2012.05.11 14:57:20 | 000,475,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\eac8b316dbdcc6fdba0d80e76063643c\IAStorUtil.ni.dll
MOD - [2012.05.10 11:26:24 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 11:26:03 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.10 11:25:57 | 001,590,784 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.10 11:25:47 | 003,347,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 11:25:42 | 005,452,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 11:25:39 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 11:25:38 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 11:25:33 | 011,492,864 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.02.01 12:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012.02.01 12:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012.02.01 12:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2012.01.05 20:58:28 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\tele.ring Verbindungsmanager.exe
MOD - [2011.08.18 17:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011.07.23 09:23:17 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.25 05:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010.11.17 17:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.22 19:15:12 | 000,159,744 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\SMSPlugin.dll
MOD - [2009.09.19 18:49:38 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\SpeedManagerPlugin.dll
MOD - [2009.09.12 13:14:24 | 000,225,280 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DeviceMgrUIPlugin.dll
MOD - [2009.09.11 17:42:18 | 000,991,232 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\NDISAPI.dll
MOD - [2009.09.11 17:39:46 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DeviceMgrPlugin.dll
MOD - [2009.09.08 13:54:44 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\ConfigFilePlugin.dll
MOD - [2009.09.08 13:54:22 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DialUpPlugin.dll
MOD - [2009.09.08 13:49:12 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\NetInfoPlugin.dll
MOD - [2009.03.10 21:08:16 | 000,155,648 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DetectDev.dll
MOD - [2009.03.10 21:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\XCodec.dll
MOD - [2009.03.10 21:08:16 | 000,061,440 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\DeviceOperate.dll
MOD - [2009.03.10 21:08:14 | 000,561,152 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\atcomm.dll
MOD - [2009.01.09 12:31:54 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\LocaleMgrPlugin.dll
MOD - [2009.01.09 12:30:38 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\NotifyServicePlugin.dll
MOD - [2008.11.08 11:52:10 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\FileManager.dll
MOD - [2008.11.08 11:52:08 | 000,014,848 | R--- | M] () -- C:\Program Files (x86)\tele.ring Verbindungsmanager\isaputrace.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.12 08:53:46 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\WINDOWS\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.12.09 14:38:38 | 000,036,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012.05.11 12:31:51 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.05 13:47:58 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.01.21 22:13:30 | 000,607,048 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag) @C:\Program Files (x86)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.18 17:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011.01.25 11:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2010.12.17 21:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.12.17 21:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010.12.17 21:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.11.29 22:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) Intel(R)
SRV - [2010.11.25 12:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010.11.25 12:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010.11.06 06:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.11.03 19:01:20 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2010.11.03 18:53:28 | 000,897,088 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010.10.06 04:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.10.06 04:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.23 01:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 21:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.08.26 03:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010.03.18 20:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 14:44:18 | 001,394,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2009.12.09 14:38:30 | 000,030,024 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.03.03 12:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.07 02:04:06 | 000,819,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.03.07 02:04:04 | 000,337,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.03.07 02:02:20 | 000,053,080 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.03.07 02:01:57 | 000,059,224 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.03.07 02:01:52 | 000,069,976 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.03.07 02:01:32 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.16 14:40:20 | 000,176,000 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2011.05.13 10:28:46 | 000,363,856 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.05.12 12:16:38 | 009,319,424 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.12 08:16:54 | 000,304,128 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.04.10 21:51:06 | 012,223,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.03.24 13:47:02 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)
DRV:64bit: - [2011.03.24 13:47:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iwdbus.sys -- (iwdbus)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.25 11:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010.12.21 16:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2010.12.10 23:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 23:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.29 22:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.11.04 12:07:06 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2010.11.04 10:31:44 | 000,059,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2010.10.30 02:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.10.26 21:08:08 | 000,406,632 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.10.20 01:12:58 | 000,274,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2010.10.15 11:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.09.21 16:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.03.19 10:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009.12.07 20:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.10.12 16:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006.11.01 19:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009.10.14 08:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/406
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{22FC9FE7-1A3E-4585-BA96-9C7E683938DD}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMH&o=2420&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A31&apn_dtid=^YYYYYY^YY^SE&apn_uid=2d395f18-281e-45b7-afbd-996f671d4017&apn_sauid=E945E712-7C49-4DCB-B36E-F237391FE19A&atb=sysid%3D2%3Aappid%3D688%3Auc76720266
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at"
FF - prefs.js..keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.20 14:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.11 12:31:53 | 000,000,000 | ---D | M]
 
[2012.01.21 22:02:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\mozilla\Extensions
[2012.05.21 21:34:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\mozilla\Firefox\Profiles\cs14twu0.default\extensions
[2011.09.27 13:49:34 | 000,000,931 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\AaxsfEDjXnDVnxg
[2012.01.03 21:13:34 | 000,002,443 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\jLyuJnlgsAXsfseGe
[2011.11.21 20:11:39 | 000,002,519 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\TlfQtUpGOXotdd
[2012.05.21 21:37:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.05.21 21:37:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.03.20 14:20:01 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.05.11 12:31:53 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.11 12:31:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.11 12:31:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.11 12:31:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.11 12:31:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 20:11:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.05.11 12:31:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.11 12:31:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (MusicLab, LLC)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442671516-3624065718-80549224-1000..\Run: [HW_OPENEYE_OUC_tele.ring Verbindungsmanager] C:\Program Files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{844B7915-C0CF-44A6-B5C4-C6B66307E35C}: DhcpNameServer = 143.50.19.25 143.50.56.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD169F3A-0F03-4B30-9E9F-2338AD587F44}: DhcpNameServer = 146.66.232.101 146.66.232.102
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\datamngr.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\datamngr.dll (MusicLab, LLC)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\SEARCH~1\x64\IEBHO.dll) - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\IEBHO.dll (MusicLab, LLC)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: UxTuneUp - C:\WINDOWS\SysNative\uxtuneup.dll (TuneUp Software)
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\WINDOWS\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 17:34:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.21 21:23:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.18 22:21:35 | 000,000,000 | ---D | C] -- C:\Temp
[2012.05.18 22:01:39 | 000,000,000 | ---D | C] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Malwarebytes
[2012.05.18 22:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.18 22:01:33 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.05.18 22:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.18 22:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.15 13:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.12 09:44:32 | 000,000,000 | R--D | C] -- C:\Users\AnnaMariaWiegele\Desktop\MySyncUPFiles
[2012.05.11 12:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.30 15:52:01 | 000,001,130 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.30 15:39:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.05.30 15:02:02 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
[2012.05.30 14:48:59 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 14:48:59 | 000,020,928 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.30 14:47:36 | 001,614,100 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.05.30 14:47:36 | 000,697,322 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.05.30 14:47:36 | 000,652,600 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.05.30 14:47:36 | 000,148,328 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.05.30 14:47:36 | 000,121,274 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.05.30 14:40:45 | 000,001,126 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.30 14:40:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.05.30 14:40:27 | 3148,222,464 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.30 07:06:35 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012.05.24 19:53:50 | 000,002,230 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.05.18 22:01:34 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.18 21:18:58 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.05.18 21:18:57 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2012.05.10 11:20:33 | 000,348,824 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.05.18 22:01:34 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011.09.27 20:36:50 | 000,005,632 | ---- | C] () -- C:\Users\AnnaMariaWiegele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.27 20:17:41 | 000,002,560 | ---- | C] () -- C:\windows\_MSRSTRT.EXE
[2011.07.23 09:03:58 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
[2011.07.23 09:03:57 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
[2011.07.23 09:03:57 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
[2011.07.23 09:03:57 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
[2011.07.23 09:03:57 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2011.07.23 09:03:56 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2011.07.23 09:02:08 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
[2011.07.23 09:02:04 | 000,000,324 | ---- | C] () -- C:\windows\Prelaunch.ini
[2011.07.23 09:02:04 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
[2011.07.23 09:02:04 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2011.07.23 09:02:04 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2011.07.23 09:02:04 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2011.07.23 09:02:04 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2011.07.23 09:02:04 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2011.07.23 07:10:39 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.07.23 07:07:07 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
[2011.07.23 07:04:13 | 000,003,914 | ---- | C] () -- C:\windows\SysWow64\atipblup.dat
[2011.07.23 06:53:13 | 001,591,994 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.07.23 06:49:02 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.12 06:57:52 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\OVDecode.dll
 
========== LOP Check ==========
 
[2011.09.30 16:53:13 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoft
[2012.05.18 12:56:04 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Fingertapps
[2011.09.27 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\IDT
[2012.05.18 12:56:10 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\MusicNet
[2011.09.22 13:47:50 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\OpenOffice.org
[2012.05.19 04:15:49 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr
[2012.05.12 00:37:12 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\SoftGrid Client
[2012.05.19 04:16:31 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\tele.ring Verbindungsmanager
[2012.01.05 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\telering
[2011.10.28 14:44:01 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\TP
[2012.01.21 22:13:23 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\TuneUp Software
[2012.05.30 07:06:35 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2012.04.07 08:28:20 | 000,032,640 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2012.05.30 15:02:02 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.10.24 22:10:49 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Adobe
[2011.09.27 19:35:52 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Apple Computer
[2011.09.22 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\ATI
[2012.05.19 04:15:47 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Creative
[2011.09.30 19:15:54 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Dell
[2011.09.22 19:14:55 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Dell Touch Zone
[2011.09.30 16:53:13 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoft
[2012.05.18 12:56:04 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.13 08:33:20 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Fingertapps
[2011.09.22 19:14:24 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Identities
[2011.09.27 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\IDT
[2011.09.22 19:11:48 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Intel
[2011.09.22 19:14:49 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Intel Corporation
[2011.07.23 07:09:28 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Macromedia
[2012.01.05 11:15:47 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Macrovision
[2012.05.18 22:01:39 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Malwarebytes
[2011.07.23 09:27:44 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Media Center Programs
[2012.05.18 22:27:20 | 000,000,000 | --SD | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Microsoft
[2011.09.27 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla
[2012.05.18 12:56:10 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\MusicNet
[2011.09.22 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Nero
[2011.09.22 13:47:50 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\OpenOffice.org
[2012.05.19 04:15:49 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr
[2012.03.13 17:59:24 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Reallusion
[2011.09.22 19:14:51 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Roxio
[2011.11.21 21:19:11 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Roxio Burn
[2012.05.19 04:16:31 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Skype
[2012.05.12 00:37:12 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\SoftGrid Client
[2012.05.19 04:16:31 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\tele.ring Verbindungsmanager
[2012.01.05 20:41:33 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\telering
[2011.10.28 14:44:01 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\TP
[2012.01.21 22:13:23 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\TuneUp Software
[2011.11.21 20:13:02 | 000,000,000 | ---D | M] -- C:\Users\AnnaMariaWiegele\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.07.23 07:09:21 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.15 18:10:07 | 055,252,360 | ---- | M] (Dell Inc) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Binaries\full_dsc_5907_23_64_01.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\02e8611b-9862-46c5-befa-67baa2e846e8\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\11858bc4-9316-4b67-a007-babe1e54912c\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\12d65974-4e7a-46b8-b5a6-7fcf11b61788\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\1602f3c7-e8f7-462c-9df5-52e13249b968\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\23c893ba-a7ac-4c4e-a5b3-50fee013e453\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\2985deab-8c8f-4fdc-bee7-4c3e78c40910\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\33057456-5eed-4c41-8ce0-5c3a705d9d7e\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\37ba8104-5264-4e9e-9eab-5f5ce02cc8d9\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\39905862-6dbb-4253-b250-fcb588868456\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\3c115646-1fc3-471d-9503-25a31cdea926\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\3ddf9c67-e799-426c-8f54-3de4c5e10587\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\44cf429c-11aa-46cd-ab33-6d896b11d7b7\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\455cf467-c914-4257-82c3-54d8a08b14c5\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\48ae14c8-f1c0-4a76-9dc6-107e63370273\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\4e3effc4-f675-49e7-ac63-a21b771a3346\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\505ff1cf-592e-4899-920f-0bf9f709d564\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\51848a89-5c6b-4d45-b1b8-9a55a8a85fe7\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\55a68ee3-9c0d-43c9-8ee1-977226d2c0ef\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\5f864812-0a51-485f-8b93-188fd083fd16\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\60527a7f-e083-4074-9d93-0e41a6349a1e\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\6a62a93b-efd6-4d6b-a122-00d013a64072\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\6a9c10f6-a3fd-42f4-b49c-5a03eaec1132\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\70c6a729-e019-404b-8d52-cade9f18f867\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\75dba271-2c63-4aa8-8d05-24ed706ba9cf\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\8a9ab7d4-a4cd-44b6-ad1d-1e7fc6cf03a3\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\95ef0b4a-e7e4-4f90-b321-417267e54cac\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\9a6f12e4-a827-4a7e-b313-715d31479557\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\9a90fe7d-faea-4513-a4f8-69c89d1e1d1f\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\9ccf1d93-2509-4490-99f6-2eb31bfd226a\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\9d18a6dc-116c-41f4-817a-7209aec80662\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\a2abebcf-6661-471f-a79c-f69078c9e0b5\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\a404d8ab-8c86-4174-a190-f50e9bfd6338\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\a4e377f9-24d2-4429-94cd-63306ad54441\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\b655c67a-534b-4ec1-ba4b-500f329901fb\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\c158cca3-9997-4ca3-8646-141623c55f72\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\c34bf5fd-c0e8-4744-9691-2ef5bdedb2b5\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\e70d20a4-a190-471f-a5f0-a927bb252f69\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\f12ade78-3a81-4f07-830b-4a363cdef44e\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\f147c75f-fc58-4c03-ab04-6f49710378e6\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\f1ded677-f7c2-4c6c-9b47-9327755146c4\au_5899_rules\AddCertificate.exe
[2011.08.10 11:30:34 | 000,016,976 | ---- | M] (PC-Doctor, Inc.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\PCDr\Update\Rules\f2d4a2d4-407e-46bc-9aff-07fc8e1cb9c3\au_5899_rules\AddCertificate.exe
[2009.07.23 17:09:40 | 000,987,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\tele.ring Verbindungsmanager\LiveUpdate.exe
[2009.06.23 17:43:40 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\AnnaMariaWiegele\AppData\Roaming\tele.ring Verbindungsmanager\ouc.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\WINDOWS\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\WINDOWS\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\WINDOWS\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\drivers\iaStor.sys
[2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys
[2010.11.07 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_05602dde0a28e7f4\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\WINDOWS\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\WINDOWS\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\WINDOWS\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\WINDOWS\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\WINDOWS\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\WINDOWS\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\WINDOWS\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\WINDOWS\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\WINDOWS\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\WINDOWS\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 31.05.2012, 10:08

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{22FC9FE7-1A3E-4585-BA96-9C7E683938DD}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=IMH&o=2420&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A31&apn_dtid=^YYYYYY^YY^SE&apn_uid=2d395f18-281e-45b7-afbd-996f671d4017&apn_sauid=E945E712-7C49-4DCB-B36E-F237391FE19A&atb=sysid%3D2%3Aappid%3D688%3Auc76720266
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q="
[2011.09.27 13:49:34 | 000,000,931 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\AaxsfEDjXnDVnxg
[2012.01.03 21:13:34 | 000,002,443 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\jLyuJnlgsAXsfseGe
[2011.11.21 20:11:39 | 000,002,519 | ---- | M] () -- C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\TlfQtUpGOXotdd
[2011.11.21 20:11:39 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
O2:64bit: - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll (MusicLab, LLC)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (SearchCore for Browsers) - {B939CF93-F2CB-443d-956C-DC523D85C9DB} - C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll (MusicLab, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.05.01 00:01:00 | 000,000,053 | -HS- | M] () - Y:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1
O33 - MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\Shell - "" = AutoRun
O33 - MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
:Files
C:\Program Files (x86)\SearchCore for Browsers
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

annamariawie · 31.05.2012, 11:34

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{22FC9FE7-1A3E-4585-BA96-9C7E683938DD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22FC9FE7-1A3E-4585-BA96-9C7E683938DD}\ not found.
Registry key HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&sr=0&q=" removed from keyword.URL
C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\AaxsfEDjXnDVnxg moved successfully.
C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\jLyuJnlgsAXsfseGe moved successfully.
C:\Users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\searchplugins\TlfQtUpGOXotdd moved successfully.
C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64\BrowserConnection.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B939CF93-F2CB-443d-956C-DC523D85C9DB}\ deleted successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\BrowserConnection.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{872b5b88-9db5-4310-bdd0-ac189557e5f5} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3442671516-3624065718-80549224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Y:\AUTORUN.INF moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07293087-37ce-11e1-b9c3-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07293087-37ce-11e1-b9c3-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07293087-37ce-11e1-b9c3-ac72892e7362}\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{139c9afa-146b-11e1-bfbf-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{139c9afa-146b-11e1-bfbf-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{139c9afa-146b-11e1-bfbf-ac72892e7362}\ not found.
File "E:\WD SmartWare.exe" autoplay=true not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24c8f1ff-363c-11e1-8f69-ac72892e7362}\ not found.
File F:\setup.exe AUTORUN=1 not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fba9141-2db5-11e1-bb2f-ac72892e7362}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fba9160-2db5-11e1-bb2f-ac72892e7362}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0e9ebc-37bf-11e1-a2ae-ac72892e7362}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a0e9ecc-37bf-11e1-a2ae-ac72892e7362}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a516af-37cc-11e1-a002-ac72892e7362}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b1a516af-37cc-11e1-a002-ac72892e7362}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b1a516af-37cc-11e1-a002-ac72892e7362}\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\ not found.
File E:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File move failed. F:\AutoRun.exe scheduled to be moved on reboot.
========== FILES ==========
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\x64 folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\content folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension\components folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers\FirefoxExtension folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers\SearchCore for Browsers folder moved successfully.
C:\Program Files (x86)\SearchCore for Browsers folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AnnaMariaWiegele
->Temp folder emptied: 95164604 bytes
->Temporary Internet Files folder emptied: 1282362 bytes
->Java cache emptied: 4122322 bytes
->FireFox cache emptied: 849561326 bytes
->Google Chrome cache emptied: 6503519 bytes
->Flash cache emptied: 96032 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 256770 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85230 bytes
RecycleBin emptied: 49152 bytes
 
Total Files Cleaned = 913,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AnnaMariaWiegele
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 05312012_121258

Files\Folders moved on Reboot...
File\Folder F:\AutoRun.exe not found!
C:\Users\AnnaMariaWiegele\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Meine Rechner hat sich neugestartet und beim Neustart kam eine Meldung das der Herausgeber der Datei nicht verifiziert werden konnte und es kam die Frage "Trotzdem ausführen?" und ich hab auf ausführen gedrückt! Hoffe das war kein Fehler, aber konnte sonst nicht auf Rechner zugreifen!!

cosinus · 31.05.2012, 13:08

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

annamariawie · 31.05.2012, 14:20

Code:

ATTFilter

15:16:49.0173 11396	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:16:51.0177 11396	============================================================
15:16:51.0177 11396	Current date / time: 2012/05/31 15:16:51.0177
15:16:51.0177 11396	SystemInfo:
15:16:51.0177 11396	
15:16:51.0177 11396	OS Version: 6.1.7601 ServicePack: 1.0
15:16:51.0177 11396	Product type: Workstation
15:16:51.0177 11396	ComputerName: ANNAMARIAWIEGEL
15:16:51.0178 11396	UserName: AnnaMariaWiegele
15:16:51.0178 11396	Windows directory: C:\windows
15:16:51.0178 11396	System windows directory: C:\windows
15:16:51.0178 11396	Running under WOW64
15:16:51.0178 11396	Processor architecture: Intel x64
15:16:51.0178 11396	Number of processors: 4
15:16:51.0178 11396	Page size: 0x1000
15:16:51.0178 11396	Boot type: Normal boot
15:16:51.0178 11396	============================================================
15:16:51.0568 11396	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:51.0576 11396	Drive \Device\Harddisk2\DR2 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:16:51.0578 11396	============================================================
15:16:51.0578 11396	\Device\Harddisk0\DR0:
15:16:51.0578 11396	MBR partitions:
15:16:51.0578 11396	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:16:51.0578 11396	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
15:16:51.0578 11396	\Device\Harddisk2\DR2:
15:16:51.0578 11396	MBR partitions:
15:16:51.0578 11396	\Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3E7DF
15:16:51.0578 11396	============================================================
15:16:51.0602 11396	C: <-> \Device\Harddisk0\DR0\Partition1
15:16:51.0602 11396	============================================================
15:16:51.0602 11396	Initialize success
15:16:51.0602 11396	============================================================
15:17:14.0269 12148	============================================================
15:17:14.0269 12148	Scan started
15:17:14.0269 12148	Mode: Manual; SigCheck; TDLFS; 
15:17:14.0269 12148	============================================================
15:17:14.0699 12148	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:17:14.0828 12148	1394ohci - ok
15:17:14.0868 12148	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:17:14.0883 12148	ACPI - ok
15:17:14.0924 12148	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:17:14.0982 12148	AcpiPmi - ok
15:17:15.0110 12148	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:15.0136 12148	AdobeARMservice - ok
15:17:15.0273 12148	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:15.0299 12148	AdobeFlashPlayerUpdateSvc - ok
15:17:15.0364 12148	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:17:15.0393 12148	adp94xx - ok
15:17:15.0434 12148	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:17:15.0475 12148	adpahci - ok
15:17:15.0490 12148	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:17:15.0501 12148	adpu320 - ok
15:17:15.0527 12148	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:17:15.0664 12148	AeLookupSvc - ok
15:17:15.0732 12148	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:17:15.0809 12148	AESTFilters - ok
15:17:15.0872 12148	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:17:15.0956 12148	AFD - ok
15:17:16.0003 12148	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:17:16.0033 12148	agp440 - ok
15:17:16.0067 12148	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:17:16.0109 12148	ALG - ok
15:17:16.0138 12148	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:17:16.0165 12148	aliide - ok
15:17:16.0193 12148	AMD External Events Utility (e6ce56be2c8bff7464554629829a1271) C:\windows\system32\atiesrxx.exe
15:17:16.0303 12148	AMD External Events Utility - ok
15:17:16.0333 12148	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:17:16.0343 12148	amdide - ok
15:17:16.0374 12148	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:17:16.0422 12148	AmdK8 - ok
15:17:16.0757 12148	amdkmdag        (e3cc08f03c55a284fbfd79071822df43) C:\windows\system32\DRIVERS\atikmdag.sys
15:17:17.0011 12148	amdkmdag - ok
15:17:17.0146 12148	amdkmdap        (f8976e22afd861cf67b6e2d3b4995cdb) C:\windows\system32\DRIVERS\atikmpag.sys
15:17:17.0216 12148	amdkmdap - ok
15:17:17.0233 12148	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
15:17:17.0261 12148	AmdPPM - ok
15:17:17.0289 12148	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:17:17.0299 12148	amdsata - ok
15:17:17.0340 12148	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:17:17.0367 12148	amdsbs - ok
15:17:17.0377 12148	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:17:17.0387 12148	amdxata - ok
15:17:17.0431 12148	ApfiltrService  (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
15:17:19.0581 12148	ApfiltrService - ok
15:17:19.0617 12148	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:17:19.0688 12148	AppID - ok
15:17:19.0711 12148	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:17:19.0776 12148	AppIDSvc - ok
15:17:19.0789 12148	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:17:19.0836 12148	Appinfo - ok
15:17:19.0957 12148	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:19.0977 12148	Apple Mobile Device - ok
15:17:20.0010 12148	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:17:20.0037 12148	arc - ok
15:17:20.0055 12148	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:17:20.0066 12148	arcsas - ok
15:17:20.0133 12148	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:20.0155 12148	aspnet_state - ok
15:17:20.0193 12148	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
15:17:20.0218 12148	aswFsBlk - ok
15:17:20.0243 12148	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
15:17:20.0274 12148	aswMonFlt - ok
15:17:20.0308 12148	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
15:17:20.0336 12148	aswRdr - ok
15:17:20.0388 12148	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
15:17:20.0412 12148	aswSnx - ok
15:17:20.0449 12148	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
15:17:20.0486 12148	aswSP - ok
15:17:20.0519 12148	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
15:17:20.0531 12148	aswTdi - ok
15:17:20.0567 12148	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:17:20.0648 12148	AsyncMac - ok
15:17:20.0672 12148	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:17:20.0681 12148	atapi - ok
15:17:20.0743 12148	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:17:20.0817 12148	AudioEndpointBuilder - ok
15:17:20.0823 12148	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:17:20.0859 12148	AudioSrv - ok
15:17:20.0932 12148	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:17:20.0964 12148	avast! Antivirus - ok
15:17:21.0003 12148	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:17:21.0078 12148	AxInstSV - ok
15:17:21.0130 12148	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:17:21.0170 12148	b06bdrv - ok
15:17:21.0202 12148	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:17:21.0269 12148	b57nd60a - ok
15:17:21.0327 12148	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:17:21.0370 12148	BDESVC - ok
15:17:21.0397 12148	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:17:21.0460 12148	Beep - ok
15:17:21.0535 12148	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:17:21.0603 12148	BFE - ok
15:17:21.0653 12148	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
15:17:21.0715 12148	BITS - ok
15:17:21.0771 12148	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:17:21.0808 12148	blbdrive - ok
15:17:21.0929 12148	Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:17:21.0981 12148	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
15:17:21.0981 12148	Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
15:17:22.0046 12148	Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:17:22.0083 12148	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
15:17:22.0084 12148	Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
15:17:22.0178 12148	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:17:22.0201 12148	Bonjour Service - ok
15:17:22.0300 12148	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:17:22.0344 12148	bowser - ok
15:17:22.0368 12148	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:17:22.0421 12148	BrFiltLo - ok
15:17:22.0441 12148	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:17:22.0480 12148	BrFiltUp - ok
15:17:22.0524 12148	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:17:22.0586 12148	Browser - ok
15:17:22.0631 12148	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:17:22.0677 12148	Brserid - ok
15:17:22.0696 12148	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:17:22.0722 12148	BrSerWdm - ok
15:17:22.0747 12148	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:17:22.0794 12148	BrUsbMdm - ok
15:17:22.0821 12148	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:17:22.0870 12148	BrUsbSer - ok
15:17:22.0903 12148	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
15:17:22.0953 12148	BthEnum - ok
15:17:22.0982 12148	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:17:23.0034 12148	BTHMODEM - ok
15:17:23.0072 12148	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
15:17:23.0106 12148	BthPan - ok
15:17:23.0153 12148	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
15:17:23.0203 12148	BTHPORT - ok
15:17:23.0237 12148	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:17:23.0271 12148	bthserv - ok
15:17:23.0309 12148	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
15:17:23.0350 12148	BTHUSB - ok
15:17:23.0385 12148	btmaux          (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
15:17:23.0394 12148	btmaux - ok
15:17:23.0420 12148	btmhsf          (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
15:17:23.0482 12148	btmhsf - ok
15:17:23.0505 12148	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:17:23.0584 12148	cdfs - ok
15:17:23.0636 12148	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:17:23.0667 12148	cdrom - ok
15:17:23.0688 12148	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:17:23.0733 12148	CertPropSvc - ok
15:17:23.0758 12148	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:17:23.0782 12148	circlass - ok
15:17:23.0813 12148	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:17:23.0848 12148	CLFS - ok
15:17:23.0913 12148	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:23.0936 12148	clr_optimization_v2.0.50727_32 - ok
15:17:23.0984 12148	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:24.0012 12148	clr_optimization_v2.0.50727_64 - ok
15:17:24.0062 12148	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:24.0086 12148	clr_optimization_v4.0.30319_32 - ok
15:17:24.0113 12148	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:24.0124 12148	clr_optimization_v4.0.30319_64 - ok
15:17:24.0166 12148	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:17:24.0204 12148	CmBatt - ok
15:17:24.0222 12148	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:17:24.0231 12148	cmdide - ok
15:17:24.0265 12148	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
15:17:24.0306 12148	CNG - ok
15:17:24.0343 12148	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
15:17:24.0352 12148	Compbatt - ok
15:17:24.0382 12148	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:17:24.0419 12148	CompositeBus - ok
15:17:24.0433 12148	COMSysApp - ok
15:17:24.0447 12148	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:17:24.0457 12148	crcdisk - ok
15:17:24.0493 12148	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
15:17:24.0547 12148	CryptSvc - ok
15:17:24.0602 12148	CtClsFlt        (df214bff646880d0eb31bdc86136b29b) C:\windows\system32\DRIVERS\CtClsFlt.sys
15:17:24.0632 12148	CtClsFlt - ok
15:17:24.0750 12148	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:17:24.0785 12148	cvhsvc - ok
15:17:24.0831 12148	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:17:24.0905 12148	DcomLaunch - ok
15:17:24.0933 12148	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:17:24.0984 12148	defragsvc - ok
15:17:25.0044 12148	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:17:25.0123 12148	DfsC - ok
15:17:25.0173 12148	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:17:25.0232 12148	Dhcp - ok
15:17:25.0272 12148	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:17:25.0331 12148	discache - ok
15:17:25.0376 12148	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:17:25.0405 12148	Disk - ok
15:17:25.0430 12148	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:17:25.0468 12148	Dnscache - ok
15:17:25.0494 12148	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:17:25.0538 12148	dot3svc - ok
15:17:25.0556 12148	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:17:25.0624 12148	DPS - ok
15:17:25.0653 12148	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:17:25.0704 12148	drmkaud - ok
15:17:25.0758 12148	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:17:25.0783 12148	DXGKrnl - ok
15:17:25.0817 12148	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:17:25.0868 12148	EapHost - ok
15:17:26.0011 12148	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:17:26.0062 12148	ebdrv - ok
15:17:26.0142 12148	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:17:26.0178 12148	EFS - ok
15:17:26.0285 12148	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:17:26.0329 12148	ehRecvr - ok
15:17:26.0355 12148	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:17:26.0376 12148	ehSched - ok
15:17:26.0456 12148	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:17:26.0490 12148	elxstor - ok
15:17:26.0500 12148	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:17:26.0522 12148	ErrDev - ok
15:17:26.0585 12148	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:17:26.0640 12148	EventSystem - ok
15:17:26.0803 12148	EvtEng          (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:17:26.0837 12148	EvtEng - ok
15:17:26.0957 12148	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:17:26.0991 12148	exfat - ok
15:17:27.0010 12148	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:17:27.0071 12148	fastfat - ok
15:17:27.0123 12148	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:17:27.0176 12148	Fax - ok
15:17:27.0221 12148	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:17:27.0265 12148	fdc - ok
15:17:27.0307 12148	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:17:27.0347 12148	fdPHost - ok
15:17:27.0357 12148	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:17:27.0423 12148	FDResPub - ok
15:17:27.0455 12148	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:17:27.0465 12148	FileInfo - ok
15:17:27.0483 12148	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:17:27.0571 12148	Filetrace - ok
15:17:27.0604 12148	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:17:27.0629 12148	flpydisk - ok
15:17:27.0660 12148	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:17:27.0689 12148	FltMgr - ok
15:17:27.0745 12148	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:17:27.0802 12148	FontCache - ok
15:17:27.0856 12148	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:27.0881 12148	FontCache3.0.0.0 - ok
15:17:27.0937 12148	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:17:27.0958 12148	FsDepends - ok
15:17:27.0982 12148	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
15:17:28.0010 12148	Fs_Rec - ok
15:17:28.0043 12148	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:17:28.0079 12148	fvevol - ok
15:17:28.0114 12148	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:17:28.0124 12148	gagp30kx - ok
15:17:28.0155 12148	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:17:28.0163 12148	GEARAspiWDM - ok
15:17:28.0212 12148	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:17:28.0255 12148	gpsvc - ok
15:17:28.0340 12148	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:28.0367 12148	gupdate - ok
15:17:28.0379 12148	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:28.0387 12148	gupdatem - ok
15:17:28.0416 12148	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:17:28.0455 12148	hcw85cir - ok
15:17:28.0502 12148	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:17:28.0547 12148	HdAudAddService - ok
15:17:28.0583 12148	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:17:28.0644 12148	HDAudBus - ok
15:17:28.0671 12148	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:17:28.0703 12148	HidBatt - ok
15:17:28.0725 12148	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:17:28.0765 12148	HidBth - ok
15:17:28.0793 12148	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:17:28.0827 12148	HidIr - ok
15:17:28.0852 12148	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
15:17:28.0890 12148	hidserv - ok
15:17:28.0934 12148	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
15:17:28.0968 12148	HidUsb - ok
15:17:28.0993 12148	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:17:29.0043 12148	hkmsvc - ok
15:17:29.0077 12148	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:17:29.0119 12148	HomeGroupListener - ok
15:17:29.0161 12148	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:17:29.0203 12148	HomeGroupProvider - ok
15:17:29.0248 12148	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:17:29.0276 12148	HpSAMD - ok
15:17:29.0334 12148	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:17:29.0409 12148	HTTP - ok
15:17:29.0458 12148	hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\windows\system32\DRIVERS\ewusbmdm.sys
15:17:29.0487 12148	hwdatacard - ok
15:17:29.0497 12148	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:17:29.0506 12148	hwpolicy - ok
15:17:29.0530 12148	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\windows\system32\DRIVERS\ewusbdev.sys
15:17:29.0584 12148	hwusbdev - ok
15:17:29.0640 12148	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:17:29.0668 12148	i8042prt - ok
15:17:29.0688 12148	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
15:17:29.0704 12148	iaStor - ok
15:17:29.0781 12148	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:17:29.0792 12148	IAStorDataMgrSvc - ok
15:17:29.0816 12148	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:17:29.0834 12148	iaStorV - ok
15:17:29.0870 12148	iBtFltCoex      (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
15:17:29.0904 12148	iBtFltCoex - ok
15:17:30.0014 12148	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:30.0041 12148	idsvc - ok
15:17:30.0076 12148	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:17:30.0085 12148	iirsp - ok
15:17:30.0128 12148	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:17:30.0184 12148	IKEEXT - ok
15:17:30.0228 12148	intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
15:17:30.0248 12148	intaud_WaveExtensible - ok
15:17:30.0311 12148	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
15:17:30.0346 12148	IntcDAud - ok
15:17:30.0359 12148	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:17:30.0368 12148	intelide - ok
15:17:30.0805 12148	intelkmd        (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdpmd64.sys
15:17:31.0100 12148	intelkmd - ok
15:17:31.0211 12148	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:17:31.0240 12148	intelppm - ok
15:17:31.0275 12148	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:17:31.0320 12148	IPBusEnum - ok
15:17:31.0345 12148	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:17:31.0383 12148	IpFilterDriver - ok
15:17:31.0433 12148	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:17:31.0506 12148	iphlpsvc - ok
15:17:31.0517 12148	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:17:31.0541 12148	IPMIDRV - ok
15:17:31.0559 12148	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:17:31.0628 12148	IPNAT - ok
15:17:31.0734 12148	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:17:31.0772 12148	iPod Service - ok
15:17:31.0810 12148	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:17:31.0857 12148	IRENUM - ok
15:17:31.0881 12148	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:17:31.0892 12148	isapnp - ok
15:17:31.0917 12148	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:17:31.0930 12148	iScsiPrt - ok
15:17:31.0961 12148	iwdbus          (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
15:17:31.0971 12148	iwdbus - ok
15:17:31.0995 12148	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:17:32.0005 12148	kbdclass - ok
15:17:32.0034 12148	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
15:17:32.0086 12148	kbdhid - ok
15:17:32.0109 12148	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:32.0120 12148	KeyIso - ok
15:17:32.0141 12148	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
15:17:32.0151 12148	KSecDD - ok
15:17:32.0172 12148	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
15:17:32.0183 12148	KSecPkg - ok
15:17:32.0223 12148	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:17:32.0289 12148	ksthunk - ok
15:17:32.0343 12148	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:17:32.0390 12148	KtmRm - ok
15:17:32.0433 12148	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
15:17:32.0489 12148	LanmanServer - ok
15:17:32.0535 12148	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:17:32.0585 12148	LanmanWorkstation - ok
15:17:32.0634 12148	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:17:32.0709 12148	lltdio - ok
15:17:32.0745 12148	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:17:32.0803 12148	lltdsvc - ok
15:17:32.0829 12148	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:17:32.0890 12148	lmhosts - ok
15:17:33.0000 12148	LMS             (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:17:33.0029 12148	LMS - ok
15:17:33.0060 12148	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:17:33.0071 12148	LSI_FC - ok
15:17:33.0103 12148	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:17:33.0114 12148	LSI_SAS - ok
15:17:33.0134 12148	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:17:33.0143 12148	LSI_SAS2 - ok
15:17:33.0165 12148	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:17:33.0176 12148	LSI_SCSI - ok
15:17:33.0204 12148	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:17:33.0250 12148	luafv - ok
15:17:33.0290 12148	massfilter - ok
15:17:33.0349 12148	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
15:17:33.0363 12148	MBAMProtector - ok
15:17:33.0419 12148	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:33.0453 12148	MBAMService - ok
15:17:33.0492 12148	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:17:33.0535 12148	Mcx2Svc - ok
15:17:33.0565 12148	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:17:33.0594 12148	megasas - ok
15:17:33.0617 12148	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:17:33.0630 12148	MegaSR - ok
15:17:33.0641 12148	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
15:17:33.0651 12148	MEIx64 - ok
15:17:33.0673 12148	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:17:33.0720 12148	MMCSS - ok
15:17:33.0739 12148	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:17:33.0786 12148	Modem - ok
15:17:33.0809 12148	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:17:33.0833 12148	monitor - ok
15:17:33.0862 12148	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:17:33.0892 12148	mouclass - ok
15:17:33.0920 12148	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:17:33.0956 12148	mouhid - ok
15:17:33.0995 12148	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:17:34.0005 12148	mountmgr - ok
15:17:34.0067 12148	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:17:34.0101 12148	MozillaMaintenance - ok
15:17:34.0116 12148	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:17:34.0127 12148	mpio - ok
15:17:34.0153 12148	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:17:34.0181 12148	mpsdrv - ok
15:17:34.0246 12148	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
15:17:34.0288 12148	MpsSvc - ok
15:17:34.0295 12148	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:17:34.0324 12148	MRxDAV - ok
15:17:34.0362 12148	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:17:34.0416 12148	mrxsmb - ok
15:17:34.0441 12148	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:17:34.0455 12148	mrxsmb10 - ok
15:17:34.0472 12148	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:17:34.0484 12148	mrxsmb20 - ok
15:17:34.0508 12148	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:17:34.0518 12148	msahci - ok
15:17:34.0538 12148	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:17:34.0549 12148	msdsm - ok
15:17:34.0586 12148	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:17:34.0625 12148	MSDTC - ok
15:17:34.0649 12148	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:17:34.0714 12148	Msfs - ok
15:17:34.0734 12148	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:17:34.0776 12148	mshidkmdf - ok
15:17:34.0802 12148	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:17:34.0811 12148	msisadrv - ok
15:17:34.0846 12148	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:17:34.0891 12148	MSiSCSI - ok
15:17:34.0893 12148	msiserver - ok
15:17:34.0920 12148	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:17:34.0987 12148	MSKSSRV - ok
15:17:35.0000 12148	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:17:35.0047 12148	MSPCLOCK - ok
15:17:35.0075 12148	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:17:35.0139 12148	MSPQM - ok
15:17:35.0169 12148	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:17:35.0183 12148	MsRPC - ok
15:17:35.0201 12148	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:17:35.0211 12148	mssmbios - ok
15:17:35.0232 12148	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:17:35.0289 12148	MSTEE - ok
15:17:35.0321 12148	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:17:35.0353 12148	MTConfig - ok
15:17:35.0386 12148	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:17:35.0396 12148	Mup - ok
15:17:35.0476 12148	MyWiFiDHCPDNS   (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:17:35.0493 12148	MyWiFiDHCPDNS - ok
15:17:35.0530 12148	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:17:35.0614 12148	napagent - ok
15:17:35.0669 12148	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:17:35.0710 12148	NativeWifiP - ok
15:17:35.0816 12148	NAUpdate        (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:17:35.0850 12148	NAUpdate - ok
15:17:35.0918 12148	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
15:17:35.0950 12148	NDIS - ok
15:17:35.0979 12148	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:17:36.0038 12148	NdisCap - ok
15:17:36.0066 12148	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:17:36.0095 12148	NdisTapi - ok
15:17:36.0126 12148	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:17:36.0189 12148	Ndisuio - ok
15:17:36.0205 12148	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:17:36.0241 12148	NdisWan - ok
15:17:36.0271 12148	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:17:36.0332 12148	NDProxy - ok
15:17:36.0354 12148	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:17:36.0396 12148	NetBIOS - ok
15:17:36.0432 12148	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:17:36.0462 12148	NetBT - ok
15:17:36.0487 12148	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:36.0498 12148	Netlogon - ok
15:17:36.0533 12148	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:17:36.0596 12148	Netman - ok
15:17:36.0670 12148	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0688 12148	NetMsmqActivator - ok
15:17:36.0691 12148	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0700 12148	NetPipeActivator - ok
15:17:36.0743 12148	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:17:36.0813 12148	netprofm - ok
15:17:36.0816 12148	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0825 12148	NetTcpActivator - ok
15:17:36.0828 12148	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0837 12148	NetTcpPortSharing - ok
15:17:37.0302 12148	NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
15:17:37.0578 12148	NETwNs64 - ok
15:17:37.0694 12148	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:17:37.0710 12148	nfrd960 - ok
15:17:37.0750 12148	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:17:37.0811 12148	NlaSvc - ok
15:17:37.0980 12148	NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:17:38.0031 12148	NOBU - ok
15:17:38.0132 12148	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:17:38.0175 12148	Npfs - ok
15:17:38.0207 12148	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:17:38.0285 12148	nsi - ok
15:17:38.0301 12148	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:17:38.0338 12148	nsiproxy - ok
15:17:38.0416 12148	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:17:38.0453 12148	Ntfs - ok
15:17:38.0557 12148	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:17:38.0623 12148	Null - ok
15:17:38.0654 12148	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
15:17:38.0682 12148	nusb3hub - ok
15:17:38.0700 12148	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
15:17:38.0723 12148	nusb3xhc - ok
15:17:38.0761 12148	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:17:38.0788 12148	nvraid - ok
15:17:38.0814 12148	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:17:38.0825 12148	nvstor - ok
15:17:38.0851 12148	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:17:38.0863 12148	nv_agp - ok
15:17:38.0876 12148	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:17:38.0901 12148	ohci1394 - ok
15:17:39.0006 12148	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:17:39.0028 12148	ose - ok
15:17:39.0271 12148	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:17:39.0413 12148	osppsvc - ok
15:17:39.0509 12148	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:17:39.0550 12148	p2pimsvc - ok
15:17:39.0584 12148	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:17:39.0602 12148	p2psvc - ok
15:17:39.0663 12148	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:17:39.0708 12148	Parport - ok
15:17:39.0737 12148	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
15:17:39.0756 12148	partmgr - ok
15:17:39.0793 12148	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:17:39.0828 12148	PcaSvc - ok
15:17:39.0866 12148	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:17:39.0897 12148	pci - ok
15:17:39.0914 12148	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:17:39.0923 12148	pciide - ok
15:17:39.0940 12148	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:17:39.0953 12148	pcmcia - ok
15:17:39.0969 12148	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:17:39.0978 12148	pcw - ok
15:17:40.0008 12148	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:17:40.0090 12148	PEAUTH - ok
15:17:40.0180 12148	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:17:40.0233 12148	PerfHost - ok
15:17:40.0362 12148	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:17:40.0422 12148	pla - ok
15:17:40.0479 12148	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:17:40.0516 12148	PlugPlay - ok
15:17:40.0545 12148	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:17:40.0584 12148	PNRPAutoReg - ok
15:17:40.0605 12148	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:17:40.0622 12148	PNRPsvc - ok
15:17:40.0666 12148	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:17:40.0740 12148	PolicyAgent - ok
15:17:40.0773 12148	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:17:40.0841 12148	Power - ok
15:17:40.0911 12148	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:17:40.0989 12148	PptpMiniport - ok
15:17:41.0005 12148	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:17:41.0035 12148	Processor - ok
15:17:41.0088 12148	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
15:17:41.0153 12148	ProfSvc - ok
15:17:41.0176 12148	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:41.0198 12148	ProtectedStorage - ok
15:17:41.0241 12148	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:17:41.0315 12148	Psched - ok
15:17:41.0347 12148	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
15:17:41.0357 12148	PxHlpa64 - ok
15:17:41.0425 12148	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:17:41.0458 12148	ql2300 - ok
15:17:41.0572 12148	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:17:41.0584 12148	ql40xx - ok
15:17:41.0619 12148	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:17:41.0639 12148	QWAVE - ok
15:17:41.0654 12148	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:17:41.0683 12148	QWAVEdrv - ok
15:17:41.0699 12148	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:17:41.0735 12148	RasAcd - ok
15:17:41.0773 12148	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:17:41.0801 12148	RasAgileVpn - ok
15:17:41.0837 12148	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:17:41.0916 12148	RasAuto - ok
15:17:41.0938 12148	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:17:41.0986 12148	Rasl2tp - ok
15:17:42.0018 12148	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:17:42.0071 12148	RasMan - ok
15:17:42.0107 12148	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:17:42.0163 12148	RasPppoe - ok
15:17:42.0193 12148	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:17:42.0251 12148	RasSstp - ok
15:17:42.0280 12148	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:17:42.0326 12148	rdbss - ok
15:17:42.0359 12148	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:17:42.0393 12148	rdpbus - ok
15:17:42.0413 12148	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:17:42.0442 12148	RDPCDD - ok
15:17:42.0456 12148	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:17:42.0523 12148	RDPENCDD - ok
15:17:42.0541 12148	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:17:42.0570 12148	RDPREFMP - ok
15:17:42.0609 12148	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
15:17:42.0649 12148	RDPWD - ok
15:17:42.0684 12148	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:17:42.0717 12148	rdyboost - ok
15:17:42.0832 12148	RegSrvc         (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:17:42.0872 12148	RegSrvc - ok
15:17:42.0903 12148	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:17:42.0943 12148	RemoteAccess - ok
15:17:42.0987 12148	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:17:43.0046 12148	RemoteRegistry - ok
15:17:43.0110 12148	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
15:17:43.0151 12148	RFCOMM - ok
15:17:43.0297 12148	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:17:43.0331 12148	RoxMediaDB12OEM - ok
15:17:43.0353 12148	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:17:43.0365 12148	RoxWatch12 - ok
15:17:43.0455 12148	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:17:43.0537 12148	RpcEptMapper - ok
15:17:43.0565 12148	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:17:43.0588 12148	RpcLocator - ok
15:17:43.0622 12148	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:17:43.0660 12148	RpcSs - ok
15:17:43.0703 12148	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:17:43.0753 12148	rspndr - ok
15:17:43.0809 12148	RSUSBSTOR       (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
15:17:43.0831 12148	RSUSBSTOR - ok
15:17:43.0865 12148	RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
15:17:43.0881 12148	RTL8167 - ok
15:17:43.0899 12148	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:43.0911 12148	SamSs - ok
15:17:43.0927 12148	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:17:43.0937 12148	sbp2port - ok
15:17:43.0970 12148	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:17:44.0048 12148	SCardSvr - ok
15:17:44.0077 12148	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:17:44.0140 12148	scfilter - ok
15:17:44.0185 12148	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:17:44.0252 12148	Schedule - ok
15:17:44.0279 12148	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:17:44.0306 12148	SCPolicySvc - ok
15:17:44.0331 12148	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:17:44.0365 12148	SDRSVC - ok
15:17:44.0417 12148	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:17:44.0495 12148	secdrv - ok
15:17:44.0510 12148	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:17:44.0540 12148	seclogon - ok
15:17:44.0573 12148	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
15:17:44.0649 12148	SENS - ok
15:17:44.0668 12148	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:17:44.0694 12148	SensrSvc - ok
15:17:44.0716 12148	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:17:44.0754 12148	Serenum - ok
15:17:44.0776 12148	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:17:44.0800 12148	Serial - ok
15:17:44.0828 12148	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:17:44.0866 12148	sermouse - ok
15:17:44.0909 12148	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:17:44.0964 12148	SessionEnv - ok
15:17:44.0994 12148	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:17:45.0027 12148	sffdisk - ok
15:17:45.0043 12148	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:17:45.0066 12148	sffp_mmc - ok
15:17:45.0069 12148	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:17:45.0088 12148	sffp_sd - ok
15:17:45.0115 12148	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:17:45.0141 12148	sfloppy - ok
15:17:45.0210 12148	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
15:17:45.0244 12148	Sftfs - ok
15:17:45.0309 12148	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:17:45.0333 12148	sftlist - ok
15:17:45.0357 12148	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:17:45.0368 12148	Sftplay - ok
15:17:45.0390 12148	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:17:45.0398 12148	Sftredir - ok
15:17:45.0504 12148	SftService      (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:17:45.0538 12148	SftService - ok
15:17:45.0643 12148	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:17:45.0658 12148	Sftvol - ok
15:17:45.0714 12148	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:17:45.0725 12148	sftvsa - ok
15:17:45.0764 12148	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
15:17:45.0810 12148	SharedAccess - ok
15:17:45.0843 12148	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:17:45.0910 12148	ShellHWDetection - ok
15:17:45.0947 12148	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:17:45.0957 12148	SiSRaid2 - ok
15:17:45.0973 12148	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:17:45.0984 12148	SiSRaid4 - ok
15:17:46.0019 12148	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:17:46.0093 12148	Smb - ok
15:17:46.0119 12148	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:17:46.0164 12148	SNMPTRAP - ok
15:17:46.0196 12148	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:17:46.0225 12148	spldr - ok
15:17:46.0255 12148	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:17:46.0295 12148	Spooler - ok
15:17:46.0439 12148	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:17:46.0527 12148	sppsvc - ok
15:17:46.0619 12148	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:17:46.0667 12148	sppuinotify - ok
15:17:46.0732 12148	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:17:46.0795 12148	srv - ok
15:17:46.0839 12148	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:17:46.0876 12148	srv2 - ok
15:17:46.0901 12148	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:17:46.0913 12148	srvnet - ok
15:17:46.0952 12148	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:17:47.0000 12148	SSDPSRV - ok
15:17:47.0013 12148	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:17:47.0044 12148	SstpSvc - ok
15:17:47.0118 12148	STacSV          (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
15:17:47.0146 12148	STacSV - ok
15:17:47.0177 12148	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:17:47.0191 12148	stexstor - ok
15:17:47.0260 12148	STHDA           (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
15:17:47.0294 12148	STHDA - ok
15:17:47.0347 12148	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:17:47.0399 12148	stisvc - ok
15:17:47.0478 12148	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:17:47.0504 12148	stllssvr - ok
15:17:47.0528 12148	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:17:47.0537 12148	swenum - ok
15:17:47.0568 12148	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:17:47.0619 12148	swprv - ok
15:17:47.0689 12148	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:17:47.0747 12148	SysMain - ok
15:17:47.0843 12148	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:17:47.0906 12148	TabletInputService - ok
15:17:47.0933 12148	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:17:47.0972 12148	TapiSrv - ok
15:17:47.0993 12148	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:17:48.0063 12148	TBS - ok
15:17:48.0177 12148	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
15:17:48.0217 12148	Tcpip - ok
15:17:48.0410 12148	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
15:17:48.0444 12148	TCPIP6 - ok
15:17:48.0544 12148	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:17:48.0633 12148	tcpipreg - ok
15:17:48.0655 12148	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:17:48.0677 12148	TDPIPE - ok
15:17:48.0707 12148	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:17:48.0738 12148	TDTCP - ok
15:17:48.0782 12148	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:17:48.0834 12148	tdx - ok
15:17:48.0849 12148	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:17:48.0859 12148	TermDD - ok
15:17:48.0900 12148	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:17:48.0955 12148	TermService - ok
15:17:48.0979 12148	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:17:49.0017 12148	Themes - ok
15:17:49.0041 12148	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:17:49.0092 12148	THREADORDER - ok
15:17:49.0105 12148	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:17:49.0169 12148	TrkWks - ok
15:17:49.0224 12148	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:17:49.0297 12148	TrustedInstaller - ok
15:17:49.0316 12148	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:17:49.0377 12148	tssecsrv - ok
15:17:49.0397 12148	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:17:49.0418 12148	TsUsbFlt - ok
15:17:49.0446 12148	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:17:49.0456 12148	TsUsbGD - ok
15:17:49.0532 12148	TuneUp.Defrag   (4650febe40936f13f1ea6c67ffcff7ec) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
15:17:49.0562 12148	TuneUp.Defrag - ok
15:17:49.0640 12148	TuneUp.UtilitiesSvc (99bb325af16e38f1d6a63e7185f00b4c) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
15:17:49.0665 12148	TuneUp.UtilitiesSvc - ok
15:17:49.0700 12148	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
15:17:49.0721 12148	TuneUpUtilitiesDrv - ok
15:17:49.0843 12148	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:17:49.0894 12148	tunnel - ok
15:17:49.0924 12148	TurboB          (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
15:17:49.0935 12148	TurboB - ok
15:17:49.0970 12148	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:17:49.0995 12148	TurboBoost - ok
15:17:50.0027 12148	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:17:50.0045 12148	uagp35 - ok
15:17:50.0077 12148	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:17:50.0138 12148	udfs - ok
15:17:50.0171 12148	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:17:50.0221 12148	UI0Detect - ok
15:17:50.0260 12148	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:17:50.0270 12148	uliagpkx - ok
15:17:50.0291 12148	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:17:50.0334 12148	umbus - ok
15:17:50.0360 12148	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:17:50.0405 12148	UmPass - ok
15:17:50.0579 12148	UNS             (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:17:50.0621 12148	UNS - ok
15:17:50.0707 12148	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:17:50.0770 12148	upnphost - ok
15:17:50.0849 12148	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
15:17:50.0891 12148	USBAAPL64 - ok
15:17:50.0922 12148	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
15:17:50.0960 12148	usbccgp - ok
15:17:51.0005 12148	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:17:51.0031 12148	usbcir - ok
15:17:51.0048 12148	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
15:17:51.0069 12148	usbehci - ok
15:17:51.0108 12148	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:17:51.0150 12148	usbhub - ok
15:17:51.0163 12148	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
15:17:51.0190 12148	usbohci - ok
15:17:51.0219 12148	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
15:17:51.0266 12148	usbprint - ok
15:17:51.0297 12148	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:17:51.0326 12148	USBSTOR - ok
15:17:51.0339 12148	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
15:17:51.0380 12148	usbuhci - ok
15:17:51.0409 12148	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
15:17:51.0448 12148	usbvideo - ok
15:17:51.0474 12148	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:17:51.0549 12148	UxSms - ok
15:17:51.0577 12148	UxTuneUp        (a66a7b27d8e2faf6f4ea2debb8aa7440) C:\windows\System32\uxtuneup.dll
15:17:51.0587 12148	UxTuneUp - ok
15:17:51.0611 12148	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:51.0622 12148	VaultSvc - ok
15:17:51.0660 12148	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:17:51.0686 12148	vdrvroot - ok
15:17:51.0730 12148	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:17:51.0793 12148	vds - ok
15:17:51.0811 12148	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:17:51.0825 12148	vga - ok
15:17:51.0840 12148	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:17:51.0905 12148	VgaSave - ok
15:17:51.0928 12148	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:17:51.0941 12148	vhdmp - ok
15:17:51.0963 12148	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:17:51.0972 12148	viaide - ok
15:17:52.0006 12148	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:17:52.0021 12148	volmgr - ok
15:17:52.0051 12148	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:17:52.0067 12148	volmgrx - ok
15:17:52.0092 12148	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:17:52.0104 12148	volsnap - ok
15:17:52.0149 12148	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:17:52.0170 12148	vsmraid - ok
15:17:52.0255 12148	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:17:52.0313 12148	VSS - ok
15:17:52.0420 12148	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:17:52.0452 12148	vwifibus - ok
15:17:52.0479 12148	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:17:52.0527 12148	vwififlt - ok
15:17:52.0565 12148	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
15:17:52.0614 12148	vwifimp - ok
15:17:52.0656 12148	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:17:52.0703 12148	W32Time - ok
15:17:52.0724 12148	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:17:52.0762 12148	WacomPen - ok
15:17:52.0814 12148	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:17:52.0863 12148	WANARP - ok
15:17:52.0866 12148	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:17:52.0894 12148	Wanarpv6 - ok
15:17:52.0999 12148	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:17:53.0038 12148	WatAdminSvc - ok
15:17:53.0125 12148	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:17:53.0171 12148	wbengine - ok
15:17:53.0261 12148	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:17:53.0309 12148	WbioSrvc - ok
15:17:53.0335 12148	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:17:53.0368 12148	wcncsvc - ok
15:17:53.0390 12148	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:17:53.0417 12148	WcsPlugInService - ok
15:17:53.0466 12148	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:17:53.0498 12148	Wd - ok
15:17:53.0539 12148	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:17:53.0579 12148	Wdf01000 - ok
15:17:53.0593 12148	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:17:53.0619 12148	WdiServiceHost - ok
15:17:53.0621 12148	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:17:53.0639 12148	WdiSystemHost - ok
15:17:53.0673 12148	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:17:53.0716 12148	WebClient - ok
15:17:53.0741 12148	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:17:53.0824 12148	Wecsvc - ok
15:17:53.0841 12148	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:17:53.0872 12148	wercplsupport - ok
15:17:53.0884 12148	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:17:53.0916 12148	WerSvc - ok
15:17:53.0961 12148	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:17:54.0011 12148	WfpLwf - ok
15:17:54.0044 12148	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
15:17:54.0056 12148	WimFltr - ok
15:17:54.0067 12148	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:17:54.0077 12148	WIMMount - ok
15:17:54.0116 12148	WinDefend - ok
15:17:54.0133 12148	WinHttpAutoProxySvc - ok
15:17:54.0193 12148	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:17:54.0247 12148	Winmgmt - ok
15:17:54.0355 12148	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:17:54.0409 12148	WinRM - ok
15:17:54.0534 12148	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
15:17:54.0594 12148	WinUsb - ok
15:17:54.0657 12148	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:17:54.0701 12148	Wlansvc - ok
15:17:54.0763 12148	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:17:54.0790 12148	wlcrasvc - ok
15:17:54.0928 12148	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:17:54.0972 12148	wlidsvc - ok
15:17:55.0081 12148	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
15:17:55.0110 12148	WmiAcpi - ok
15:17:55.0161 12148	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:17:55.0196 12148	wmiApSrv - ok
15:17:55.0241 12148	WMPNetworkSvc - ok
15:17:55.0290 12148	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:17:55.0302 12148	WPCSvc - ok
15:17:55.0319 12148	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:17:55.0334 12148	WPDBusEnum - ok
15:17:55.0359 12148	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:17:55.0388 12148	ws2ifsl - ok
15:17:55.0398 12148	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
15:17:55.0434 12148	wscsvc - ok
15:17:55.0437 12148	WSearch - ok
15:17:55.0555 12148	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
15:17:55.0629 12148	wuauserv - ok
15:17:55.0728 12148	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:17:55.0781 12148	WudfPf - ok
15:17:55.0810 12148	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:17:55.0872 12148	WUDFRd - ok
15:17:55.0901 12148	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:17:55.0934 12148	wudfsvc - ok
15:17:55.0960 12148	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:17:56.0006 12148	WwanSvc - ok
15:17:56.0041 12148	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:17:56.0944 12148	\Device\Harddisk0\DR0 - ok
15:17:56.0955 12148	MBR (0x1B8)     (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
15:17:58.0555 12148	\Device\Harddisk2\DR2 - ok
15:17:58.0595 12148	Boot (0x1200)   (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
15:17:58.0598 12148	\Device\Harddisk0\DR0\Partition0 - ok
15:17:58.0611 12148	Boot (0x1200)   (bb466bb716b7e27640db25132c4819c9) \Device\Harddisk0\DR0\Partition1
15:17:58.0614 12148	\Device\Harddisk0\DR0\Partition1 - ok
15:17:58.0620 12148	Boot (0x1200)   (af27ae8c542f01c43a90321c7485d70b) \Device\Harddisk2\DR2\Partition0
15:17:58.0622 12148	\Device\Harddisk2\DR2\Partition0 - ok
15:17:58.0633 12148	============================================================
15:17:58.0633 12148	Scan finished
15:17:58.0633 12148	============================================================
15:17:58.0648 12088	Detected object count: 2
15:17:58.0648 12088	Actual detected object count: 2
15:18:14.0275 12088	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:14.0275 12088	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:14.0275 12088	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:14.0276 12088	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

Code:

ATTFilter

15:16:49.0173 11396	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
15:16:51.0177 11396	============================================================
15:16:51.0177 11396	Current date / time: 2012/05/31 15:16:51.0177
15:16:51.0177 11396	SystemInfo:
15:16:51.0177 11396	
15:16:51.0177 11396	OS Version: 6.1.7601 ServicePack: 1.0
15:16:51.0177 11396	Product type: Workstation
15:16:51.0177 11396	ComputerName: ANNAMARIAWIEGEL
15:16:51.0178 11396	UserName: AnnaMariaWiegele
15:16:51.0178 11396	Windows directory: C:\windows
15:16:51.0178 11396	System windows directory: C:\windows
15:16:51.0178 11396	Running under WOW64
15:16:51.0178 11396	Processor architecture: Intel x64
15:16:51.0178 11396	Number of processors: 4
15:16:51.0178 11396	Page size: 0x1000
15:16:51.0178 11396	Boot type: Normal boot
15:16:51.0178 11396	============================================================
15:16:51.0568 11396	Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:16:51.0576 11396	Drive \Device\Harddisk2\DR2 - Size: 0x7D00000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:16:51.0578 11396	============================================================
15:16:51.0578 11396	\Device\Harddisk0\DR0:
15:16:51.0578 11396	MBR partitions:
15:16:51.0578 11396	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
15:16:51.0578 11396	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x48AD92B0
15:16:51.0578 11396	\Device\Harddisk2\DR2:
15:16:51.0578 11396	MBR partitions:
15:16:51.0578 11396	\Device\Harddisk2\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x3E7DF
15:16:51.0578 11396	============================================================
15:16:51.0602 11396	C: <-> \Device\Harddisk0\DR0\Partition1
15:16:51.0602 11396	============================================================
15:16:51.0602 11396	Initialize success
15:16:51.0602 11396	============================================================
15:17:14.0269 12148	============================================================
15:17:14.0269 12148	Scan started
15:17:14.0269 12148	Mode: Manual; SigCheck; TDLFS; 
15:17:14.0269 12148	============================================================
15:17:14.0699 12148	1394ohci        (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
15:17:14.0828 12148	1394ohci - ok
15:17:14.0868 12148	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
15:17:14.0883 12148	ACPI - ok
15:17:14.0924 12148	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
15:17:14.0982 12148	AcpiPmi - ok
15:17:15.0110 12148	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:17:15.0136 12148	AdobeARMservice - ok
15:17:15.0273 12148	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:17:15.0299 12148	AdobeFlashPlayerUpdateSvc - ok
15:17:15.0364 12148	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
15:17:15.0393 12148	adp94xx - ok
15:17:15.0434 12148	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
15:17:15.0475 12148	adpahci - ok
15:17:15.0490 12148	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
15:17:15.0501 12148	adpu320 - ok
15:17:15.0527 12148	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
15:17:15.0664 12148	AeLookupSvc - ok
15:17:15.0732 12148	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
15:17:15.0809 12148	AESTFilters - ok
15:17:15.0872 12148	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
15:17:15.0956 12148	AFD - ok
15:17:16.0003 12148	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
15:17:16.0033 12148	agp440 - ok
15:17:16.0067 12148	ALG             (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
15:17:16.0109 12148	ALG - ok
15:17:16.0138 12148	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
15:17:16.0165 12148	aliide - ok
15:17:16.0193 12148	AMD External Events Utility (e6ce56be2c8bff7464554629829a1271) C:\windows\system32\atiesrxx.exe
15:17:16.0303 12148	AMD External Events Utility - ok
15:17:16.0333 12148	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
15:17:16.0343 12148	amdide - ok
15:17:16.0374 12148	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
15:17:16.0422 12148	AmdK8 - ok
15:17:16.0757 12148	amdkmdag        (e3cc08f03c55a284fbfd79071822df43) C:\windows\system32\DRIVERS\atikmdag.sys
15:17:17.0011 12148	amdkmdag - ok
15:17:17.0146 12148	amdkmdap        (f8976e22afd861cf67b6e2d3b4995cdb) C:\windows\system32\DRIVERS\atikmpag.sys
15:17:17.0216 12148	amdkmdap - ok
15:17:17.0233 12148	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
15:17:17.0261 12148	AmdPPM - ok
15:17:17.0289 12148	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
15:17:17.0299 12148	amdsata - ok
15:17:17.0340 12148	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
15:17:17.0367 12148	amdsbs - ok
15:17:17.0377 12148	amdxata         (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
15:17:17.0387 12148	amdxata - ok
15:17:17.0431 12148	ApfiltrService  (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
15:17:19.0581 12148	ApfiltrService - ok
15:17:19.0617 12148	AppID           (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
15:17:19.0688 12148	AppID - ok
15:17:19.0711 12148	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
15:17:19.0776 12148	AppIDSvc - ok
15:17:19.0789 12148	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
15:17:19.0836 12148	Appinfo - ok
15:17:19.0957 12148	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:17:19.0977 12148	Apple Mobile Device - ok
15:17:20.0010 12148	arc             (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
15:17:20.0037 12148	arc - ok
15:17:20.0055 12148	arcsas          (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
15:17:20.0066 12148	arcsas - ok
15:17:20.0133 12148	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
15:17:20.0155 12148	aspnet_state - ok
15:17:20.0193 12148	aswFsBlk        (b9da213b5271db5fce962d827e6d620d) C:\windows\system32\drivers\aswFsBlk.sys
15:17:20.0218 12148	aswFsBlk - ok
15:17:20.0243 12148	aswMonFlt       (21c9835d0e5ad2ff0f16134bcb32cc71) C:\windows\system32\drivers\aswMonFlt.sys
15:17:20.0274 12148	aswMonFlt - ok
15:17:20.0308 12148	aswRdr          (1b96a5867abd4fa6135d8298fcccf9c6) C:\windows\System32\Drivers\aswrdr2.sys
15:17:20.0336 12148	aswRdr - ok
15:17:20.0388 12148	aswSnx          (6e98bb288696777a3a8a07a52b0eaee9) C:\windows\system32\drivers\aswSnx.sys
15:17:20.0412 12148	aswSnx - ok
15:17:20.0449 12148	aswSP           (d9fb49f16e4eb02efecae8cbfe4bcb4c) C:\windows\system32\drivers\aswSP.sys
15:17:20.0486 12148	aswSP - ok
15:17:20.0519 12148	aswTdi          (7352bb9a564b94bbd7c9cbf165f55006) C:\windows\system32\drivers\aswTdi.sys
15:17:20.0531 12148	aswTdi - ok
15:17:20.0567 12148	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
15:17:20.0648 12148	AsyncMac - ok
15:17:20.0672 12148	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
15:17:20.0681 12148	atapi - ok
15:17:20.0743 12148	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:17:20.0817 12148	AudioEndpointBuilder - ok
15:17:20.0823 12148	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
15:17:20.0859 12148	AudioSrv - ok
15:17:20.0932 12148	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
15:17:20.0964 12148	avast! Antivirus - ok
15:17:21.0003 12148	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
15:17:21.0078 12148	AxInstSV - ok
15:17:21.0130 12148	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
15:17:21.0170 12148	b06bdrv - ok
15:17:21.0202 12148	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
15:17:21.0269 12148	b57nd60a - ok
15:17:21.0327 12148	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
15:17:21.0370 12148	BDESVC - ok
15:17:21.0397 12148	Beep            (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
15:17:21.0460 12148	Beep - ok
15:17:21.0535 12148	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
15:17:21.0603 12148	BFE - ok
15:17:21.0653 12148	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
15:17:21.0715 12148	BITS - ok
15:17:21.0771 12148	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
15:17:21.0808 12148	blbdrive - ok
15:17:21.0929 12148	Bluetooth Device Monitor (093b1b419ef25b15d3a1ca6953f41afb) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
15:17:21.0981 12148	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
15:17:21.0981 12148	Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
15:17:22.0046 12148	Bluetooth Media Service (03a7341e94acd92e0831336d4f3ace92) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
15:17:22.0083 12148	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
15:17:22.0084 12148	Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
15:17:22.0178 12148	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:17:22.0201 12148	Bonjour Service - ok
15:17:22.0300 12148	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
15:17:22.0344 12148	bowser - ok
15:17:22.0368 12148	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
15:17:22.0421 12148	BrFiltLo - ok
15:17:22.0441 12148	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
15:17:22.0480 12148	BrFiltUp - ok
15:17:22.0524 12148	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
15:17:22.0586 12148	Browser - ok
15:17:22.0631 12148	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
15:17:22.0677 12148	Brserid - ok
15:17:22.0696 12148	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
15:17:22.0722 12148	BrSerWdm - ok
15:17:22.0747 12148	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
15:17:22.0794 12148	BrUsbMdm - ok
15:17:22.0821 12148	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
15:17:22.0870 12148	BrUsbSer - ok
15:17:22.0903 12148	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
15:17:22.0953 12148	BthEnum - ok
15:17:22.0982 12148	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
15:17:23.0034 12148	BTHMODEM - ok
15:17:23.0072 12148	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
15:17:23.0106 12148	BthPan - ok
15:17:23.0153 12148	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys
15:17:23.0203 12148	BTHPORT - ok
15:17:23.0237 12148	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
15:17:23.0271 12148	bthserv - ok
15:17:23.0309 12148	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys
15:17:23.0350 12148	BTHUSB - ok
15:17:23.0385 12148	btmaux          (16c1bac9760c9fa85a30f3fa0fbb1b7a) C:\windows\system32\DRIVERS\btmaux.sys
15:17:23.0394 12148	btmaux - ok
15:17:23.0420 12148	btmhsf          (0c468d8da95be16bfdd380bb9de88259) C:\windows\system32\DRIVERS\btmhsf.sys
15:17:23.0482 12148	btmhsf - ok
15:17:23.0505 12148	cdfs            (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
15:17:23.0584 12148	cdfs - ok
15:17:23.0636 12148	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
15:17:23.0667 12148	cdrom - ok
15:17:23.0688 12148	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:17:23.0733 12148	CertPropSvc - ok
15:17:23.0758 12148	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
15:17:23.0782 12148	circlass - ok
15:17:23.0813 12148	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
15:17:23.0848 12148	CLFS - ok
15:17:23.0913 12148	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:17:23.0936 12148	clr_optimization_v2.0.50727_32 - ok
15:17:23.0984 12148	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:17:24.0012 12148	clr_optimization_v2.0.50727_64 - ok
15:17:24.0062 12148	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:17:24.0086 12148	clr_optimization_v4.0.30319_32 - ok
15:17:24.0113 12148	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:17:24.0124 12148	clr_optimization_v4.0.30319_64 - ok
15:17:24.0166 12148	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
15:17:24.0204 12148	CmBatt - ok
15:17:24.0222 12148	cmdide          (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
15:17:24.0231 12148	cmdide - ok
15:17:24.0265 12148	CNG             (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
15:17:24.0306 12148	CNG - ok
15:17:24.0343 12148	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
15:17:24.0352 12148	Compbatt - ok
15:17:24.0382 12148	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
15:17:24.0419 12148	CompositeBus - ok
15:17:24.0433 12148	COMSysApp - ok
15:17:24.0447 12148	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
15:17:24.0457 12148	crcdisk - ok
15:17:24.0493 12148	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
15:17:24.0547 12148	CryptSvc - ok
15:17:24.0602 12148	CtClsFlt        (df214bff646880d0eb31bdc86136b29b) C:\windows\system32\DRIVERS\CtClsFlt.sys
15:17:24.0632 12148	CtClsFlt - ok
15:17:24.0750 12148	cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:17:24.0785 12148	cvhsvc - ok
15:17:24.0831 12148	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:17:24.0905 12148	DcomLaunch - ok
15:17:24.0933 12148	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
15:17:24.0984 12148	defragsvc - ok
15:17:25.0044 12148	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
15:17:25.0123 12148	DfsC - ok
15:17:25.0173 12148	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
15:17:25.0232 12148	Dhcp - ok
15:17:25.0272 12148	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
15:17:25.0331 12148	discache - ok
15:17:25.0376 12148	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
15:17:25.0405 12148	Disk - ok
15:17:25.0430 12148	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
15:17:25.0468 12148	Dnscache - ok
15:17:25.0494 12148	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
15:17:25.0538 12148	dot3svc - ok
15:17:25.0556 12148	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
15:17:25.0624 12148	DPS - ok
15:17:25.0653 12148	drmkaud         (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
15:17:25.0704 12148	drmkaud - ok
15:17:25.0758 12148	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
15:17:25.0783 12148	DXGKrnl - ok
15:17:25.0817 12148	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
15:17:25.0868 12148	EapHost - ok
15:17:26.0011 12148	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
15:17:26.0062 12148	ebdrv - ok
15:17:26.0142 12148	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
15:17:26.0178 12148	EFS - ok
15:17:26.0285 12148	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
15:17:26.0329 12148	ehRecvr - ok
15:17:26.0355 12148	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
15:17:26.0376 12148	ehSched - ok
15:17:26.0456 12148	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
15:17:26.0490 12148	elxstor - ok
15:17:26.0500 12148	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
15:17:26.0522 12148	ErrDev - ok
15:17:26.0585 12148	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
15:17:26.0640 12148	EventSystem - ok
15:17:26.0803 12148	EvtEng          (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:17:26.0837 12148	EvtEng - ok
15:17:26.0957 12148	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
15:17:26.0991 12148	exfat - ok
15:17:27.0010 12148	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
15:17:27.0071 12148	fastfat - ok
15:17:27.0123 12148	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
15:17:27.0176 12148	Fax - ok
15:17:27.0221 12148	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
15:17:27.0265 12148	fdc - ok
15:17:27.0307 12148	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
15:17:27.0347 12148	fdPHost - ok
15:17:27.0357 12148	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
15:17:27.0423 12148	FDResPub - ok
15:17:27.0455 12148	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
15:17:27.0465 12148	FileInfo - ok
15:17:27.0483 12148	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
15:17:27.0571 12148	Filetrace - ok
15:17:27.0604 12148	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
15:17:27.0629 12148	flpydisk - ok
15:17:27.0660 12148	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
15:17:27.0689 12148	FltMgr - ok
15:17:27.0745 12148	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
15:17:27.0802 12148	FontCache - ok
15:17:27.0856 12148	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:17:27.0881 12148	FontCache3.0.0.0 - ok
15:17:27.0937 12148	FsDepends       (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
15:17:27.0958 12148	FsDepends - ok
15:17:27.0982 12148	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
15:17:28.0010 12148	Fs_Rec - ok
15:17:28.0043 12148	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
15:17:28.0079 12148	fvevol - ok
15:17:28.0114 12148	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
15:17:28.0124 12148	gagp30kx - ok
15:17:28.0155 12148	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
15:17:28.0163 12148	GEARAspiWDM - ok
15:17:28.0212 12148	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
15:17:28.0255 12148	gpsvc - ok
15:17:28.0340 12148	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:28.0367 12148	gupdate - ok
15:17:28.0379 12148	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:17:28.0387 12148	gupdatem - ok
15:17:28.0416 12148	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
15:17:28.0455 12148	hcw85cir - ok
15:17:28.0502 12148	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
15:17:28.0547 12148	HdAudAddService - ok
15:17:28.0583 12148	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
15:17:28.0644 12148	HDAudBus - ok
15:17:28.0671 12148	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
15:17:28.0703 12148	HidBatt - ok
15:17:28.0725 12148	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
15:17:28.0765 12148	HidBth - ok
15:17:28.0793 12148	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
15:17:28.0827 12148	HidIr - ok
15:17:28.0852 12148	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
15:17:28.0890 12148	hidserv - ok
15:17:28.0934 12148	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
15:17:28.0968 12148	HidUsb - ok
15:17:28.0993 12148	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
15:17:29.0043 12148	hkmsvc - ok
15:17:29.0077 12148	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
15:17:29.0119 12148	HomeGroupListener - ok
15:17:29.0161 12148	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
15:17:29.0203 12148	HomeGroupProvider - ok
15:17:29.0248 12148	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
15:17:29.0276 12148	HpSAMD - ok
15:17:29.0334 12148	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
15:17:29.0409 12148	HTTP - ok
15:17:29.0458 12148	hwdatacard      (d969d0e26c5b1e813b17066a8318d5d4) C:\windows\system32\DRIVERS\ewusbmdm.sys
15:17:29.0487 12148	hwdatacard - ok
15:17:29.0497 12148	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
15:17:29.0506 12148	hwpolicy - ok
15:17:29.0530 12148	hwusbdev        (b45b3647ba32749b94fa689175ec8c26) C:\windows\system32\DRIVERS\ewusbdev.sys
15:17:29.0584 12148	hwusbdev - ok
15:17:29.0640 12148	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
15:17:29.0668 12148	i8042prt - ok
15:17:29.0688 12148	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
15:17:29.0704 12148	iaStor - ok
15:17:29.0781 12148	IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:17:29.0792 12148	IAStorDataMgrSvc - ok
15:17:29.0816 12148	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
15:17:29.0834 12148	iaStorV - ok
15:17:29.0870 12148	iBtFltCoex      (fc85972037815fa7b413e790b426acb2) C:\windows\system32\DRIVERS\iBtFltCoex.sys
15:17:29.0904 12148	iBtFltCoex - ok
15:17:30.0014 12148	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:17:30.0041 12148	idsvc - ok
15:17:30.0076 12148	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
15:17:30.0085 12148	iirsp - ok
15:17:30.0128 12148	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
15:17:30.0184 12148	IKEEXT - ok
15:17:30.0228 12148	intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
15:17:30.0248 12148	intaud_WaveExtensible - ok
15:17:30.0311 12148	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
15:17:30.0346 12148	IntcDAud - ok
15:17:30.0359 12148	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
15:17:30.0368 12148	intelide - ok
15:17:30.0805 12148	intelkmd        (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdpmd64.sys
15:17:31.0100 12148	intelkmd - ok
15:17:31.0211 12148	intelppm        (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
15:17:31.0240 12148	intelppm - ok
15:17:31.0275 12148	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
15:17:31.0320 12148	IPBusEnum - ok
15:17:31.0345 12148	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
15:17:31.0383 12148	IpFilterDriver - ok
15:17:31.0433 12148	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
15:17:31.0506 12148	iphlpsvc - ok
15:17:31.0517 12148	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
15:17:31.0541 12148	IPMIDRV - ok
15:17:31.0559 12148	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
15:17:31.0628 12148	IPNAT - ok
15:17:31.0734 12148	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
15:17:31.0772 12148	iPod Service - ok
15:17:31.0810 12148	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
15:17:31.0857 12148	IRENUM - ok
15:17:31.0881 12148	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
15:17:31.0892 12148	isapnp - ok
15:17:31.0917 12148	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
15:17:31.0930 12148	iScsiPrt - ok
15:17:31.0961 12148	iwdbus          (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
15:17:31.0971 12148	iwdbus - ok
15:17:31.0995 12148	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
15:17:32.0005 12148	kbdclass - ok
15:17:32.0034 12148	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
15:17:32.0086 12148	kbdhid - ok
15:17:32.0109 12148	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:32.0120 12148	KeyIso - ok
15:17:32.0141 12148	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
15:17:32.0151 12148	KSecDD - ok
15:17:32.0172 12148	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
15:17:32.0183 12148	KSecPkg - ok
15:17:32.0223 12148	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
15:17:32.0289 12148	ksthunk - ok
15:17:32.0343 12148	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
15:17:32.0390 12148	KtmRm - ok
15:17:32.0433 12148	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
15:17:32.0489 12148	LanmanServer - ok
15:17:32.0535 12148	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
15:17:32.0585 12148	LanmanWorkstation - ok
15:17:32.0634 12148	lltdio          (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
15:17:32.0709 12148	lltdio - ok
15:17:32.0745 12148	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
15:17:32.0803 12148	lltdsvc - ok
15:17:32.0829 12148	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
15:17:32.0890 12148	lmhosts - ok
15:17:33.0000 12148	LMS             (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:17:33.0029 12148	LMS - ok
15:17:33.0060 12148	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
15:17:33.0071 12148	LSI_FC - ok
15:17:33.0103 12148	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
15:17:33.0114 12148	LSI_SAS - ok
15:17:33.0134 12148	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
15:17:33.0143 12148	LSI_SAS2 - ok
15:17:33.0165 12148	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
15:17:33.0176 12148	LSI_SCSI - ok
15:17:33.0204 12148	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
15:17:33.0250 12148	luafv - ok
15:17:33.0290 12148	massfilter - ok
15:17:33.0349 12148	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
15:17:33.0363 12148	MBAMProtector - ok
15:17:33.0419 12148	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:17:33.0453 12148	MBAMService - ok
15:17:33.0492 12148	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
15:17:33.0535 12148	Mcx2Svc - ok
15:17:33.0565 12148	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
15:17:33.0594 12148	megasas - ok
15:17:33.0617 12148	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
15:17:33.0630 12148	MegaSR - ok
15:17:33.0641 12148	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\windows\system32\DRIVERS\HECIx64.sys
15:17:33.0651 12148	MEIx64 - ok
15:17:33.0673 12148	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:17:33.0720 12148	MMCSS - ok
15:17:33.0739 12148	Modem           (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
15:17:33.0786 12148	Modem - ok
15:17:33.0809 12148	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
15:17:33.0833 12148	monitor - ok
15:17:33.0862 12148	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
15:17:33.0892 12148	mouclass - ok
15:17:33.0920 12148	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
15:17:33.0956 12148	mouhid - ok
15:17:33.0995 12148	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
15:17:34.0005 12148	mountmgr - ok
15:17:34.0067 12148	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:17:34.0101 12148	MozillaMaintenance - ok
15:17:34.0116 12148	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
15:17:34.0127 12148	mpio - ok
15:17:34.0153 12148	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
15:17:34.0181 12148	mpsdrv - ok
15:17:34.0246 12148	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
15:17:34.0288 12148	MpsSvc - ok
15:17:34.0295 12148	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
15:17:34.0324 12148	MRxDAV - ok
15:17:34.0362 12148	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
15:17:34.0416 12148	mrxsmb - ok
15:17:34.0441 12148	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
15:17:34.0455 12148	mrxsmb10 - ok
15:17:34.0472 12148	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
15:17:34.0484 12148	mrxsmb20 - ok
15:17:34.0508 12148	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
15:17:34.0518 12148	msahci - ok
15:17:34.0538 12148	msdsm           (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
15:17:34.0549 12148	msdsm - ok
15:17:34.0586 12148	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
15:17:34.0625 12148	MSDTC - ok
15:17:34.0649 12148	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
15:17:34.0714 12148	Msfs - ok
15:17:34.0734 12148	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
15:17:34.0776 12148	mshidkmdf - ok
15:17:34.0802 12148	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
15:17:34.0811 12148	msisadrv - ok
15:17:34.0846 12148	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
15:17:34.0891 12148	MSiSCSI - ok
15:17:34.0893 12148	msiserver - ok
15:17:34.0920 12148	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
15:17:34.0987 12148	MSKSSRV - ok
15:17:35.0000 12148	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
15:17:35.0047 12148	MSPCLOCK - ok
15:17:35.0075 12148	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
15:17:35.0139 12148	MSPQM - ok
15:17:35.0169 12148	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
15:17:35.0183 12148	MsRPC - ok
15:17:35.0201 12148	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
15:17:35.0211 12148	mssmbios - ok
15:17:35.0232 12148	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
15:17:35.0289 12148	MSTEE - ok
15:17:35.0321 12148	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
15:17:35.0353 12148	MTConfig - ok
15:17:35.0386 12148	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
15:17:35.0396 12148	Mup - ok
15:17:35.0476 12148	MyWiFiDHCPDNS   (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
15:17:35.0493 12148	MyWiFiDHCPDNS - ok
15:17:35.0530 12148	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
15:17:35.0614 12148	napagent - ok
15:17:35.0669 12148	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
15:17:35.0710 12148	NativeWifiP - ok
15:17:35.0816 12148	NAUpdate        (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
15:17:35.0850 12148	NAUpdate - ok
15:17:35.0918 12148	NDIS            (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
15:17:35.0950 12148	NDIS - ok
15:17:35.0979 12148	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
15:17:36.0038 12148	NdisCap - ok
15:17:36.0066 12148	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
15:17:36.0095 12148	NdisTapi - ok
15:17:36.0126 12148	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
15:17:36.0189 12148	Ndisuio - ok
15:17:36.0205 12148	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
15:17:36.0241 12148	NdisWan - ok
15:17:36.0271 12148	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
15:17:36.0332 12148	NDProxy - ok
15:17:36.0354 12148	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
15:17:36.0396 12148	NetBIOS - ok
15:17:36.0432 12148	NetBT           (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
15:17:36.0462 12148	NetBT - ok
15:17:36.0487 12148	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:36.0498 12148	Netlogon - ok
15:17:36.0533 12148	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
15:17:36.0596 12148	Netman - ok
15:17:36.0670 12148	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0688 12148	NetMsmqActivator - ok
15:17:36.0691 12148	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0700 12148	NetPipeActivator - ok
15:17:36.0743 12148	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
15:17:36.0813 12148	netprofm - ok
15:17:36.0816 12148	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0825 12148	NetTcpActivator - ok
15:17:36.0828 12148	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
15:17:36.0837 12148	NetTcpPortSharing - ok
15:17:37.0302 12148	NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\windows\system32\DRIVERS\NETwNs64.sys
15:17:37.0578 12148	NETwNs64 - ok
15:17:37.0694 12148	nfrd960         (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
15:17:37.0710 12148	nfrd960 - ok
15:17:37.0750 12148	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
15:17:37.0811 12148	NlaSvc - ok
15:17:37.0980 12148	NOBU            (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
15:17:38.0031 12148	NOBU - ok
15:17:38.0132 12148	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
15:17:38.0175 12148	Npfs - ok
15:17:38.0207 12148	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
15:17:38.0285 12148	nsi - ok
15:17:38.0301 12148	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
15:17:38.0338 12148	nsiproxy - ok
15:17:38.0416 12148	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
15:17:38.0453 12148	Ntfs - ok
15:17:38.0557 12148	Null            (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
15:17:38.0623 12148	Null - ok
15:17:38.0654 12148	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\windows\system32\DRIVERS\nusb3hub.sys
15:17:38.0682 12148	nusb3hub - ok
15:17:38.0700 12148	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\windows\system32\DRIVERS\nusb3xhc.sys
15:17:38.0723 12148	nusb3xhc - ok
15:17:38.0761 12148	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
15:17:38.0788 12148	nvraid - ok
15:17:38.0814 12148	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
15:17:38.0825 12148	nvstor - ok
15:17:38.0851 12148	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
15:17:38.0863 12148	nv_agp - ok
15:17:38.0876 12148	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
15:17:38.0901 12148	ohci1394 - ok
15:17:39.0006 12148	ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:17:39.0028 12148	ose - ok
15:17:39.0271 12148	osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:17:39.0413 12148	osppsvc - ok
15:17:39.0509 12148	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:17:39.0550 12148	p2pimsvc - ok
15:17:39.0584 12148	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
15:17:39.0602 12148	p2psvc - ok
15:17:39.0663 12148	Parport         (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
15:17:39.0708 12148	Parport - ok
15:17:39.0737 12148	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
15:17:39.0756 12148	partmgr - ok
15:17:39.0793 12148	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
15:17:39.0828 12148	PcaSvc - ok
15:17:39.0866 12148	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
15:17:39.0897 12148	pci - ok
15:17:39.0914 12148	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
15:17:39.0923 12148	pciide - ok
15:17:39.0940 12148	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
15:17:39.0953 12148	pcmcia - ok
15:17:39.0969 12148	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
15:17:39.0978 12148	pcw - ok
15:17:40.0008 12148	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
15:17:40.0090 12148	PEAUTH - ok
15:17:40.0180 12148	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
15:17:40.0233 12148	PerfHost - ok
15:17:40.0362 12148	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
15:17:40.0422 12148	pla - ok
15:17:40.0479 12148	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
15:17:40.0516 12148	PlugPlay - ok
15:17:40.0545 12148	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
15:17:40.0584 12148	PNRPAutoReg - ok
15:17:40.0605 12148	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
15:17:40.0622 12148	PNRPsvc - ok
15:17:40.0666 12148	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
15:17:40.0740 12148	PolicyAgent - ok
15:17:40.0773 12148	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
15:17:40.0841 12148	Power - ok
15:17:40.0911 12148	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
15:17:40.0989 12148	PptpMiniport - ok
15:17:41.0005 12148	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
15:17:41.0035 12148	Processor - ok
15:17:41.0088 12148	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
15:17:41.0153 12148	ProfSvc - ok
15:17:41.0176 12148	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:41.0198 12148	ProtectedStorage - ok
15:17:41.0241 12148	Psched          (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
15:17:41.0315 12148	Psched - ok
15:17:41.0347 12148	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
15:17:41.0357 12148	PxHlpa64 - ok
15:17:41.0425 12148	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
15:17:41.0458 12148	ql2300 - ok
15:17:41.0572 12148	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
15:17:41.0584 12148	ql40xx - ok
15:17:41.0619 12148	QWAVE           (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
15:17:41.0639 12148	QWAVE - ok
15:17:41.0654 12148	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
15:17:41.0683 12148	QWAVEdrv - ok
15:17:41.0699 12148	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
15:17:41.0735 12148	RasAcd - ok
15:17:41.0773 12148	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
15:17:41.0801 12148	RasAgileVpn - ok
15:17:41.0837 12148	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
15:17:41.0916 12148	RasAuto - ok
15:17:41.0938 12148	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
15:17:41.0986 12148	Rasl2tp - ok
15:17:42.0018 12148	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
15:17:42.0071 12148	RasMan - ok
15:17:42.0107 12148	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
15:17:42.0163 12148	RasPppoe - ok
15:17:42.0193 12148	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
15:17:42.0251 12148	RasSstp - ok
15:17:42.0280 12148	rdbss           (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
15:17:42.0326 12148	rdbss - ok
15:17:42.0359 12148	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
15:17:42.0393 12148	rdpbus - ok
15:17:42.0413 12148	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
15:17:42.0442 12148	RDPCDD - ok
15:17:42.0456 12148	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
15:17:42.0523 12148	RDPENCDD - ok
15:17:42.0541 12148	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
15:17:42.0570 12148	RDPREFMP - ok
15:17:42.0609 12148	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
15:17:42.0649 12148	RDPWD - ok
15:17:42.0684 12148	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
15:17:42.0717 12148	rdyboost - ok
15:17:42.0832 12148	RegSrvc         (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:17:42.0872 12148	RegSrvc - ok
15:17:42.0903 12148	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
15:17:42.0943 12148	RemoteAccess - ok
15:17:42.0987 12148	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
15:17:43.0046 12148	RemoteRegistry - ok
15:17:43.0110 12148	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
15:17:43.0151 12148	RFCOMM - ok
15:17:43.0297 12148	RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
15:17:43.0331 12148	RoxMediaDB12OEM - ok
15:17:43.0353 12148	RoxWatch12      (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
15:17:43.0365 12148	RoxWatch12 - ok
15:17:43.0455 12148	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
15:17:43.0537 12148	RpcEptMapper - ok
15:17:43.0565 12148	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
15:17:43.0588 12148	RpcLocator - ok
15:17:43.0622 12148	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
15:17:43.0660 12148	RpcSs - ok
15:17:43.0703 12148	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
15:17:43.0753 12148	rspndr - ok
15:17:43.0809 12148	RSUSBSTOR       (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
15:17:43.0831 12148	RSUSBSTOR - ok
15:17:43.0865 12148	RTL8167         (2777226ee8bf50b059d7a7c90177e99c) C:\windows\system32\DRIVERS\Rt64win7.sys
15:17:43.0881 12148	RTL8167 - ok
15:17:43.0899 12148	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:43.0911 12148	SamSs - ok
15:17:43.0927 12148	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
15:17:43.0937 12148	sbp2port - ok
15:17:43.0970 12148	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
15:17:44.0048 12148	SCardSvr - ok
15:17:44.0077 12148	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
15:17:44.0140 12148	scfilter - ok
15:17:44.0185 12148	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
15:17:44.0252 12148	Schedule - ok
15:17:44.0279 12148	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
15:17:44.0306 12148	SCPolicySvc - ok
15:17:44.0331 12148	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
15:17:44.0365 12148	SDRSVC - ok
15:17:44.0417 12148	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
15:17:44.0495 12148	secdrv - ok
15:17:44.0510 12148	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
15:17:44.0540 12148	seclogon - ok
15:17:44.0573 12148	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
15:17:44.0649 12148	SENS - ok
15:17:44.0668 12148	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
15:17:44.0694 12148	SensrSvc - ok
15:17:44.0716 12148	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
15:17:44.0754 12148	Serenum - ok
15:17:44.0776 12148	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
15:17:44.0800 12148	Serial - ok
15:17:44.0828 12148	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
15:17:44.0866 12148	sermouse - ok
15:17:44.0909 12148	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
15:17:44.0964 12148	SessionEnv - ok
15:17:44.0994 12148	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
15:17:45.0027 12148	sffdisk - ok
15:17:45.0043 12148	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
15:17:45.0066 12148	sffp_mmc - ok
15:17:45.0069 12148	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
15:17:45.0088 12148	sffp_sd - ok
15:17:45.0115 12148	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
15:17:45.0141 12148	sfloppy - ok
15:17:45.0210 12148	Sftfs           (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
15:17:45.0244 12148	Sftfs - ok
15:17:45.0309 12148	sftlist         (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:17:45.0333 12148	sftlist - ok
15:17:45.0357 12148	Sftplay         (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
15:17:45.0368 12148	Sftplay - ok
15:17:45.0390 12148	Sftredir        (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
15:17:45.0398 12148	Sftredir - ok
15:17:45.0504 12148	SftService      (74ec60e20516aaa573be74f31175270f) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
15:17:45.0538 12148	SftService - ok
15:17:45.0643 12148	Sftvol          (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
15:17:45.0658 12148	Sftvol - ok
15:17:45.0714 12148	sftvsa          (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:17:45.0725 12148	sftvsa - ok
15:17:45.0764 12148	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
15:17:45.0810 12148	SharedAccess - ok
15:17:45.0843 12148	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
15:17:45.0910 12148	ShellHWDetection - ok
15:17:45.0947 12148	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
15:17:45.0957 12148	SiSRaid2 - ok
15:17:45.0973 12148	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
15:17:45.0984 12148	SiSRaid4 - ok
15:17:46.0019 12148	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
15:17:46.0093 12148	Smb - ok
15:17:46.0119 12148	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
15:17:46.0164 12148	SNMPTRAP - ok
15:17:46.0196 12148	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
15:17:46.0225 12148	spldr - ok
15:17:46.0255 12148	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
15:17:46.0295 12148	Spooler - ok
15:17:46.0439 12148	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
15:17:46.0527 12148	sppsvc - ok
15:17:46.0619 12148	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
15:17:46.0667 12148	sppuinotify - ok
15:17:46.0732 12148	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
15:17:46.0795 12148	srv - ok
15:17:46.0839 12148	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
15:17:46.0876 12148	srv2 - ok
15:17:46.0901 12148	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
15:17:46.0913 12148	srvnet - ok
15:17:46.0952 12148	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
15:17:47.0000 12148	SSDPSRV - ok
15:17:47.0013 12148	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
15:17:47.0044 12148	SstpSvc - ok
15:17:47.0118 12148	STacSV          (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
15:17:47.0146 12148	STacSV - ok
15:17:47.0177 12148	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
15:17:47.0191 12148	stexstor - ok
15:17:47.0260 12148	STHDA           (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
15:17:47.0294 12148	STHDA - ok
15:17:47.0347 12148	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
15:17:47.0399 12148	stisvc - ok
15:17:47.0478 12148	stllssvr        (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
15:17:47.0504 12148	stllssvr - ok
15:17:47.0528 12148	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
15:17:47.0537 12148	swenum - ok
15:17:47.0568 12148	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
15:17:47.0619 12148	swprv - ok
15:17:47.0689 12148	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
15:17:47.0747 12148	SysMain - ok
15:17:47.0843 12148	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
15:17:47.0906 12148	TabletInputService - ok
15:17:47.0933 12148	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
15:17:47.0972 12148	TapiSrv - ok
15:17:47.0993 12148	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
15:17:48.0063 12148	TBS - ok
15:17:48.0177 12148	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
15:17:48.0217 12148	Tcpip - ok
15:17:48.0410 12148	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
15:17:48.0444 12148	TCPIP6 - ok
15:17:48.0544 12148	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
15:17:48.0633 12148	tcpipreg - ok
15:17:48.0655 12148	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
15:17:48.0677 12148	TDPIPE - ok
15:17:48.0707 12148	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
15:17:48.0738 12148	TDTCP - ok
15:17:48.0782 12148	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
15:17:48.0834 12148	tdx - ok
15:17:48.0849 12148	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
15:17:48.0859 12148	TermDD - ok
15:17:48.0900 12148	TermService     (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
15:17:48.0955 12148	TermService - ok
15:17:48.0979 12148	Themes          (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
15:17:49.0017 12148	Themes - ok
15:17:49.0041 12148	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
15:17:49.0092 12148	THREADORDER - ok
15:17:49.0105 12148	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
15:17:49.0169 12148	TrkWks - ok
15:17:49.0224 12148	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
15:17:49.0297 12148	TrustedInstaller - ok
15:17:49.0316 12148	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
15:17:49.0377 12148	tssecsrv - ok
15:17:49.0397 12148	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
15:17:49.0418 12148	TsUsbFlt - ok
15:17:49.0446 12148	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
15:17:49.0456 12148	TsUsbGD - ok
15:17:49.0532 12148	TuneUp.Defrag   (4650febe40936f13f1ea6c67ffcff7ec) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
15:17:49.0562 12148	TuneUp.Defrag - ok
15:17:49.0640 12148	TuneUp.UtilitiesSvc (99bb325af16e38f1d6a63e7185f00b4c) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
15:17:49.0665 12148	TuneUp.UtilitiesSvc - ok
15:17:49.0700 12148	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
15:17:49.0721 12148	TuneUpUtilitiesDrv - ok
15:17:49.0843 12148	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
15:17:49.0894 12148	tunnel - ok
15:17:49.0924 12148	TurboB          (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
15:17:49.0935 12148	TurboB - ok
15:17:49.0970 12148	TurboBoost      (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
15:17:49.0995 12148	TurboBoost - ok
15:17:50.0027 12148	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
15:17:50.0045 12148	uagp35 - ok
15:17:50.0077 12148	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
15:17:50.0138 12148	udfs - ok
15:17:50.0171 12148	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
15:17:50.0221 12148	UI0Detect - ok
15:17:50.0260 12148	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
15:17:50.0270 12148	uliagpkx - ok
15:17:50.0291 12148	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
15:17:50.0334 12148	umbus - ok
15:17:50.0360 12148	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
15:17:50.0405 12148	UmPass - ok
15:17:50.0579 12148	UNS             (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:17:50.0621 12148	UNS - ok
15:17:50.0707 12148	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
15:17:50.0770 12148	upnphost - ok
15:17:50.0849 12148	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
15:17:50.0891 12148	USBAAPL64 - ok
15:17:50.0922 12148	usbccgp         (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
15:17:50.0960 12148	usbccgp - ok
15:17:51.0005 12148	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
15:17:51.0031 12148	usbcir - ok
15:17:51.0048 12148	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
15:17:51.0069 12148	usbehci - ok
15:17:51.0108 12148	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
15:17:51.0150 12148	usbhub - ok
15:17:51.0163 12148	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\windows\system32\drivers\usbohci.sys
15:17:51.0190 12148	usbohci - ok
15:17:51.0219 12148	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
15:17:51.0266 12148	usbprint - ok
15:17:51.0297 12148	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
15:17:51.0326 12148	USBSTOR - ok
15:17:51.0339 12148	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\windows\system32\drivers\usbuhci.sys
15:17:51.0380 12148	usbuhci - ok
15:17:51.0409 12148	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
15:17:51.0448 12148	usbvideo - ok
15:17:51.0474 12148	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
15:17:51.0549 12148	UxSms - ok
15:17:51.0577 12148	UxTuneUp        (a66a7b27d8e2faf6f4ea2debb8aa7440) C:\windows\System32\uxtuneup.dll
15:17:51.0587 12148	UxTuneUp - ok
15:17:51.0611 12148	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
15:17:51.0622 12148	VaultSvc - ok
15:17:51.0660 12148	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
15:17:51.0686 12148	vdrvroot - ok
15:17:51.0730 12148	vds             (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
15:17:51.0793 12148	vds - ok
15:17:51.0811 12148	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
15:17:51.0825 12148	vga - ok
15:17:51.0840 12148	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
15:17:51.0905 12148	VgaSave - ok
15:17:51.0928 12148	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
15:17:51.0941 12148	vhdmp - ok
15:17:51.0963 12148	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
15:17:51.0972 12148	viaide - ok
15:17:52.0006 12148	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
15:17:52.0021 12148	volmgr - ok
15:17:52.0051 12148	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
15:17:52.0067 12148	volmgrx - ok
15:17:52.0092 12148	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
15:17:52.0104 12148	volsnap - ok
15:17:52.0149 12148	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
15:17:52.0170 12148	vsmraid - ok
15:17:52.0255 12148	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
15:17:52.0313 12148	VSS - ok
15:17:52.0420 12148	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
15:17:52.0452 12148	vwifibus - ok
15:17:52.0479 12148	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
15:17:52.0527 12148	vwififlt - ok
15:17:52.0565 12148	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
15:17:52.0614 12148	vwifimp - ok
15:17:52.0656 12148	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
15:17:52.0703 12148	W32Time - ok
15:17:52.0724 12148	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
15:17:52.0762 12148	WacomPen - ok
15:17:52.0814 12148	WANARP          (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:17:52.0863 12148	WANARP - ok
15:17:52.0866 12148	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
15:17:52.0894 12148	Wanarpv6 - ok
15:17:52.0999 12148	WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
15:17:53.0038 12148	WatAdminSvc - ok
15:17:53.0125 12148	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
15:17:53.0171 12148	wbengine - ok
15:17:53.0261 12148	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
15:17:53.0309 12148	WbioSrvc - ok
15:17:53.0335 12148	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
15:17:53.0368 12148	wcncsvc - ok
15:17:53.0390 12148	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
15:17:53.0417 12148	WcsPlugInService - ok
15:17:53.0466 12148	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
15:17:53.0498 12148	Wd - ok
15:17:53.0539 12148	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
15:17:53.0579 12148	Wdf01000 - ok
15:17:53.0593 12148	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:17:53.0619 12148	WdiServiceHost - ok
15:17:53.0621 12148	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
15:17:53.0639 12148	WdiSystemHost - ok
15:17:53.0673 12148	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
15:17:53.0716 12148	WebClient - ok
15:17:53.0741 12148	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
15:17:53.0824 12148	Wecsvc - ok
15:17:53.0841 12148	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
15:17:53.0872 12148	wercplsupport - ok
15:17:53.0884 12148	WerSvc          (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
15:17:53.0916 12148	WerSvc - ok
15:17:53.0961 12148	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
15:17:54.0011 12148	WfpLwf - ok
15:17:54.0044 12148	WimFltr         (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
15:17:54.0056 12148	WimFltr - ok
15:17:54.0067 12148	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
15:17:54.0077 12148	WIMMount - ok
15:17:54.0116 12148	WinDefend - ok
15:17:54.0133 12148	WinHttpAutoProxySvc - ok
15:17:54.0193 12148	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
15:17:54.0247 12148	Winmgmt - ok
15:17:54.0355 12148	WinRM           (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
15:17:54.0409 12148	WinRM - ok
15:17:54.0534 12148	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
15:17:54.0594 12148	WinUsb - ok
15:17:54.0657 12148	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
15:17:54.0701 12148	Wlansvc - ok
15:17:54.0763 12148	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:17:54.0790 12148	wlcrasvc - ok
15:17:54.0928 12148	wlidsvc         (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:17:54.0972 12148	wlidsvc - ok
15:17:55.0081 12148	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
15:17:55.0110 12148	WmiAcpi - ok
15:17:55.0161 12148	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
15:17:55.0196 12148	wmiApSrv - ok
15:17:55.0241 12148	WMPNetworkSvc - ok
15:17:55.0290 12148	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
15:17:55.0302 12148	WPCSvc - ok
15:17:55.0319 12148	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
15:17:55.0334 12148	WPDBusEnum - ok
15:17:55.0359 12148	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
15:17:55.0388 12148	ws2ifsl - ok
15:17:55.0398 12148	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
15:17:55.0434 12148	wscsvc - ok
15:17:55.0437 12148	WSearch - ok
15:17:55.0555 12148	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
15:17:55.0629 12148	wuauserv - ok
15:17:55.0728 12148	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
15:17:55.0781 12148	WudfPf - ok
15:17:55.0810 12148	WUDFRd          (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
15:17:55.0872 12148	WUDFRd - ok
15:17:55.0901 12148	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
15:17:55.0934 12148	wudfsvc - ok
15:17:55.0960 12148	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
15:17:56.0006 12148	WwanSvc - ok
15:17:56.0041 12148	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
15:17:56.0944 12148	\Device\Harddisk0\DR0 - ok
15:17:56.0955 12148	MBR (0x1B8)     (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk2\DR2
15:17:58.0555 12148	\Device\Harddisk2\DR2 - ok
15:17:58.0595 12148	Boot (0x1200)   (17e6064b18aa88ed8319b3238fe06a25) \Device\Harddisk0\DR0\Partition0
15:17:58.0598 12148	\Device\Harddisk0\DR0\Partition0 - ok
15:17:58.0611 12148	Boot (0x1200)   (bb466bb716b7e27640db25132c4819c9) \Device\Harddisk0\DR0\Partition1
15:17:58.0614 12148	\Device\Harddisk0\DR0\Partition1 - ok
15:17:58.0620 12148	Boot (0x1200)   (af27ae8c542f01c43a90321c7485d70b) \Device\Harddisk2\DR2\Partition0
15:17:58.0622 12148	\Device\Harddisk2\DR2\Partition0 - ok
15:17:58.0633 12148	============================================================
15:17:58.0633 12148	Scan finished
15:17:58.0633 12148	============================================================
15:17:58.0648 12088	Detected object count: 2
15:17:58.0648 12088	Actual detected object count: 2
15:18:14.0275 12088	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:14.0275 12088	Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:18:14.0275 12088	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
15:18:14.0276 12088	Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
15:19:13.0306 10804	Deinitialize success

cosinus · 31.05.2012, 14:30

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

annamariawie · 31.05.2012, 15:48

Code:

ATTFilter

ComboFix 12-05-31.02 - AnnaMariaWiegele 31.05.2012  15:58:26.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.43.1031.18.4003.2196 [GMT 2:00]
ausgeführt von:: c:\users\AnnaMariaWiegele\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-28 bis 2012-05-31  ))))))))))))))))))))))))))))))
.
.
2012-05-31 14:10 . 2012-05-31 14:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-31 14:06 . 2012-05-31 14:06	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3899E0A6-2FAE-40F4-982C-96F05B12926E}\offreg.dll
2012-05-31 10:12 . 2012-05-31 10:12	--------	d-----w-	C:\_OTL
2012-05-29 15:34 . 2012-05-29 15:34	--------	d-----w-	c:\program files (x86)\ESET
2012-05-29 14:47 . 2012-05-08 17:02	8955792	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{3899E0A6-2FAE-40F4-982C-96F05B12926E}\mpengine.dll
2012-05-21 19:37 . 2012-05-21 19:37	476960	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-18 20:21 . 2012-05-18 20:22	--------	d-----w-	C:\Temp
2012-05-18 20:01 . 2012-05-18 20:01	--------	d-----w-	c:\users\AnnaMariaWiegele\AppData\Roaming\Malwarebytes
2012-05-18 20:01 . 2012-05-18 20:01	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-18 20:01 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-05-18 20:01 . 2012-05-18 20:01	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-15 11:19 . 2012-05-21 19:22	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-11 10:31 . 2012-05-11 10:32	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-05-11 10:31 . 2012-05-11 10:31	157352	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-11 10:31 . 2012-05-11 10:31	129976	----a-w-	c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-05 11:47 . 2012-05-05 11:47	8744608	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-21 19:37 . 2011-09-22 11:45	472864	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-05 11:47 . 2012-04-20 07:35	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-05 11:47 . 2012-01-21 16:19	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-07 00:15 . 2011-09-22 11:38	41184	----a-w-	c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-09-22 11:38	201352	----a-w-	c:\windows\SysWow64\aswBoot.exe
2012-03-07 00:15 . 2011-09-22 11:39	258520	----a-w-	c:\windows\system32\aswBoot.exe
2012-03-07 00:04 . 2011-09-22 11:39	819032	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:04 . 2011-09-22 11:39	337240	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-03-04 12:55	53080	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-09-22 11:39	59224	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-09-22 11:39	69976	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-09-22 11:39	24408	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HW_OPENEYE_OUC_tele.ring Verbindungsmanager"="c:\program files (x86)\tele.ring Verbindungsmanager\UpdateDog\ouc.exe" [2009-06-23 110592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-12 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
"NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2011-04-29 75064]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"DataCardMonitor"="c:\program files (x86)\tele.ring Verbindungsmanager\DataCardMonitor.exe" [2012-01-05 253952]
"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2010-11-03 1298496]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 136176]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [x]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-11 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-11-03 897088]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2009-12-09 1394504]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 77512563
*Deregistered* - 77512563
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 11:47]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 09:18]
.
2012-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-27 09:18]
.
2012-05-30 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
2012-05-31 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-12-14 04:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15	135408	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-10 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-10 391512]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-10 415064]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-21 3666800]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2010-11-03 10228224]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
IE: Free YouTube to MP3 Converter - c:\users\AnnaMariaWiegele\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
FF - ProfilePath - c:\users\AnnaMariaWiegele\AppData\Roaming\Mozilla\Firefox\Profiles\cs14twu0.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-05-31  16:35:49
ComboFix-quarantined-files.txt  2012-05-31 14:35
.
Vor Suchlauf: 13 Verzeichnis(se), 570.289.192.960 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 570.171.072.512 Bytes frei
.
- - End Of File - - BA4C1E648C0B6B9B443D89277AD9B7AB

cosinus · 31.05.2012, 18:33

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

annamariawie · 01.06.2012, 06:44

Wenn ich das Programm mit Administrator durchführen lassen will kommt die Meldung das es keine zulässige Win32-Anwendung ist!

30.05.2012, 09:42	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Verschlüsselungs Tojaner Windows 7 64 bit Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? __________________ Logfiles bitte immer in CODE-Tags posten

Verschlüsselungs Tojaner Windows 7 64 bit

Plagegeister aller Art und deren Bekämpfung: Verschlüsselungs Tojaner Windows 7 64 bit