Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein

mirres · 29.05.2012, 11:35

Hallo zusammen,

habe nun Google mehrfach herangezogen und auch bei euch gesucht, allerdings noch mit keinem Mittel ans Ziel gekommen.

Vielleicht erst einmal zu meinem Problem:

Seit ein paar Tagen habe ich im Firefox wie auch IE Werbung die sich unten rechts öffnet. Diese schiebt sich von unten in den Browser. Ich kann auf das x klicken dann verschwindet sie, kommt aber bei jedem neuen Tab oder Fenster wieder. Manchmal ist es auch eine Flashanimation (zum besseren Verstänbdnis habe ich mal 2 Screenshots beigefügt).

Das komische ist, auf vielen Seiten kommt diese Werbung, aber auf einigen eben nicht (in 70% der Fälle ist sie aber da). Abunzu gibt es auch eine falshe Link weiterleitung auf Werbepages wie z.B. Dailydeal.

Ich habe schon einiges versucht. Virenscanner (hat auch mal was gefunden und angeblich behoben), aber immer noch das Problem da.

1. Microsoft Security Essentials - vollständiger Scan - Viern Fund auch mal als Sceenshot beigefügt
2. Antivir - vollständiger Scan
3. Spybot Serach and Detroy - vollständiger Scan
4. Malwarebytes - vollständiger Scan (gerade erst durchgelaufen).
5. OTL
Logs sahen wie folgt aus:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org
 
Datenbank Version: v2012.05.29.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
rlucas :: BLN-WNB-02 [Administrator]
 
Schutz: Aktiviert
 
29.05.2012 09:42:56
mbam-log-2012-05-29 (11-29-56).txt
 
Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 452049
Laufzeit: 58 Minute(n), 49 Sekunde(n)
 
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Regedit32 (Trojan.Agent) -> Daten: C:\Windows\system32\regedit.exe -> Keine Aktion durchgeführt.
 
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien: 1
C:\Windows\System32\regedit.exe (Trojan.Agent) -> Keine Aktion durchgeführt.
 
(Ende)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 29.05.2012 12:25:48 - Run 1
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\rlucas\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,78 Gb Available Physical Memory | 73,37% Memory free
15,77 Gb Paging File | 13,57 Gb Available in Paging File | 86,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 13,36 Gb Free Space | 13,70% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 22,99 Gb Free Space | 11,47% Space Free | Partition Type: NTFS
 
Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.18 11:56:22 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.20 22:28:32 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011.08.22 08:36:20 | 000,640,512 | ---- | M] (Socialbit UG) -- C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.04.19 14:50:38 | 001,710,664 | ---- | M] (Elgato Systems) -- C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe
PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.16 09:31:54 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe
MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe
MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll
MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll
MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll
MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll
MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll
MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll
MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll
MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll
MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll
MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll
MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll
MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll
MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll
MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll
MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll
MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll
MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll
MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll
MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll
MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll
MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless  HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKCU\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_ptnrs=%5EABT&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A&apn_dtid=%5EYYYYYY%5EYY%5EDE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
 
[2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions
[2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions
[2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml
[2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml
[2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml
[2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
 
O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKCU..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.25 13:35:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.25 09:58:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics
[2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView
[2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails
[2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.04.30 09:10:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.29 12:12:27 | 000,398,310 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg
[2012.05.29 12:10:32 | 000,393,723 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:36:02 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.29 11:36:02 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.29 11:36:02 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.29 11:36:02 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.29 11:36:02 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.29 11:31:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk
[2012.05.25 15:43:31 | 000,000,818 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties
[2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.25 09:59:10 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
 
========== Files Created - No Company Name ==========
 
[2012.05.29 12:12:25 | 000,398,310 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt1.jpg
[2012.05.29 12:10:26 | 000,393,723 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt.jpg
[2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.25 09:59:10 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd
[2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini
[2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf
[2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml
[2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== LOP Check ==========
 
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2012.05.29 11:33:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.05.29 12:27:11 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
[2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >

--- --- ---
kann jemand von euch was damit anfangen oder mir weiterhelfen...ist super nervig und ich würde ungern neuinstallieren müssen

cosinus · 30.05.2012, 21:19

Zitat:

Keine Aktion durchgeführt.
-> No action taken.

Die Funde müssen mit Malwarebytes entfernt waren! Bitte nachholen falls noch nicht getan!

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

mirres · 31.05.2012, 10:03

Hallo cosinus,

vielen Dank für deine Antwort. Ich glaube das ich die Funde auch direkt entfernt hatte (sie stehen zumindest nun in der Quarantäne Liste). Soll ich sie dort nochmals löschen?

Ich hatte Maleware vorher nicht auf dem Rechner. Ich hab es im Nachgang noch laufen lassen, dann kamen keine Funde. Bruchst du das Log?

Leider ist die Werbung immer noch da.

cosinus · 31.05.2012, 10:22

Nien, lass die Quarantäne in Ruhe! Voreilig endgültig entfernen ist immer eine schlechte Idee!

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

mirres · 31.05.2012, 18:38

Hallo Arne,

hat lange gedauert aber nun das Log (sind auch 2 Sachen gefunden worden

)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=60294abe6b497d4f9a633fcc16781d37
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-31 11:16:11
# local_time=2012-05-31 01:16:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 526501 526501 0 0
# compatibility_mode=5893 16776574 100 94 26187337 90089037 0 0
# compatibility_mode=8192 67108863 100 0 128 128 0 0
# scanned=218727
# found=2
# cleaned=0
# scan_time=3784
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\operating\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H8Y9JEG7\pdfforgeToolbar[1].msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I

cosinus · 31.05.2012, 19:40

Das nur Toolbar-Müll

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

mirres · 01.06.2012, 09:22

Guten Morgen Arne,

soweit ich das beurteilen kann, läuft Windows ganz normal. Einträge sind auch nicht verschwunden.

Im übrigen nochmals danke das du dir hier die Zeit nmimmst, ist nicht selbstverständlich!

Viele Grüße
Robin

cosinus · 01.06.2012, 13:54

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

mirres · 01.06.2012, 14:37

Hallo Arne,

meinst du wirklich alles im Code, oder nur die Logs:

Hier der von OTL:

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.06.2012 15:26:01 - Run 2
OTL by OldTimer - Version 3.2.44.0     Folder = C:\Users\rlucas\Downloads
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,88 Gb Total Physical Memory | 5,55 Gb Available Physical Memory | 70,43% Memory free
15,77 Gb Paging File | 13,40 Gb Available in Paging File | 84,97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 13,50 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive D: | 200,43 Gb Total Space | 22,91 Gb Free Space | 11,43% Space Free | Partition Type: NTFS
 
Computer Name: BLN-WNB-02 | User Name: rlucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2012.05.29 12:23:59 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\rlucas\Downloads\OTL.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012.02.23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.15 11:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.12.28 13:40:48 | 006,148,096 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files (x86)\Free Download Manager\fdm.exe
PRC - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.12.02 12:53:24 | 000,353,744 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe
PRC - [2011.12.02 12:45:18 | 000,622,544 | ---- | M] (Plantronics, Inc.) -- C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
PRC - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
PRC - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2010.11.11 13:31:36 | 000,064,112 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
PRC - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2010.05.21 14:40:24 | 001,406,320 | ---- | M] (Flexera Software, Inc.) -- C:\ProgramData\FLEXnet\Connect\11\agent.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.03.29 16:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) -- C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.16 09:31:11 | 000,342,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsURE\312e23deb529c2b6fb41935b2afba9b0\PlantronicsURE.ni.exe
MOD - [2012.05.16 09:31:10 | 000,128,512 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PlantronicsBatteryS#\63fd0f5cc88e2f5aebbe35b5ee43f23f\PlantronicsBatteryStatus.ni.exe
MOD - [2012.05.16 09:31:09 | 000,041,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Webe#\bc979207d3b5b1ea0511636718a90ce7\Plantronics.UC.WebexConnect.ni.dll
MOD - [2012.05.16 09:31:09 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Wind#\ecfa8b400750f83443c404e205299a94\Plantronics.UC.WindowsMediaPlayer.ni.dll
MOD - [2012.05.16 09:31:08 | 000,127,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Skype\2b98bb96300e389e9eaeee35239594a1\Plantronics.UC.Skype.ni.dll
MOD - [2012.05.16 09:31:08 | 000,111,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Sess#\325141408c6dd33c6ffbd7320c7ffce2\Plantronics.UC.SessionService.ni.dll
MOD - [2012.05.16 09:31:08 | 000,018,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Shor#\d1e500c50a270df57c69d96400bc9725\Plantronics.UC.ShoreTel.ni.dll
MOD - [2012.05.16 09:31:07 | 000,154,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Offi#\78f719167e34cf34abb56362df448095\Plantronics.UC.OfficeCommunicator.ni.dll
MOD - [2012.05.16 09:31:07 | 000,037,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.iTun#\de988d029762f7a176f1eea0f81f40ac\Plantronics.UC.iTunes.ni.dll
MOD - [2012.05.16 09:30:51 | 000,731,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSFC#\cf287130b24c4b3346652766b6c87ac4\Plantronics.UC.CSFClient.ni.dll
MOD - [2012.05.16 09:30:51 | 000,135,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.CSF\2c8dd947326f5d780af15c6c9b2ffa4f\Plantronics.UC.CSF.ni.dll
MOD - [2012.05.16 09:30:50 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.TAPI\172886c0fc7603d8421d1fd5a8f2650d\Plantronics.UC.TAPI.ni.dll
MOD - [2012.05.16 09:30:50 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Cisco\7ce0d8046fad3303e7d7f1f8ac267187\Plantronics.UC.Cisco.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\1a7494fabd697a457622bd3ec27c9c98\Plantronics.UC.AvayaSoftphone.ni.dll
MOD - [2012.05.16 09:30:50 | 000,015,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avay#\f35491b4b89ca404b55906e2b0f82558\Plantronics.UC.AvayaIPAgent.ni.dll
MOD - [2012.05.16 09:30:48 | 000,329,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Comm#\b4d0616056ac4d2663ea5bb2329197f6\Plantronics.UC.Common.ni.dll
MOD - [2012.05.16 09:30:48 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.UC.Avaya\357fa9a8ed8ac719cea68bee9b586520\Plantronics.UC.Avaya.ni.dll
MOD - [2012.05.16 09:30:47 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\3ef4ac9a717349ebb567d59be738ed2c\Plantronics.License.Manager.ni.dll
MOD - [2012.05.16 09:30:47 | 000,076,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.FlexNet#\e0d3659b05e463b586806734da3ccd7a\Plantronics.FlexNet.Adapter.ni.dll
MOD - [2012.05.16 09:30:47 | 000,056,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.License#\fb8be9a10ba1c8b60e12c81b5dd6d191\Plantronics.License.Common.ni.dll
MOD - [2012.05.16 09:30:46 | 000,488,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\ce19c3c9209479f0d31e9d4559cc1205\Plantronics.Globalization.ni.dll
MOD - [2012.05.16 09:30:46 | 000,111,104 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\5817b51860e6daf4e86732185bddba71\Plantronics.Device.Hid.ni.dll
MOD - [2012.05.16 09:30:45 | 000,558,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Device.#\d7d385336e1f5c09d0a0936a0a1ee9e7\Plantronics.Device.Common.ni.dll
MOD - [2012.05.16 09:30:44 | 000,521,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Utility\a73af6f1ec8830aa380fd925e31644c9\Plantronics.Utility.ni.dll
MOD - [2012.05.16 09:30:43 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.16 09:30:42 | 000,696,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\log4net\0a775a09b5828533e63fd9b7d94167d9\log4net.ni.dll
MOD - [2012.05.16 09:30:42 | 000,035,328 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Config\cc196aeb7ade0d9d980a93c6221222b1\Plantronics.Config.ni.dll
MOD - [2012.05.16 09:30:40 | 000,414,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.SKYPE4COMLib\b0ce5b6a51de584cb69af311a50ad654\Interop.SKYPE4COMLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,214,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.FNCClient11#\10af7f1bdd86222ae7779bf1092a6cda\Interop.FNCClient11Lib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,176,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.iTunesLib\2d0cc57e36cb38ed534c50240b40b9b3\Interop.iTunesLib.ni.dll
MOD - [2012.05.16 09:30:40 | 000,144,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.Communicato#\a4ed99a072e3e58346df9dcff7e672be\Interop.CommunicatorAPI.ni.dll
MOD - [2012.05.16 09:30:39 | 000,056,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Interop.CiscoInterf#\8513c39ee5a5642bde30a92e5e2d5e1a\Interop.CiscoInterface.ni.dll
MOD - [2012.05.16 09:30:38 | 000,050,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Plantronics.Globali#\04893a3420e3d650aa361592f1aac3a2\Plantronics.Globalization.resources.ni.dll
MOD - [2012.05.16 09:30:37 | 000,440,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Atapi\60187c40d85d22ea02ca02d666d3283e\Atapi.ni.dll
MOD - [2012.05.16 09:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.16 09:28:30 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.16 09:28:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.16 09:28:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.16 09:28:15 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.16 09:28:12 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.12.28 14:13:24 | 003,522,048 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmbtsupp.dll
MOD - [2011.12.28 12:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.11 13:31:14 | 000,068,720 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\zlib1.dll
MOD - [2010.11.11 13:31:00 | 000,970,352 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.02.21 20:14:02 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2010.11.20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.12.14 13:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.06.17 09:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.03.09 11:41:10 | 000,491,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe -- (WDSC)
SRV - [2011.03.09 11:41:08 | 001,066,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe -- (WDFME)
SRV - [2011.03.09 11:10:40 | 000,288,768 | ---- | M] (WDC) [Auto | Running] -- C:\Programme\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2011.02.21 20:14:00 | 000,275,968 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Programme\IDT\WDM\stacsv64.exe -- (STacSV)
SRV - [2011.02.21 20:13:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Programme\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011.01.06 12:37:26 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe -- (EMP_UDSA)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.11.11 13:31:54 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2010.11.11 13:31:50 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2010.11.11 13:30:44 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2010.11.11 12:31:44 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2010.10.26 23:24:36 | 000,403,536 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Programme\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV - [2010.08.19 13:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.07 14:23:13 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.04.30 13:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.04.30 13:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.04.30 13:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.04.30 13:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.04.13 15:04:38 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011.03.26 01:17:50 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.21 20:14:24 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.02.21 20:14:12 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) ___ Intel(R)
DRV:64bit: - [2011.02.21 20:14:10 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2011.02.21 20:14:08 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011.02.21 20:14:08 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2011.02.21 20:14:06 | 000,276,008 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys -- (WwanUsbServ)
DRV:64bit: - [2011.02.21 20:14:06 | 000,030,248 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwussf64.sys -- (ecnssndisfltr)
DRV:64bit: - [2011.02.21 20:14:06 | 000,026,664 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wwuss64.sys -- (ecnssndis)
DRV:64bit: - [2011.02.21 20:14:04 | 000,472,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys -- (Mbm3Mdm)
DRV:64bit: - [2011.02.21 20:14:04 | 000,419,912 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys -- (Mbm3DevMt) Dell Wireless  HSPA Mini-Card Device Management Driver (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,411,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3CBus.sys -- (Mbm3CBus) Dell Wireless 5550 HSPA+ Mini-Card Device (WDM)
DRV:64bit: - [2011.02.21 20:14:04 | 000,101,416 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554gps64.sys -- (d554gps)
DRV:64bit: - [2011.02.21 20:14:04 | 000,061,992 | ---- | M] (Ericsson AB) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\d554scard.sys -- (d554scard)
DRV:64bit: - [2011.02.21 20:14:04 | 000,019,528 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys -- (Mbm3mdfl)
DRV:64bit: - [2011.02.21 20:14:02 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011.02.21 20:14:02 | 000,075,240 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2011.02.21 20:14:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.02.21 20:13:58 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2011.02.16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.01.06 12:37:26 | 000,023,040 | ---- | M] (SEIKO EPSON CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EMP_UDAU.sys -- (eppvad_simple)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.11 13:32:32 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2010.11.11 13:32:32 | 000,030,832 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\VMparport.sys -- (VMparport)
DRV:64bit: - [2010.11.11 13:32:20 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2010.11.11 13:30:34 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2010.11.11 13:30:18 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2010.11.11 12:31:32 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2010.11.11 10:04:52 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2010.11.11 10:04:52 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2010.11.11 10:04:52 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2010.08.20 11:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007.07.12 21:38:10 | 000,042,016 | ---- | M] (TerraTec Electronic GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TTCinergyT2BDA.sys -- (TTCinergyT2) TerraTec Cinergy T² (BDA)
DRV - [2010.08.19 13:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchqu.com/417
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = hxxp://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.08.23 18:28:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Users\rlucas\AppData\Local\Mozilla Firefox\components [2012.04.26 20:50:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Users\rlucas\AppData\Local\Mozilla Firefox\plugins [2012.05.24 11:31:16 | 000,000,000 | ---D | M]
 
[2012.03.28 10:57:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Extensions
[2012.05.25 15:32:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\rlucas\AppData\Roaming\mozilla\Firefox\Profiles\i9vsafrd.default\extensions
[2012.05.25 09:58:45 | 000,002,344 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\askcom.xml
[2012.05.22 09:39:04 | 000,001,210 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\search.xml
[2012.03.27 09:50:29 | 000,002,520 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Mozilla\Firefox\Profiles\i9vsafrd.default\searchplugins\SearchResults.xml
[2011.08.16 19:57:07 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\RLUCAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I9VSAFRD.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
 
O1 HOSTS File: ([2012.05.23 09:44:10 | 000,001,392 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 69.10.57.36 www.google-analytics.com.
O1 - Hosts: 69.10.57.36 ad-emea.doubleclick.net.
O1 - Hosts: 69.10.57.36 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EPSON_UD_START] C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PlantronicsBatteryStatus.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [PlantronicsURE.exe] C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe (Plantronics, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files (x86)\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Remote Control Editor] C:\Program Files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe (Elgato Systems)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [Socialbit_Winamp_Server] C:\Program Files (x86)\WifiAmp\WifiAmp Server.exe (Socialbit UG)
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\operating\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK = C:\Program Files (x86)\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
O4 - Startup: C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000021 - C:\Program Files (x86)\VMware\VMware Player\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hansalog.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95E96912-D8FD-4B02-8A1D-32D1ED46DB7F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6CA5BA3-89CB-48C5-8A5E-9EA0B75F4646}: DhcpNameServer = 192.168.30.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFD0A5B9-2307-454B-B15B-16AD85229DA4}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB2B7E7A-4CBC-48CF-9F4B-DC2C9752F7EC}: DhcpNameServer = 10.2.10.221 10.2.10.222
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - C:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.VMnc - vmnc.dll (VMware, Inc.)
Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.01 14:16:01 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\bilder nb 2 1 og
[2012.05.31 12:10:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.29 09:41:30 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2012.05.29 09:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.29 09:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.29 09:41:08 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.29 09:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.25 15:42:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.05.25 13:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.05.25 13:25:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012.05.25 10:04:03 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.05.25 09:59:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.05.25 09:58:07 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.05.25 09:58:07 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.05.25 09:58:07 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.05.25 09:58:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.05.24 15:06:32 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Local\ElevatedDiagnostics
[2012.05.20 12:56:59 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.05.16 22:13:40 | 000,000,000 | ---D | C] -- C:\Users\rlucas\AppData\Roaming\XnView
[2012.05.16 22:13:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2012.05.16 22:13:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2012.05.16 09:07:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.16 09:06:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.03 19:51:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TabletPlugins
[2012.05.03 09:57:39 | 000,000,000 | ---D | C] -- C:\Users\rlucas\Desktop\Emails
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.01 08:26:53 | 001,522,268 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.01 08:26:53 | 000,662,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.01 08:26:53 | 000,623,996 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.01 08:26:53 | 000,133,526 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.01 08:26:53 | 000,109,742 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.01 08:23:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.30 09:57:39 | 000,000,816 | ---- | M] () -- C:\Users\rlucas\webtopcookie.properties
[2012.05.29 12:37:19 | 000,070,792 | ---- | M] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:39:08 | 000,017,088 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.29 11:31:07 | 2053,816,319 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.29 09:41:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.29 09:18:59 | 000,001,012 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.05.29 09:18:42 | 000,000,982 | ---- | M] () -- C:\Users\rlucas\Desktop\Dropbox.lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | M] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.24 11:47:36 | 005,923,951 | ---- | M] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.23 09:44:10 | 000,001,392 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.05.22 09:39:04 | 000,000,288 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | M] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:14:33 | 000,000,923 | ---- | M] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.16 09:24:23 | 000,346,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.08 10:19:28 | 000,003,314 | ---- | M] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2012.05.03 09:09:34 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.05.03 09:09:26 | 001,544,790 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== Files Created - No Company Name ==========
 
[2012.05.29 12:37:19 | 000,070,792 | ---- | C] () -- C:\Users\rlucas\Desktop\Unbenannt2.JPG
[2012.05.29 09:41:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.25 13:25:15 | 000,001,262 | ---- | C] () -- C:\Users\rlucas\Desktop\Spybot - Search & Destroy.lnk
[2012.05.24 11:47:05 | 005,923,951 | ---- | C] () -- C:\Users\rlucas\Desktop\XC60 Robin Lucas.pdf
[2012.05.22 09:39:04 | 000,000,288 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
[2012.05.20 12:57:00 | 000,000,032 | ---- | C] () -- C:\Users\rlucas\.simfy
[2012.05.16 22:13:25 | 000,000,923 | ---- | C] () -- C:\Users\rlucas\Desktop\XnView.lnk
[2012.05.08 10:19:27 | 000,003,314 | ---- | C] () -- C:\Users\rlucas\Desktop\Konfektion E Kosten Beispiel.csv
[2011.12.19 11:46:24 | 000,000,600 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\winscp.rnd
[2011.11.04 21:41:47 | 000,000,336 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\burnaware.ini
[2011.10.18 09:49:05 | 000,023,388 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2011.08.27 13:36:23 | 000,007,168 | ---- | C] () -- C:\Users\rlucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.04 10:01:41 | 000,007,059 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\e182323573.prf
[2011.07.04 10:01:37 | 000,000,417 | ---- | C] () -- C:\Users\rlucas\AppData\Roaming\redirect.xml
[2011.06.22 19:34:09 | 000,011,754 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.06.22 10:07:18 | 001,544,790 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.26 01:16:12 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.03.26 01:16:10 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.03.26 01:16:10 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
 
========== LOP Check ==========
 
[2011.06.23 10:12:58 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\Notepad++
[2011.06.22 10:06:25 | 000,000,000 | ---D | M] -- C:\Users\operating\AppData\Roaming\TeamViewer
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
[2009.07.14 07:08:49 | 000,026,334 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.20 12:56:32 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Adobe
[2012.03.19 14:17:55 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Apple Computer
[2012.05.25 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Avira
[2012.01.02 22:24:35 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Bitmart
[2012.03.15 11:09:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\calibre
[2011.11.07 14:24:06 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DAEMON Tools Lite
[2011.08.27 13:36:22 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\DivX
[2012.05.31 11:58:17 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Dropbox
[2012.01.08 01:05:16 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\dvdcss
[2012.03.12 12:06:08 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FLEXnet
[2012.06.01 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Free Download Manager
[2012.03.27 10:56:26 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\FreeScreenToVideo
[2011.12.25 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant
[2012.05.02 10:32:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Hiyc
[2011.06.24 16:45:46 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Identities
[2012.04.10 10:50:56 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\ingentis
[2011.10.10 14:08:31 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\InstallShield
[2011.06.29 16:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\IrfanView
[2011.07.05 13:48:43 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Leadertech
[2012.05.25 13:57:58 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\loadtbs
[2011.07.05 13:41:12 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logishrd
[2011.07.05 13:48:50 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Logitech
[2012.04.21 20:09:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Luvei
[2011.06.29 16:24:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macromedia
[2012.01.13 15:07:07 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Macrovision
[2012.05.29 09:41:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Malwarebytes
[2009.07.14 13:06:42 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Media Center Programs
[2012.04.21 20:09:13 | 000,000,000 | --SD | M] -- C:\Users\rlucas\AppData\Roaming\Microsoft
[2011.06.29 10:03:25 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mozilla
[2011.11.26 13:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Mp3tag
[2011.09.15 13:18:51 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Notepad++
[2012.01.27 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\pdfforge
[2012.05.20 12:56:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Simfy
[2012.06.01 15:25:57 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Skype
[2012.04.10 13:43:01 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TeamViewer
[2011.07.03 16:13:30 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\TerraTec
[2012.02.04 21:44:59 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\vlc
[2012.05.30 09:54:48 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\VMware
[2011.11.07 14:30:04 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Vorlagen für Office 2010
[2012.03.27 10:02:05 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\webex
[2011.06.30 10:13:28 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Winamp
[2011.07.09 21:04:53 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\WinRAR
[2011.11.04 21:31:49 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XMedia Recode
[2012.05.24 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\XnView
[2011.11.16 15:12:18 | 000,000,000 | ---D | M] -- C:\Users\rlucas\AppData\Roaming\Zoner
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.17 02:23:04 | 000,871,664 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxPhotoUpdate.exe
[2012.03.15 00:02:14 | 000,871,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\rlucas\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.12.26 00:24:04 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\AutoRunCE.exe
[2011.12.26 00:24:04 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\2FCA7F6D-CE82-47A5-ACFD-E138027994CE\1\module.exe
[2011.12.26 00:23:17 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\AutoRunCE.exe
[2011.12.26 00:23:57 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\AD9D1FDD-07C4-44C8-A2D7-BB1ADA5CCEF0\1\module.exe
[2011.12.26 00:24:03 | 000,055,296 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\AutoRunCE.exe
[2011.12.26 00:24:03 | 000,083,456 | ---- | M] () -- C:\Users\rlucas\AppData\Roaming\GoPal Assistant\Library\F61B692E-3F66-4859-AA1B-74791C02F677\1\module.exe
[2012.03.07 13:45:24 | 001,242,112 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\uninstall.exe
[2012.02.09 12:05:06 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\rlucas\AppData\Roaming\loadtbs\ytdl.exe
[2011.08.02 15:20:57 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\rlucas\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2012.02.28 03:27:13 | 009,705,984 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< End of report >

--- --- ---

[/CODE]

cosinus · 01.06.2012, 14:57

Selbstverständlich sollen nur die Logs in CODE-Tags! So stehst doch auch in meinem Beispiel! Wäre etwas sinnfrei auch den normalen Text bzw. das was du mit mitteilen willst in CODE-Tags postest - man will ja die Logs vom Fließtext abgrenzen

mirres · 04.06.2012, 09:34

Hallo Arne,

hast du denn sonst noch eine Idee? Leider sind die Werbebanner immer noch da.

Viele Grüße
Robin

cosinus · 04.06.2012, 15:25

Sry hab deinen Strang übersehen

Zitat:

O2 - BHO: (DivX Plus Web Player HTML5 <video>)

Sagmal gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
Gerade solche Streamingseiten sind für die aktuelle Welle der Erpresserschädlinge verantwortlich, die Windows blockieren und 50 oder 100 EUR erpressen wollen!!

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/417
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F3 C1 47 E6 A4 35 CC 01  [binary data]
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=fcbe7d08-3269-4963-be8a-04ac57386f01&apn_sauid=030B9408-5E39-4D79-862B-998365B74C7A
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}: "URL" = http://www.searchqu.com/web?src=ieb&appid=0&systemid=417&sr=0&q={searchTerms}
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..keyword.URL: "http://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q="
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WIA6EB~1\Datamngr\ToolBar\searchqudtx.dll File not found
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKU\S-1-5-21-2618102791-1476712174-1689177938-1003..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell - "" = AutoRun
O33 - MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell - "" = AutoRun
O33 - MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\Shell\AutoRun\command - "" = F:\EMP_UDSe.exe /autorun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell - "" = AutoRun
O33 - MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell - "" = AutoRun
O33 - MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
:Files
C:\Users\rlucas\AppData\Roaming\C7449C3C.reg
:\Users\rlucas\AppData\Roaming\loadtbs
C:\PROGRA~2\WIA6EB~1
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

mirres · 05.06.2012, 08:54

Hallo Arne,

es scheint wohl geklappt zu haben :-))))

hier noch das Log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-2618102791-1476712174-1689177938-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C33D6CF-1064-45BA-AF59-9D8ECCDFD061}\ not found.
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E636E19-1CCB-4E5C-A688-310FF3574B77}\ not found.
Registry key HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2417}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "hxxp://www.searchqu.com/web?src=ffb&appid=0&systemid=417&sr=0&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}\ deleted successfully.
C:\Program Files (x86)\Free Download Manager\iefdm2.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2618102791-1476712174-1689177938-1003\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02a61f4c-bf7f-11e0-b61b-028037ec0200}\ not found.
File F:\StartVMCLite.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0edb43d8-4b21-11e1-be90-d933fb9bdf4e}\ not found.
File F:\EMP_UDSe.exe /autorun not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{704bd97e-436e-11e1-b3e9-90004eee4512}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f20d0d37-bc0e-11e0-aec7-f0bc0cbab098}\ not found.
File F:\unlock.exe autoplay=true not found.
========== FILES ==========
C:\Users\rlucas\AppData\Roaming\C7449C3C.reg moved successfully.
Error: Unable to interpret <:\Users\rlucas\AppData\Roaming\loadtbs> in the current context!
Error: Unable to interpret <C:\PROGRA~2\WIA6EB~1> in the current context!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: administrator
->Temp folder emptied: 386 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: operating
->Temp folder emptied: 52219120 bytes
->Temporary Internet Files folder emptied: 39951431 bytes
 
User: Public
 
User: rlucas
->Temp folder emptied: 13927342 bytes
->Temporary Internet Files folder emptied: 401393551 bytes
->Java cache emptied: 59149222 bytes
->FireFox cache emptied: 271260325 bytes
->Flash cache emptied: 89303 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 258938 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
RecycleBin emptied: 2302240901 bytes
 
Total Files Cleaned = 2.995,00 mb
 
 
[EMPTYFLASH]
 
User: administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: operating
 
User: Public
 
User: rlucas
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.44.0 log created on 06052012_094612

Files\Folders moved on Reboot...
C:\Users\rlucas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-1276.log moved successfully.

Registry entries deleted on Reboot...

Kannst du mir noch kurz sagen, was du eigentlich gemacht hast, bzw. was OTL gemacht hat?

Vielen, vielen lieben Dank für deine tolle Hilfe!
Gruß
Robin

cosinus · 05.06.2012, 10:26

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

mirres · 06.06.2012, 15:19

Hallo Arne,

anbei das Log:

Code:

ATTFilter

16:14:01.0805 2136	TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31
16:14:02.0181 2136	============================================================
16:14:02.0181 2136	Current date / time: 2012/06/06 16:14:02.0181
16:14:02.0181 2136	SystemInfo:
16:14:02.0181 2136	
16:14:02.0181 2136	OS Version: 6.1.7601 ServicePack: 1.0
16:14:02.0181 2136	Product type: Workstation
16:14:02.0182 2136	ComputerName: BLN-WNB-02
16:14:02.0182 2136	UserName: rlucas
16:14:02.0182 2136	Windows directory: C:\Windows
16:14:02.0182 2136	System windows directory: C:\Windows
16:14:02.0182 2136	Running under WOW64
16:14:02.0182 2136	Processor architecture: Intel x64
16:14:02.0182 2136	Number of processors: 4
16:14:02.0182 2136	Page size: 0x1000
16:14:02.0182 2136	Boot type: Normal boot
16:14:02.0182 2136	============================================================
16:14:03.0588 2136	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:14:03.0638 2136	============================================================
16:14:03.0638 2136	\Device\Harddisk0\DR0:
16:14:03.0639 2136	MBR partitions:
16:14:03.0639 2136	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
16:14:03.0639 2136	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31E000
16:14:03.0639 2136	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350800, BlocksNum 0x190DD800
16:14:03.0639 2136	============================================================
16:14:03.0680 2136	C: <-> \Device\Harddisk0\DR0\Partition1
16:14:03.0761 2136	D: <-> \Device\Harddisk0\DR0\Partition2
16:14:03.0762 2136	============================================================
16:14:03.0762 2136	Initialize success
16:14:03.0762 2136	============================================================
16:14:07.0427 5276	============================================================
16:14:07.0427 5276	Scan started
16:14:07.0427 5276	Mode: Manual; 
16:14:07.0427 5276	============================================================
16:14:08.0218 5276	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:14:08.0229 5276	1394ohci - ok
16:14:08.0264 5276	Acceler         (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:14:08.0265 5276	Acceler - ok
16:14:08.0293 5276	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:14:08.0298 5276	ACPI - ok
16:14:08.0397 5276	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:14:08.0398 5276	AcpiPmi - ok
16:14:08.0567 5276	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:14:08.0573 5276	AdobeARMservice - ok
16:14:08.0644 5276	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:14:08.0677 5276	adp94xx - ok
16:14:08.0738 5276	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:14:08.0744 5276	adpahci - ok
16:14:08.0771 5276	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:14:08.0775 5276	adpu320 - ok
16:14:08.0805 5276	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:14:08.0806 5276	AeLookupSvc - ok
16:14:08.0890 5276	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:14:08.0891 5276	AESTFilters - ok
16:14:08.0972 5276	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:14:08.0979 5276	AFD - ok
16:14:09.0027 5276	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:14:09.0028 5276	agp440 - ok
16:14:09.0047 5276	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:14:09.0049 5276	ALG - ok
16:14:09.0074 5276	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:14:09.0075 5276	aliide - ok
16:14:09.0079 5276	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:14:09.0080 5276	amdide - ok
16:14:09.0114 5276	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:14:09.0115 5276	AmdK8 - ok
16:14:09.0126 5276	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:14:09.0128 5276	AmdPPM - ok
16:14:09.0191 5276	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:14:09.0193 5276	amdsata - ok
16:14:09.0233 5276	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:14:09.0238 5276	amdsbs - ok
16:14:09.0273 5276	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:14:09.0274 5276	amdxata - ok
16:14:09.0409 5276	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:14:09.0412 5276	AntiVirSchedulerService - ok
16:14:09.0465 5276	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:14:09.0466 5276	AntiVirService - ok
16:14:09.0523 5276	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:14:09.0531 5276	AntiVirWebService - ok
16:14:09.0593 5276	ApfiltrService  (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:14:09.0599 5276	ApfiltrService - ok
16:14:09.0646 5276	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:14:09.0647 5276	AppID - ok
16:14:09.0667 5276	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:14:09.0669 5276	AppIDSvc - ok
16:14:09.0706 5276	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:14:09.0708 5276	Appinfo - ok
16:14:09.0842 5276	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:14:09.0843 5276	Apple Mobile Device - ok
16:14:09.0884 5276	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:14:09.0896 5276	AppMgmt - ok
16:14:09.0927 5276	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:14:09.0929 5276	arc - ok
16:14:09.0948 5276	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:14:09.0950 5276	arcsas - ok
16:14:09.0978 5276	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:14:09.0979 5276	AsyncMac - ok
16:14:10.0017 5276	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:14:10.0018 5276	atapi - ok
16:14:10.0113 5276	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:10.0121 5276	AudioEndpointBuilder - ok
16:14:10.0126 5276	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:14:10.0129 5276	AudioSrv - ok
16:14:10.0287 5276	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:14:10.0303 5276	avgntflt - ok
16:14:10.0349 5276	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:14:10.0357 5276	avipbb - ok
16:14:10.0394 5276	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:14:10.0396 5276	avkmgr - ok
16:14:10.0449 5276	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:14:10.0452 5276	AxInstSV - ok
16:14:10.0526 5276	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:14:10.0534 5276	b06bdrv - ok
16:14:10.0588 5276	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:14:10.0638 5276	b57nd60a - ok
16:14:10.0674 5276	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:14:10.0677 5276	BDESVC - ok
16:14:10.0705 5276	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:14:10.0706 5276	Beep - ok
16:14:10.0811 5276	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:14:10.0829 5276	BFE - ok
16:14:10.0892 5276	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:14:10.0923 5276	BITS - ok
16:14:10.0954 5276	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:14:10.0955 5276	blbdrive - ok
16:14:11.0079 5276	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:14:11.0087 5276	Bonjour Service - ok
16:14:11.0136 5276	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:14:11.0138 5276	bowser - ok
16:14:11.0173 5276	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:14:11.0174 5276	BrFiltLo - ok
16:14:11.0182 5276	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:14:11.0183 5276	BrFiltUp - ok
16:14:11.0219 5276	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:14:11.0228 5276	Browser - ok
16:14:11.0246 5276	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:14:11.0250 5276	Brserid - ok
16:14:11.0256 5276	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:14:11.0258 5276	BrSerWdm - ok
16:14:11.0260 5276	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:14:11.0261 5276	BrUsbMdm - ok
16:14:11.0264 5276	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:14:11.0265 5276	BrUsbSer - ok
16:14:11.0321 5276	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:14:11.0322 5276	BthEnum - ok
16:14:11.0329 5276	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:14:11.0331 5276	BTHMODEM - ok
16:14:11.0356 5276	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:14:11.0357 5276	BthPan - ok
16:14:11.0425 5276	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:14:11.0438 5276	BTHPORT - ok
16:14:11.0480 5276	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:14:11.0481 5276	bthserv - ok
16:14:11.0491 5276	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:14:11.0492 5276	BTHUSB - ok
16:14:11.0539 5276	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:14:11.0548 5276	cdfs - ok
16:14:11.0611 5276	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:14:11.0618 5276	cdrom - ok
16:14:11.0668 5276	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:11.0669 5276	CertPropSvc - ok
16:14:11.0689 5276	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:14:11.0691 5276	circlass - ok
16:14:11.0731 5276	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:14:11.0743 5276	CLFS - ok
16:14:11.0810 5276	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:14:11.0812 5276	clr_optimization_v2.0.50727_32 - ok
16:14:11.0853 5276	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:14:11.0855 5276	clr_optimization_v2.0.50727_64 - ok
16:14:11.0954 5276	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:14:11.0955 5276	clr_optimization_v4.0.30319_32 - ok
16:14:11.0989 5276	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:14:11.0990 5276	clr_optimization_v4.0.30319_64 - ok
16:14:12.0015 5276	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:14:12.0016 5276	CmBatt - ok
16:14:12.0051 5276	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:14:12.0053 5276	cmdide - ok
16:14:12.0111 5276	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:14:12.0120 5276	CNG - ok
16:14:12.0141 5276	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:14:12.0142 5276	Compbatt - ok
16:14:12.0197 5276	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:14:12.0198 5276	CompositeBus - ok
16:14:12.0214 5276	COMSysApp - ok
16:14:12.0231 5276	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:14:12.0233 5276	crcdisk - ok
16:14:12.0294 5276	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:14:12.0299 5276	CryptSvc - ok
16:14:12.0362 5276	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:14:12.0377 5276	CSC - ok
16:14:12.0450 5276	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:14:12.0458 5276	CscService - ok
16:14:12.0500 5276	cvusbdrv        (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
16:14:12.0501 5276	cvusbdrv - ok
16:14:12.0532 5276	d554gps         (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys
16:14:12.0534 5276	d554gps - ok
16:14:12.0564 5276	d554scard       (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys
16:14:12.0565 5276	d554scard - ok
16:14:12.0617 5276	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:14:12.0618 5276	dc3d - ok
16:14:12.0688 5276	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:12.0696 5276	DcomLaunch - ok
16:14:12.0753 5276	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:14:12.0796 5276	defragsvc - ok
16:14:12.0841 5276	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:14:12.0844 5276	DfsC - ok
16:14:12.0887 5276	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:14:12.0901 5276	Dhcp - ok
16:14:12.0934 5276	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:14:12.0936 5276	discache - ok
16:14:12.0968 5276	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:14:12.0970 5276	Disk - ok
16:14:13.0015 5276	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:14:13.0028 5276	Dnscache - ok
16:14:13.0086 5276	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:14:13.0095 5276	dot3svc - ok
16:14:13.0136 5276	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:14:13.0143 5276	DPS - ok
16:14:13.0172 5276	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:14:13.0173 5276	drmkaud - ok
16:14:13.0249 5276	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:14:13.0262 5276	dtsoftbus01 - ok
16:14:13.0351 5276	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:14:13.0366 5276	DXGKrnl - ok
16:14:13.0428 5276	e1cexpress      (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
16:14:13.0435 5276	e1cexpress - ok
16:14:13.0468 5276	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:14:13.0476 5276	EapHost - ok
16:14:13.0679 5276	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:14:13.0758 5276	ebdrv - ok
16:14:13.0879 5276	ecnssndis       (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys
16:14:13.0880 5276	ecnssndis - ok
16:14:13.0911 5276	ecnssndisfltr   (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys
16:14:13.0911 5276	ecnssndisfltr - ok
16:14:13.0949 5276	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:14:13.0951 5276	EFS - ok
16:14:14.0051 5276	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:14:14.0064 5276	ehRecvr - ok
16:14:14.0096 5276	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:14:14.0098 5276	ehSched - ok
16:14:14.0159 5276	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:14:14.0190 5276	elxstor - ok
16:14:14.0283 5276	EMP_UDSA        (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
16:14:14.0366 5276	EMP_UDSA - ok
16:14:14.0393 5276	eppvad_simple   (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys
16:14:14.0394 5276	eppvad_simple - ok
16:14:14.0426 5276	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:14:14.0427 5276	ErrDev - ok
16:14:14.0487 5276	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:14:14.0500 5276	EventSystem - ok
16:14:14.0523 5276	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:14:14.0528 5276	exfat - ok
16:14:14.0559 5276	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:14:14.0563 5276	fastfat - ok
16:14:14.0652 5276	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:14:14.0672 5276	Fax - ok
16:14:14.0680 5276	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:14:14.0682 5276	fdc - ok
16:14:14.0709 5276	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:14:14.0710 5276	fdPHost - ok
16:14:14.0719 5276	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:14:14.0721 5276	FDResPub - ok
16:14:14.0732 5276	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:14:14.0733 5276	FileInfo - ok
16:14:14.0749 5276	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:14:14.0751 5276	Filetrace - ok
16:14:14.0755 5276	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:14:14.0756 5276	flpydisk - ok
16:14:14.0812 5276	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:14:14.0821 5276	FltMgr - ok
16:14:14.0919 5276	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:14:14.0955 5276	FontCache - ok
16:14:15.0045 5276	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:14:15.0048 5276	FontCache3.0.0.0 - ok
16:14:15.0124 5276	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:14:15.0125 5276	FsDepends - ok
16:14:15.0166 5276	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:14:15.0167 5276	Fs_Rec - ok
16:14:15.0225 5276	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:14:15.0253 5276	fvevol - ok
16:14:15.0269 5276	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:14:15.0270 5276	gagp30kx - ok
16:14:15.0349 5276	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:14:15.0353 5276	GEARAspiWDM - ok
16:14:15.0439 5276	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:14:15.0452 5276	gpsvc - ok
16:14:15.0489 5276	hcmon           (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
16:14:15.0491 5276	hcmon - ok
16:14:15.0523 5276	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:14:15.0525 5276	hcw85cir - ok
16:14:15.0594 5276	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:14:15.0603 5276	HdAudAddService - ok
16:14:15.0630 5276	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:14:15.0632 5276	HDAudBus - ok
16:14:15.0635 5276	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:14:15.0636 5276	HidBatt - ok
16:14:15.0644 5276	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:14:15.0646 5276	HidBth - ok
16:14:15.0650 5276	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:14:15.0651 5276	HidIr - ok
16:14:15.0680 5276	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:14:15.0681 5276	hidserv - ok
16:14:15.0707 5276	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:14:15.0708 5276	HidUsb - ok
16:14:15.0751 5276	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:14:15.0752 5276	hkmsvc - ok
16:14:15.0807 5276	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:14:15.0823 5276	HomeGroupListener - ok
16:14:15.0873 5276	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:14:15.0886 5276	HomeGroupProvider - ok
16:14:15.0910 5276	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:14:15.0911 5276	HpSAMD - ok
16:14:15.0998 5276	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:14:16.0011 5276	HTTP - ok
16:14:16.0049 5276	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:14:16.0050 5276	hwpolicy - ok
16:14:16.0069 5276	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:14:16.0072 5276	i8042prt - ok
16:14:16.0136 5276	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:14:16.0140 5276	iaStorV - ok
16:14:16.0222 5276	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:14:16.0236 5276	idsvc - ok
16:14:16.0851 5276	igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:14:17.0050 5276	igfx - ok
16:14:17.0202 5276	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:14:17.0205 5276	iirsp - ok
16:14:17.0302 5276	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:14:17.0318 5276	IKEEXT - ok
16:14:17.0379 5276	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:14:17.0387 5276	IntcDAud - ok
16:14:17.0424 5276	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:14:17.0425 5276	intelide - ok
16:14:17.0448 5276	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:14:17.0450 5276	intelppm - ok
16:14:17.0484 5276	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:14:17.0487 5276	IPBusEnum - ok
16:14:17.0521 5276	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:14:17.0523 5276	IpFilterDriver - ok
16:14:17.0594 5276	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:14:17.0602 5276	iphlpsvc - ok
16:14:17.0640 5276	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:14:17.0642 5276	IPMIDRV - ok
16:14:17.0666 5276	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:14:17.0669 5276	IPNAT - ok
16:14:17.0806 5276	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:14:17.0817 5276	iPod Service - ok
16:14:17.0839 5276	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:14:17.0840 5276	IRENUM - ok
16:14:17.0856 5276	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:14:17.0857 5276	isapnp - ok
16:14:17.0901 5276	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:14:17.0910 5276	iScsiPrt - ok
16:14:17.0940 5276	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:14:17.0941 5276	kbdclass - ok
16:14:17.0990 5276	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:14:17.0991 5276	kbdhid - ok
16:14:18.0024 5276	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:18.0025 5276	KeyIso - ok
16:14:18.0041 5276	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:14:18.0043 5276	KSecDD - ok
16:14:18.0062 5276	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:14:18.0068 5276	KSecPkg - ok
16:14:18.0094 5276	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:14:18.0095 5276	ksthunk - ok
16:14:18.0157 5276	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:14:18.0170 5276	KtmRm - ok
16:14:18.0307 5276	L4301_Solar     (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
16:14:18.0312 5276	L4301_Solar - ok
16:14:18.0377 5276	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:14:18.0387 5276	LanmanServer - ok
16:14:18.0426 5276	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:14:18.0435 5276	LanmanWorkstation - ok
16:14:18.0586 5276	LBTServ         (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:14:18.0604 5276	LBTServ - ok
16:14:18.0690 5276	LEqdUsb         (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:14:18.0691 5276	LEqdUsb - ok
16:14:18.0720 5276	LHidEqd         (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:14:18.0721 5276	LHidEqd - ok
16:14:18.0742 5276	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:14:18.0744 5276	LHidFilt - ok
16:14:18.0799 5276	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:14:18.0801 5276	lltdio - ok
16:14:18.0849 5276	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:14:18.0857 5276	lltdsvc - ok
16:14:18.0878 5276	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:14:18.0879 5276	lmhosts - ok
16:14:18.0914 5276	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:14:18.0915 5276	LMouFilt - ok
16:14:18.0959 5276	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:14:18.0960 5276	LSI_FC - ok
16:14:18.0977 5276	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:14:18.0979 5276	LSI_SAS - ok
16:14:18.0998 5276	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:14:18.0999 5276	LSI_SAS2 - ok
16:14:19.0022 5276	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:14:19.0024 5276	LSI_SCSI - ok
16:14:19.0053 5276	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:14:19.0055 5276	luafv - ok
16:14:19.0093 5276	LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:14:19.0094 5276	LUsbFilt - ok
16:14:19.0156 5276	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:14:19.0157 5276	MBAMProtector - ok
16:14:19.0275 5276	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:14:19.0283 5276	MBAMService - ok
16:14:19.0346 5276	Mbm3CBus        (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys
16:14:19.0349 5276	Mbm3CBus - ok
16:14:19.0406 5276	Mbm3DevMt       (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
16:14:19.0409 5276	Mbm3DevMt - ok
16:14:19.0434 5276	Mbm3mdfl        (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
16:14:19.0435 5276	Mbm3mdfl - ok
16:14:19.0478 5276	Mbm3Mdm         (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
16:14:19.0481 5276	Mbm3Mdm - ok
16:14:19.0519 5276	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:14:19.0522 5276	Mcx2Svc - ok
16:14:19.0548 5276	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:14:19.0549 5276	megasas - ok
16:14:19.0579 5276	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:14:19.0589 5276	MegaSR - ok
16:14:19.0602 5276	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:14:19.0604 5276	MEIx64 - ok
16:14:19.0631 5276	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:19.0633 5276	MMCSS - ok
16:14:19.0648 5276	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:14:19.0649 5276	Modem - ok
16:14:19.0680 5276	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:14:19.0680 5276	monitor - ok
16:14:19.0724 5276	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:14:19.0726 5276	mouclass - ok
16:14:19.0748 5276	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:14:19.0750 5276	mouhid - ok
16:14:19.0795 5276	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:14:19.0797 5276	mountmgr - ok
16:14:19.0866 5276	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:14:19.0874 5276	MpFilter - ok
16:14:19.0921 5276	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:14:19.0929 5276	mpio - ok
16:14:19.0946 5276	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:14:19.0948 5276	mpsdrv - ok
16:14:20.0031 5276	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:14:20.0046 5276	MpsSvc - ok
16:14:20.0090 5276	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:14:20.0104 5276	MRxDAV - ok
16:14:20.0149 5276	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:14:20.0155 5276	mrxsmb - ok
16:14:20.0208 5276	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:14:20.0218 5276	mrxsmb10 - ok
16:14:20.0259 5276	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:14:20.0267 5276	mrxsmb20 - ok
16:14:20.0301 5276	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:14:20.0303 5276	msahci - ok
16:14:20.0349 5276	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:14:20.0356 5276	msdsm - ok
16:14:20.0391 5276	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:14:20.0399 5276	MSDTC - ok
16:14:20.0438 5276	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:14:20.0439 5276	Msfs - ok
16:14:20.0468 5276	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:14:20.0469 5276	mshidkmdf - ok
16:14:20.0482 5276	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:14:20.0483 5276	msisadrv - ok
16:14:20.0519 5276	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:14:20.0526 5276	MSiSCSI - ok
16:14:20.0532 5276	msiserver - ok
16:14:20.0649 5276	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:14:20.0669 5276	MSKSSRV - ok
16:14:20.0803 5276	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:14:20.0803 5276	MsMpSvc - ok
16:14:20.0836 5276	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:14:20.0838 5276	MSPCLOCK - ok
16:14:20.0847 5276	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:14:20.0848 5276	MSPQM - ok
16:14:20.0917 5276	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:14:20.0927 5276	MsRPC - ok
16:14:20.0966 5276	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:14:20.0967 5276	mssmbios - ok
16:14:20.0996 5276	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:14:20.0997 5276	MSTEE - ok
16:14:21.0008 5276	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:14:21.0010 5276	MTConfig - ok
16:14:21.0040 5276	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:14:21.0042 5276	Mup - ok
16:14:21.0101 5276	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:14:21.0117 5276	napagent - ok
16:14:21.0166 5276	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:14:21.0173 5276	NativeWifiP - ok
16:14:21.0248 5276	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:14:21.0260 5276	NDIS - ok
16:14:21.0277 5276	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:14:21.0278 5276	NdisCap - ok
16:14:21.0293 5276	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:14:21.0295 5276	NdisTapi - ok
16:14:21.0339 5276	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:14:21.0342 5276	Ndisuio - ok
16:14:21.0396 5276	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:14:21.0402 5276	NdisWan - ok
16:14:21.0441 5276	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:14:21.0442 5276	NDProxy - ok
16:14:21.0471 5276	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:14:21.0473 5276	Netaapl - ok
16:14:21.0492 5276	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:14:21.0493 5276	NetBIOS - ok
16:14:21.0545 5276	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:14:21.0557 5276	NetBT - ok
16:14:21.0591 5276	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:21.0593 5276	Netlogon - ok
16:14:21.0661 5276	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:14:21.0674 5276	Netman - ok
16:14:21.0705 5276	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:14:21.0710 5276	netprofm - ok
16:14:21.0782 5276	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:14:21.0790 5276	NetTcpPortSharing - ok
16:14:22.0236 5276	NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:14:22.0381 5276	NETwNs64 - ok
16:14:22.0523 5276	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:14:22.0525 5276	nfrd960 - ok
16:14:22.0595 5276	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:14:22.0603 5276	NisDrv - ok
16:14:22.0736 5276	NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:14:22.0769 5276	NisSrv - ok
16:14:22.0836 5276	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:14:22.0844 5276	NlaSvc - ok
16:14:22.0876 5276	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:14:22.0877 5276	Npfs - ok
16:14:22.0904 5276	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:14:22.0906 5276	nsi - ok
16:14:22.0915 5276	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:14:22.0917 5276	nsiproxy - ok
16:14:23.0076 5276	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:14:23.0107 5276	Ntfs - ok
16:14:23.0268 5276	NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:14:23.0270 5276	NuidFltr - ok
16:14:23.0301 5276	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:14:23.0303 5276	Null - ok
16:14:23.0343 5276	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:14:23.0349 5276	nvraid - ok
16:14:23.0390 5276	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:14:23.0393 5276	nvstor - ok
16:14:23.0443 5276	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:14:23.0445 5276	nv_agp - ok
16:14:23.0487 5276	O2FLASH         (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
16:14:23.0489 5276	O2FLASH - ok
16:14:23.0507 5276	O2MDFRDR        (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
16:14:23.0509 5276	O2MDFRDR - ok
16:14:23.0563 5276	O2SDJRDR        (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
16:14:23.0565 5276	O2SDJRDR - ok
16:14:23.0675 5276	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:14:23.0687 5276	odserv - ok
16:14:23.0721 5276	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:14:23.0723 5276	ohci1394 - ok
16:14:23.0778 5276	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:14:23.0786 5276	ose - ok
16:14:23.0857 5276	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:23.0866 5276	p2pimsvc - ok
16:14:23.0904 5276	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:14:23.0913 5276	p2psvc - ok
16:14:23.0953 5276	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:14:23.0963 5276	Parport - ok
16:14:24.0001 5276	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:14:24.0004 5276	partmgr - ok
16:14:24.0030 5276	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:14:24.0042 5276	PcaSvc - ok
16:14:24.0079 5276	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:14:24.0085 5276	pci - ok
16:14:24.0123 5276	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:14:24.0124 5276	pciide - ok
16:14:24.0155 5276	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:14:24.0160 5276	pcmcia - ok
16:14:24.0178 5276	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:14:24.0179 5276	pcw - ok
16:14:24.0240 5276	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:14:24.0253 5276	PEAUTH - ok
16:14:24.0349 5276	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:14:24.0379 5276	PeerDistSvc - ok
16:14:24.0456 5276	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:14:24.0458 5276	PerfHost - ok
16:14:24.0666 5276	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:14:24.0699 5276	pla - ok
16:14:24.0763 5276	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:14:24.0772 5276	PlugPlay - ok
16:14:24.0795 5276	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:14:24.0797 5276	PNRPAutoReg - ok
16:14:24.0826 5276	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:14:24.0828 5276	PNRPsvc - ok
16:14:24.0895 5276	Point64         (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
16:14:24.0897 5276	Point64 - ok
16:14:24.0952 5276	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:14:24.0966 5276	PolicyAgent - ok
16:14:24.0994 5276	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:14:24.0997 5276	Power - ok
16:14:25.0057 5276	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:14:25.0060 5276	PptpMiniport - ok
16:14:25.0088 5276	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:14:25.0090 5276	Processor - ok
16:14:25.0125 5276	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:14:25.0138 5276	ProfSvc - ok
16:14:25.0174 5276	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:25.0175 5276	ProtectedStorage - ok
16:14:25.0230 5276	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:14:25.0239 5276	Psched - ok
16:14:25.0349 5276	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:14:25.0385 5276	ql2300 - ok
16:14:25.0518 5276	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:14:25.0521 5276	ql40xx - ok
16:14:25.0558 5276	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:14:25.0569 5276	QWAVE - ok
16:14:25.0583 5276	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:14:25.0584 5276	QWAVEdrv - ok
16:14:25.0669 5276	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:14:25.0671 5276	RapiMgr - ok
16:14:25.0687 5276	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:14:25.0688 5276	RasAcd - ok
16:14:25.0728 5276	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:14:25.0729 5276	RasAgileVpn - ok
16:14:25.0760 5276	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:14:25.0773 5276	RasAuto - ok
16:14:25.0814 5276	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:14:25.0823 5276	Rasl2tp - ok
16:14:25.0878 5276	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:14:25.0892 5276	RasMan - ok
16:14:25.0911 5276	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:14:25.0913 5276	RasPppoe - ok
16:14:25.0927 5276	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:14:25.0929 5276	RasSstp - ok
16:14:25.0978 5276	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:14:25.0986 5276	rdbss - ok
16:14:25.0995 5276	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:14:25.0996 5276	rdpbus - ok
16:14:26.0002 5276	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:14:26.0003 5276	RDPCDD - ok
16:14:26.0043 5276	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:14:26.0049 5276	RDPDR - ok
16:14:26.0070 5276	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:14:26.0071 5276	RDPENCDD - ok
16:14:26.0078 5276	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:14:26.0079 5276	RDPREFMP - ok
16:14:26.0128 5276	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:14:26.0129 5276	RdpVideoMiniport - ok
16:14:26.0173 5276	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:14:26.0186 5276	RDPWD - ok
16:14:26.0248 5276	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:14:26.0261 5276	rdyboost - ok
16:14:26.0296 5276	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:14:26.0298 5276	RemoteAccess - ok
16:14:26.0318 5276	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:14:26.0324 5276	RemoteRegistry - ok
16:14:26.0367 5276	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:14:26.0374 5276	RFCOMM - ok
16:14:26.0401 5276	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:14:26.0403 5276	RpcEptMapper - ok
16:14:26.0423 5276	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:14:26.0424 5276	RpcLocator - ok
16:14:26.0481 5276	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:14:26.0485 5276	RpcSs - ok
16:14:26.0523 5276	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:14:26.0525 5276	rspndr - ok
16:14:26.0560 5276	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:14:26.0561 5276	s3cap - ok
16:14:26.0599 5276	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:26.0600 5276	SamSs - ok
16:14:26.0640 5276	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:14:26.0642 5276	sbp2port - ok
16:14:26.0830 5276	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:14:26.0862 5276	SBSDWSCService - ok
16:14:26.0898 5276	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:14:26.0904 5276	SCardSvr - ok
16:14:26.0960 5276	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:14:26.0962 5276	scfilter - ok
16:14:27.0062 5276	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:14:27.0081 5276	Schedule - ok
16:14:27.0127 5276	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:14:27.0128 5276	SCPolicySvc - ok
16:14:27.0168 5276	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:14:27.0169 5276	sdbus - ok
16:14:27.0211 5276	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:14:27.0220 5276	SDRSVC - ok
16:14:27.0261 5276	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:14:27.0262 5276	secdrv - ok
16:14:27.0302 5276	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:14:27.0304 5276	seclogon - ok
16:14:27.0346 5276	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:14:27.0347 5276	SENS - ok
16:14:27.0360 5276	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:14:27.0362 5276	SensrSvc - ok
16:14:27.0386 5276	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:14:27.0387 5276	Serenum - ok
16:14:27.0406 5276	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:14:27.0407 5276	Serial - ok
16:14:27.0436 5276	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:14:27.0437 5276	sermouse - ok
16:14:27.0490 5276	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:14:27.0492 5276	SessionEnv - ok
16:14:27.0527 5276	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:14:27.0528 5276	sffdisk - ok
16:14:27.0538 5276	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:14:27.0539 5276	sffp_mmc - ok
16:14:27.0560 5276	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:14:27.0561 5276	sffp_sd - ok
16:14:27.0576 5276	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:14:27.0577 5276	sfloppy - ok
16:14:27.0621 5276	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:14:27.0635 5276	SharedAccess - ok
16:14:27.0685 5276	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:14:27.0699 5276	ShellHWDetection - ok
16:14:27.0721 5276	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:14:27.0723 5276	SiSRaid2 - ok
16:14:27.0745 5276	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:14:27.0747 5276	SiSRaid4 - ok
16:14:27.0763 5276	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:14:27.0765 5276	Smb - ok
16:14:27.0801 5276	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:14:27.0803 5276	SNMPTRAP - ok
16:14:27.0819 5276	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:14:27.0820 5276	spldr - ok
16:14:27.0864 5276	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:14:27.0876 5276	Spooler - ok
16:14:28.0085 5276	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:14:28.0151 5276	sppsvc - ok
16:14:28.0254 5276	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:14:28.0256 5276	sppuinotify - ok
16:14:28.0336 5276	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:14:28.0346 5276	srv - ok
16:14:28.0380 5276	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:14:28.0389 5276	srv2 - ok
16:14:28.0431 5276	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:14:28.0437 5276	srvnet - ok
16:14:28.0477 5276	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:14:28.0483 5276	SSDPSRV - ok
16:14:28.0501 5276	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:14:28.0503 5276	SstpSvc - ok
16:14:28.0598 5276	STacSV          (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe
16:14:28.0601 5276	STacSV - ok
16:14:28.0651 5276	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:14:28.0653 5276	stdcfltn - ok
16:14:28.0680 5276	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:14:28.0681 5276	stexstor - ok
16:14:28.0755 5276	STHDA           (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys
16:14:28.0768 5276	STHDA - ok
16:14:28.0855 5276	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:14:28.0865 5276	stisvc - ok
16:14:28.0897 5276	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:14:28.0898 5276	storflt - ok
16:14:28.0932 5276	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:14:28.0933 5276	StorSvc - ok
16:14:28.0950 5276	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:14:28.0951 5276	storvsc - ok
16:14:28.0968 5276	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:14:28.0970 5276	swenum - ok
16:14:29.0026 5276	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:14:29.0041 5276	swprv - ok
16:14:29.0052 5276	Synth3dVsc - ok
16:14:29.0193 5276	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:14:29.0227 5276	SysMain - ok
16:14:29.0343 5276	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:14:29.0346 5276	TabletInputService - ok
16:14:29.0401 5276	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:14:29.0409 5276	TapiSrv - ok
16:14:29.0431 5276	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:14:29.0433 5276	TBS - ok
16:14:29.0586 5276	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:14:29.0618 5276	Tcpip - ok
16:14:29.0847 5276	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:14:29.0861 5276	TCPIP6 - ok
16:14:29.0952 5276	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:14:29.0953 5276	tcpipreg - ok
16:14:29.0982 5276	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:14:29.0983 5276	TDPIPE - ok
16:14:30.0013 5276	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:14:30.0014 5276	TDTCP - ok
16:14:30.0065 5276	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:14:30.0067 5276	tdx - ok
16:14:30.0341 5276	TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:14:30.0383 5276	TeamViewer7 - ok
16:14:30.0531 5276	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:14:30.0533 5276	TermDD - ok
16:14:30.0614 5276	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:14:30.0632 5276	TermService - ok
16:14:30.0664 5276	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:14:30.0667 5276	Themes - ok
16:14:30.0690 5276	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:14:30.0692 5276	THREADORDER - ok
16:14:30.0731 5276	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:14:30.0739 5276	TrkWks - ok
16:14:30.0965 5276	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:14:30.0967 5276	TrustedInstaller - ok
16:14:31.0025 5276	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:14:31.0026 5276	tssecsrv - ok
16:14:31.0109 5276	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:14:31.0114 5276	TsUsbFlt - ok
16:14:31.0122 5276	tsusbhub - ok
16:14:31.0164 5276	TTCinergyT2     (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys
16:14:31.0180 5276	TTCinergyT2 - ok
16:14:31.0236 5276	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:14:31.0238 5276	tunnel - ok
16:14:31.0375 5276	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:14:31.0376 5276	uagp35 - ok
16:14:31.0429 5276	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:14:31.0440 5276	udfs - ok
16:14:31.0521 5276	ufad-ws60       (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:14:31.0535 5276	ufad-ws60 - ok
16:14:31.0566 5276	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:14:31.0569 5276	UI0Detect - ok
16:14:31.0619 5276	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:14:31.0621 5276	uliagpkx - ok
16:14:31.0671 5276	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:14:31.0673 5276	umbus - ok
16:14:31.0677 5276	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:14:31.0678 5276	UmPass - ok
16:14:31.0725 5276	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:14:31.0736 5276	UmRdpService - ok
16:14:31.0777 5276	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:14:31.0790 5276	upnphost - ok
16:14:31.0832 5276	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:14:31.0834 5276	USBAAPL64 - ok
16:14:31.0894 5276	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:14:31.0899 5276	usbaudio - ok
16:14:31.0943 5276	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:14:31.0945 5276	usbccgp - ok
16:14:31.0994 5276	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:14:31.0996 5276	usbcir - ok
16:14:32.0019 5276	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:14:32.0021 5276	usbehci - ok
16:14:32.0070 5276	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:14:32.0077 5276	usbhub - ok
16:14:32.0114 5276	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:14:32.0116 5276	usbohci - ok
16:14:32.0154 5276	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:14:32.0155 5276	usbprint - ok
16:14:32.0188 5276	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:14:32.0191 5276	USBSTOR - ok
16:14:32.0200 5276	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:14:32.0201 5276	usbuhci - ok
16:14:32.0268 5276	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:14:32.0274 5276	usbvideo - ok
16:14:32.0298 5276	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:14:32.0300 5276	UxSms - ok
16:14:32.0340 5276	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:14:32.0342 5276	VaultSvc - ok
16:14:32.0391 5276	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:14:32.0393 5276	vdrvroot - ok
16:14:32.0477 5276	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:14:32.0495 5276	vds - ok
16:14:32.0532 5276	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:14:32.0533 5276	vga - ok
16:14:32.0537 5276	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:14:32.0538 5276	VgaSave - ok
16:14:32.0541 5276	VGPU - ok
16:14:32.0580 5276	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:14:32.0586 5276	vhdmp - ok
16:14:32.0599 5276	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:14:32.0600 5276	viaide - ok
16:14:32.0696 5276	VMAuthdService  (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:14:32.0705 5276	VMAuthdService - ok
16:14:32.0809 5276	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:14:32.0815 5276	vmbus - ok
16:14:32.0850 5276	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:14:32.0866 5276	VMBusHID - ok
16:14:32.0913 5276	vmci            (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
16:14:32.0915 5276	vmci - ok
16:14:32.0949 5276	vmkbd           (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
16:14:32.0950 5276	vmkbd - ok
16:14:32.0983 5276	VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:14:32.0984 5276	VMnetAdapter - ok
16:14:33.0021 5276	VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:14:33.0024 5276	VMnetBridge - ok
16:14:33.0044 5276	VMnetDHCP - ok
16:14:33.0064 5276	VMnetuserif     (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
16:14:33.0067 5276	VMnetuserif - ok
16:14:33.0081 5276	VMparport       (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
16:14:33.0083 5276	VMparport - ok
16:14:33.0132 5276	vmusb           (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
16:14:33.0133 5276	vmusb - ok
16:14:33.0235 5276	VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:14:33.0243 5276	VMUSBArbService - ok
16:14:33.0252 5276	VMware NAT Service - ok
16:14:33.0266 5276	vmx86           (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
16:14:33.0268 5276	vmx86 - ok
16:14:33.0310 5276	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:14:33.0312 5276	volmgr - ok
16:14:33.0361 5276	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:14:33.0367 5276	volmgrx - ok
16:14:33.0419 5276	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:14:33.0427 5276	volsnap - ok
16:14:33.0530 5276	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:14:33.0536 5276	vsmraid - ok
16:14:33.0652 5276	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:14:33.0675 5276	VSS - ok
16:14:33.0745 5276	vstor2-ws60     (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:14:33.0746 5276	vstor2-ws60 - ok
16:14:33.0870 5276	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:14:33.0871 5276	vwifibus - ok
16:14:33.0882 5276	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:14:33.0884 5276	vwififlt - ok
16:14:33.0912 5276	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:14:33.0913 5276	vwifimp - ok
16:14:33.0961 5276	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:14:33.0972 5276	W32Time - ok
16:14:33.0985 5276	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:14:33.0987 5276	WacomPen - ok
16:14:34.0039 5276	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:34.0041 5276	WANARP - ok
16:14:34.0043 5276	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:14:34.0044 5276	Wanarpv6 - ok
16:14:34.0161 5276	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:14:34.0191 5276	wbengine - ok
16:14:34.0317 5276	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:14:34.0333 5276	WbioSrvc - ok
16:14:34.0420 5276	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:14:34.0423 5276	WcesComm - ok
16:14:34.0482 5276	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:14:34.0495 5276	wcncsvc - ok
16:14:34.0510 5276	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:14:34.0512 5276	WcsPlugInService - ok
16:14:34.0562 5276	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:14:34.0564 5276	Wd - ok
16:14:34.0609 5276	WDC_SAM         (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:14:34.0610 5276	WDC_SAM - ok
16:14:34.0696 5276	WDDMService     (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:14:34.0700 5276	WDDMService - ok
16:14:34.0781 5276	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:14:34.0797 5276	Wdf01000 - ok
16:14:34.0920 5276	WDFME           (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:14:34.0931 5276	WDFME - ok
16:14:35.0058 5276	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:35.0061 5276	WdiServiceHost - ok
16:14:35.0065 5276	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:14:35.0067 5276	WdiSystemHost - ok
16:14:35.0109 5276	WDSC            (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:14:35.0112 5276	WDSC - ok
16:14:35.0161 5276	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:14:35.0168 5276	WebClient - ok
16:14:35.0190 5276	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:14:35.0202 5276	Wecsvc - ok
16:14:35.0219 5276	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:14:35.0221 5276	wercplsupport - ok
16:14:35.0247 5276	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:14:35.0249 5276	WerSvc - ok
16:14:35.0305 5276	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:14:35.0306 5276	WfpLwf - ok
16:14:35.0319 5276	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:14:35.0320 5276	WIMMount - ok
16:14:35.0332 5276	WinDefend - ok
16:14:35.0337 5276	WinHttpAutoProxySvc - ok
16:14:35.0409 5276	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:14:35.0417 5276	Winmgmt - ok
16:14:35.0563 5276	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:14:35.0602 5276	WinRM - ok
16:14:35.0793 5276	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:14:35.0794 5276	WinUsb - ok
16:14:35.0869 5276	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:14:35.0886 5276	Wlansvc - ok
16:14:36.0163 5276	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:14:36.0202 5276	wlidsvc - ok
16:14:36.0354 5276	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:14:36.0355 5276	WmiAcpi - ok
16:14:36.0410 5276	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:14:36.0423 5276	wmiApSrv - ok
16:14:36.0441 5276	WMPNetworkSvc - ok
16:14:36.0482 5276	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:14:36.0485 5276	WPCSvc - ok
16:14:36.0535 5276	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:14:36.0545 5276	WPDBusEnum - ok
16:14:36.0568 5276	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:14:36.0570 5276	ws2ifsl - ok
16:14:36.0588 5276	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:14:36.0591 5276	wscsvc - ok
16:14:36.0595 5276	WSearch - ok
16:14:36.0780 5276	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:14:36.0829 5276	wuauserv - ok
16:14:36.0980 5276	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:14:36.0989 5276	WudfPf - ok
16:14:37.0019 5276	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:14:37.0030 5276	WUDFRd - ok
16:14:37.0066 5276	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:14:37.0068 5276	wudfsvc - ok
16:14:37.0106 5276	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:14:37.0118 5276	WwanSvc - ok
16:14:37.0157 5276	WwanUsbServ     (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
16:14:37.0159 5276	WwanUsbServ - ok
16:14:37.0213 5276	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:14:37.0484 5276	\Device\Harddisk0\DR0 - ok
16:14:37.0486 5276	Boot (0x1200)   (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0
16:14:37.0487 5276	\Device\Harddisk0\DR0\Partition0 - ok
16:14:37.0498 5276	Boot (0x1200)   (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1
16:14:37.0499 5276	\Device\Harddisk0\DR0\Partition1 - ok
16:14:37.0517 5276	Boot (0x1200)   (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2
16:14:37.0518 5276	\Device\Harddisk0\DR0\Partition2 - ok
16:14:37.0519 5276	============================================================
16:14:37.0519 5276	Scan finished
16:14:37.0519 5276	============================================================
16:14:37.0530 9172	Detected object count: 0
16:14:37.0530 9172	Actual detected object count: 0
16:15:09.0283 5632	============================================================
16:15:09.0283 5632	Scan started
16:15:09.0283 5632	Mode: Manual; SigCheck; TDLFS; 
16:15:09.0283 5632	============================================================
16:15:09.0637 5632	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
16:15:09.0769 5632	1394ohci - ok
16:15:09.0799 5632	Acceler         (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
16:15:09.0820 5632	Acceler - ok
16:15:09.0851 5632	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
16:15:09.0864 5632	ACPI - ok
16:15:09.0881 5632	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
16:15:09.0939 5632	AcpiPmi - ok
16:15:10.0051 5632	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:15:10.0058 5632	AdobeARMservice - ok
16:15:10.0109 5632	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
16:15:10.0125 5632	adp94xx - ok
16:15:10.0156 5632	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
16:15:10.0169 5632	adpahci - ok
16:15:10.0196 5632	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
16:15:10.0207 5632	adpu320 - ok
16:15:10.0239 5632	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
16:15:10.0345 5632	AeLookupSvc - ok
16:15:10.0405 5632	AESTFilters     (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
16:15:10.0449 5632	AESTFilters - ok
16:15:10.0516 5632	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
16:15:10.0587 5632	AFD - ok
16:15:10.0628 5632	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
16:15:10.0640 5632	agp440 - ok
16:15:10.0663 5632	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
16:15:10.0685 5632	ALG - ok
16:15:10.0699 5632	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
16:15:10.0706 5632	aliide - ok
16:15:10.0709 5632	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
16:15:10.0716 5632	amdide - ok
16:15:10.0748 5632	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
16:15:10.0807 5632	AmdK8 - ok
16:15:10.0814 5632	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
16:15:10.0842 5632	AmdPPM - ok
16:15:10.0875 5632	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
16:15:10.0884 5632	amdsata - ok
16:15:10.0909 5632	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
16:15:10.0917 5632	amdsbs - ok
16:15:10.0932 5632	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
16:15:10.0939 5632	amdxata - ok
16:15:11.0032 5632	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
16:15:11.0050 5632	AntiVirSchedulerService - ok
16:15:11.0088 5632	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
16:15:11.0095 5632	AntiVirService - ok
16:15:11.0165 5632	AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:15:11.0181 5632	AntiVirWebService - ok
16:15:11.0226 5632	ApfiltrService  (ca5f1bd1261bc771d30096bbcfd625a0) C:\Windows\system32\DRIVERS\Apfiltr.sys
16:15:11.0237 5632	ApfiltrService - ok
16:15:11.0271 5632	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
16:15:11.0391 5632	AppID - ok
16:15:11.0418 5632	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
16:15:11.0454 5632	AppIDSvc - ok
16:15:11.0491 5632	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
16:15:11.0532 5632	Appinfo - ok
16:15:11.0650 5632	Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:15:11.0658 5632	Apple Mobile Device - ok
16:15:11.0681 5632	AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
16:15:11.0720 5632	AppMgmt - ok
16:15:11.0753 5632	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
16:15:11.0761 5632	arc - ok
16:15:11.0772 5632	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
16:15:11.0779 5632	arcsas - ok
16:15:11.0795 5632	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
16:15:11.0875 5632	AsyncMac - ok
16:15:11.0901 5632	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
16:15:11.0908 5632	atapi - ok
16:15:11.0979 5632	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:15:12.0021 5632	AudioEndpointBuilder - ok
16:15:12.0026 5632	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
16:15:12.0055 5632	AudioSrv - ok
16:15:12.0092 5632	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
16:15:12.0099 5632	avgntflt - ok
16:15:12.0141 5632	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
16:15:12.0149 5632	avipbb - ok
16:15:12.0178 5632	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
16:15:12.0184 5632	avkmgr - ok
16:15:12.0224 5632	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
16:15:12.0273 5632	AxInstSV - ok
16:15:12.0330 5632	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
16:15:12.0352 5632	b06bdrv - ok
16:15:12.0385 5632	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
16:15:12.0425 5632	b57nd60a - ok
16:15:12.0462 5632	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
16:15:12.0495 5632	BDESVC - ok
16:15:12.0506 5632	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
16:15:12.0552 5632	Beep - ok
16:15:12.0630 5632	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
16:15:12.0665 5632	BFE - ok
16:15:12.0748 5632	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
16:15:12.0796 5632	BITS - ok
16:15:12.0829 5632	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
16:15:12.0850 5632	blbdrive - ok
16:15:12.0937 5632	Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:15:12.0955 5632	Bonjour Service - ok
16:15:12.0995 5632	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
16:15:13.0016 5632	bowser - ok
16:15:13.0032 5632	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:15:13.0082 5632	BrFiltLo - ok
16:15:13.0085 5632	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:15:13.0096 5632	BrFiltUp - ok
16:15:13.0137 5632	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
16:15:13.0192 5632	Browser - ok
16:15:13.0219 5632	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
16:15:13.0248 5632	Brserid - ok
16:15:13.0253 5632	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
16:15:13.0270 5632	BrSerWdm - ok
16:15:13.0273 5632	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
16:15:13.0286 5632	BrUsbMdm - ok
16:15:13.0290 5632	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
16:15:13.0305 5632	BrUsbSer - ok
16:15:13.0339 5632	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
16:15:13.0400 5632	BthEnum - ok
16:15:13.0417 5632	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
16:15:13.0443 5632	BTHMODEM - ok
16:15:13.0472 5632	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
16:15:13.0491 5632	BthPan - ok
16:15:13.0548 5632	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
16:15:13.0585 5632	BTHPORT - ok
16:15:13.0614 5632	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
16:15:13.0654 5632	bthserv - ok
16:15:13.0675 5632	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
16:15:13.0690 5632	BTHUSB - ok
16:15:13.0719 5632	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
16:15:13.0758 5632	cdfs - ok
16:15:13.0794 5632	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
16:15:13.0813 5632	cdrom - ok
16:15:13.0860 5632	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:15:13.0915 5632	CertPropSvc - ok
16:15:13.0938 5632	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
16:15:13.0951 5632	circlass - ok
16:15:13.0987 5632	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
16:15:13.0998 5632	CLFS - ok
16:15:14.0052 5632	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:15:14.0076 5632	clr_optimization_v2.0.50727_32 - ok
16:15:14.0112 5632	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:15:14.0122 5632	clr_optimization_v2.0.50727_64 - ok
16:15:14.0207 5632	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:15:14.0230 5632	clr_optimization_v4.0.30319_32 - ok
16:15:14.0267 5632	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:15:14.0287 5632	clr_optimization_v4.0.30319_64 - ok
16:15:14.0315 5632	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
16:15:14.0341 5632	CmBatt - ok
16:15:14.0391 5632	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
16:15:14.0413 5632	cmdide - ok
16:15:14.0550 5632	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
16:15:14.0580 5632	CNG - ok
16:15:14.0591 5632	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
16:15:14.0598 5632	Compbatt - ok
16:15:14.0631 5632	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
16:15:14.0649 5632	CompositeBus - ok
16:15:14.0652 5632	COMSysApp - ok
16:15:14.0665 5632	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
16:15:14.0672 5632	crcdisk - ok
16:15:14.0719 5632	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
16:15:14.0768 5632	CryptSvc - ok
16:15:14.0841 5632	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
16:15:14.0891 5632	CSC - ok
16:15:14.0959 5632	CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
16:15:14.0990 5632	CscService - ok
16:15:15.0007 5632	cvusbdrv        (a84caae89b487931200b969d94018afa) C:\Windows\system32\Drivers\cvusbdrv.sys
16:15:15.0017 5632	cvusbdrv - ok
16:15:15.0047 5632	d554gps         (0fef994d890c92d8f23442bc52d4fea9) C:\Windows\system32\DRIVERS\d554gps64.sys
16:15:15.0057 5632	d554gps - ok
16:15:15.0082 5632	d554scard       (95da07e4859396912d8e5630da5a9324) C:\Windows\system32\DRIVERS\d554scard.sys
16:15:15.0090 5632	d554scard - ok
16:15:15.0126 5632	dc3d            (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys
16:15:15.0167 5632	dc3d - ok
16:15:15.0237 5632	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:15:15.0289 5632	DcomLaunch - ok
16:15:15.0334 5632	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
16:15:15.0375 5632	defragsvc - ok
16:15:15.0406 5632	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
16:15:15.0455 5632	DfsC - ok
16:15:15.0508 5632	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
16:15:15.0555 5632	Dhcp - ok
16:15:15.0575 5632	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
16:15:15.0609 5632	discache - ok
16:15:15.0641 5632	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
16:15:15.0648 5632	Disk - ok
16:15:15.0690 5632	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
16:15:15.0717 5632	Dnscache - ok
16:15:15.0763 5632	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
16:15:15.0826 5632	dot3svc - ok
16:15:15.0869 5632	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
16:15:15.0918 5632	DPS - ok
16:15:15.0939 5632	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
16:15:15.0952 5632	drmkaud - ok
16:15:16.0002 5632	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
16:15:16.0013 5632	dtsoftbus01 - ok
16:15:16.0098 5632	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
16:15:16.0119 5632	DXGKrnl - ok
16:15:16.0160 5632	e1cexpress      (60633132a929c09fe78fab16541f9e71) C:\Windows\system32\DRIVERS\e1c62x64.sys
16:15:16.0169 5632	e1cexpress - ok
16:15:16.0199 5632	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
16:15:16.0235 5632	EapHost - ok
16:15:16.0429 5632	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
16:15:16.0491 5632	ebdrv - ok
16:15:16.0605 5632	ecnssndis       (f88f2e5806fc405b0fa94b7947a5875e) C:\Windows\system32\Drivers\wwuss64.sys
16:15:16.0616 5632	ecnssndis - ok
16:15:16.0628 5632	ecnssndisfltr   (c8cd88218efc28f7e44a9892b3e97f4d) C:\Windows\system32\Drivers\wwussf64.sys
16:15:16.0640 5632	ecnssndisfltr - ok
16:15:16.0675 5632	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
16:15:16.0712 5632	EFS - ok
16:15:16.0811 5632	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
16:15:16.0847 5632	ehRecvr - ok
16:15:16.0879 5632	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
16:15:16.0916 5632	ehSched - ok
16:15:16.0968 5632	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
16:15:16.0983 5632	elxstor - ok
16:15:17.0059 5632	EMP_UDSA        (faa735cb77474deb4e4e327340117d3a) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
16:15:17.0066 5632	EMP_UDSA ( UnsignedFile.Multi.Generic ) - warning
16:15:17.0067 5632	EMP_UDSA - detected UnsignedFile.Multi.Generic (1)
16:15:17.0086 5632	eppvad_simple   (55d460f601d0b4d528bb16c0e8e18723) C:\Windows\system32\drivers\EMP_UDAU.sys
16:15:17.0120 5632	eppvad_simple - ok
16:15:17.0152 5632	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
16:15:17.0172 5632	ErrDev - ok
16:15:17.0213 5632	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
16:15:17.0257 5632	EventSystem - ok
16:15:17.0283 5632	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
16:15:17.0308 5632	exfat - ok
16:15:17.0334 5632	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
16:15:17.0373 5632	fastfat - ok
16:15:17.0444 5632	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
16:15:17.0493 5632	Fax - ok
16:15:17.0498 5632	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
16:15:17.0511 5632	fdc - ok
16:15:17.0534 5632	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
16:15:17.0584 5632	fdPHost - ok
16:15:17.0603 5632	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
16:15:17.0634 5632	FDResPub - ok
16:15:17.0658 5632	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
16:15:17.0665 5632	FileInfo - ok
16:15:17.0675 5632	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
16:15:17.0699 5632	Filetrace - ok
16:15:17.0702 5632	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
16:15:17.0716 5632	flpydisk - ok
16:15:17.0762 5632	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
16:15:17.0771 5632	FltMgr - ok
16:15:17.0870 5632	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
16:15:17.0913 5632	FontCache - ok
16:15:17.0985 5632	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:15:17.0990 5632	FontCache3.0.0.0 - ok
16:15:18.0033 5632	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
16:15:18.0040 5632	FsDepends - ok
16:15:18.0075 5632	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
16:15:18.0082 5632	Fs_Rec - ok
16:15:18.0126 5632	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
16:15:18.0137 5632	fvevol - ok
16:15:18.0153 5632	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
16:15:18.0160 5632	gagp30kx - ok
16:15:18.0199 5632	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:15:18.0205 5632	GEARAspiWDM - ok
16:15:18.0294 5632	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
16:15:18.0347 5632	gpsvc - ok
16:15:18.0379 5632	hcmon           (ba207b48aa3d9d73fd4856400f852458) C:\Windows\system32\drivers\hcmon.sys
16:15:18.0386 5632	hcmon - ok
16:15:18.0399 5632	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
16:15:18.0447 5632	hcw85cir - ok
16:15:18.0507 5632	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
16:15:18.0519 5632	HdAudAddService - ok
16:15:18.0547 5632	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
16:15:18.0562 5632	HDAudBus - ok
16:15:18.0566 5632	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
16:15:18.0583 5632	HidBatt - ok
16:15:18.0591 5632	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
16:15:18.0601 5632	HidBth - ok
16:15:18.0615 5632	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
16:15:18.0635 5632	HidIr - ok
16:15:18.0664 5632	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
16:15:18.0697 5632	hidserv - ok
16:15:18.0716 5632	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
16:15:18.0724 5632	HidUsb - ok
16:15:18.0759 5632	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
16:15:18.0797 5632	hkmsvc - ok
16:15:18.0845 5632	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
16:15:18.0879 5632	HomeGroupListener - ok
16:15:18.0924 5632	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
16:15:18.0945 5632	HomeGroupProvider - ok
16:15:18.0962 5632	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
16:15:18.0969 5632	HpSAMD - ok
16:15:19.0053 5632	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
16:15:19.0112 5632	HTTP - ok
16:15:19.0150 5632	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
16:15:19.0164 5632	hwpolicy - ok
16:15:19.0180 5632	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
16:15:19.0191 5632	i8042prt - ok
16:15:19.0252 5632	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
16:15:19.0264 5632	iaStorV - ok
16:15:19.0371 5632	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:15:19.0397 5632	idsvc - ok
16:15:20.0078 5632	igfx            (795c99dc4f574c97c03d0bb39cf099ee) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:15:20.0214 5632	igfx - ok
16:15:20.0327 5632	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
16:15:20.0339 5632	iirsp - ok
16:15:20.0417 5632	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
16:15:20.0457 5632	IKEEXT - ok
16:15:20.0499 5632	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
16:15:20.0535 5632	IntcDAud - ok
16:15:20.0567 5632	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
16:15:20.0577 5632	intelide - ok
16:15:20.0590 5632	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
16:15:20.0611 5632	intelppm - ok
16:15:20.0645 5632	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
16:15:20.0685 5632	IPBusEnum - ok
16:15:20.0723 5632	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:15:20.0759 5632	IpFilterDriver - ok
16:15:20.0858 5632	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
16:15:20.0900 5632	iphlpsvc - ok
16:15:20.0935 5632	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
16:15:20.0961 5632	IPMIDRV - ok
16:15:20.0983 5632	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
16:15:21.0031 5632	IPNAT - ok
16:15:21.0137 5632	iPod Service    (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
16:15:21.0162 5632	iPod Service - ok
16:15:21.0174 5632	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
16:15:21.0227 5632	IRENUM - ok
16:15:21.0241 5632	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
16:15:21.0248 5632	isapnp - ok
16:15:21.0293 5632	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
16:15:21.0304 5632	iScsiPrt - ok
16:15:21.0324 5632	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
16:15:21.0331 5632	kbdclass - ok
16:15:21.0366 5632	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
16:15:21.0374 5632	kbdhid - ok
16:15:21.0409 5632	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:21.0416 5632	KeyIso - ok
16:15:21.0435 5632	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
16:15:21.0444 5632	KSecDD - ok
16:15:21.0462 5632	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
16:15:21.0470 5632	KSecPkg - ok
16:15:21.0487 5632	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
16:15:21.0525 5632	ksthunk - ok
16:15:21.0572 5632	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
16:15:21.0608 5632	KtmRm - ok
16:15:21.0716 5632	L4301_Solar     (caeaa16039485b2d3bb069c1107442a5) C:\Program Files\Logitech\SolarApp\L4301_Solar.exe
16:15:21.0728 5632	L4301_Solar - ok
16:15:21.0776 5632	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
16:15:21.0812 5632	LanmanServer - ok
16:15:21.0852 5632	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
16:15:21.0891 5632	LanmanWorkstation - ok
16:15:22.0012 5632	LBTServ         (19eff704cd16dd0429e128431f1dd631) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
16:15:22.0024 5632	LBTServ - ok
16:15:22.0081 5632	LEqdUsb         (abfd2b5726f4cce49297ae48806cc594) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
16:15:22.0091 5632	LEqdUsb - ok
16:15:22.0121 5632	LHidEqd         (933f69cf9acd2498693bfcd7ed68e8d4) C:\Windows\system32\DRIVERS\LHidEqd.Sys
16:15:22.0129 5632	LHidEqd - ok
16:15:22.0142 5632	LHidFilt        (1074c77a47835e03c15bf92452f9a750) C:\Windows\system32\DRIVERS\LHidFilt.Sys
16:15:22.0150 5632	LHidFilt - ok
16:15:22.0172 5632	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
16:15:22.0216 5632	lltdio - ok
16:15:22.0254 5632	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
16:15:22.0291 5632	lltdsvc - ok
16:15:22.0327 5632	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
16:15:22.0352 5632	lmhosts - ok
16:15:22.0381 5632	LMouFilt        (96999c364c649e2866a268f7420a304a) C:\Windows\system32\DRIVERS\LMouFilt.Sys
16:15:22.0388 5632	LMouFilt - ok
16:15:22.0409 5632	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
16:15:22.0417 5632	LSI_FC - ok
16:15:22.0436 5632	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
16:15:22.0448 5632	LSI_SAS - ok
16:15:22.0464 5632	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:15:22.0471 5632	LSI_SAS2 - ok
16:15:22.0486 5632	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:15:22.0497 5632	LSI_SCSI - ok
16:15:22.0519 5632	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
16:15:22.0544 5632	luafv - ok
16:15:22.0576 5632	LUsbFilt        (11ddb1d900078fbe3691df7b878aec28) C:\Windows\system32\Drivers\LUsbFilt.Sys
16:15:22.0584 5632	LUsbFilt - ok
16:15:22.0613 5632	MBAMProtector   (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
16:15:22.0620 5632	MBAMProtector - ok
16:15:22.0726 5632	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
16:15:22.0745 5632	MBAMService - ok
16:15:22.0795 5632	Mbm3CBus        (0845da0bff1af5c57de4dd97acaf2fcd) C:\Windows\system32\DRIVERS\Mbm3CBus.sys
16:15:22.0805 5632	Mbm3CBus - ok
16:15:22.0854 5632	Mbm3DevMt       (db6fa599aa79324e287c4eaf6020da37) C:\Windows\system32\DRIVERS\Mbm3DevMt.sys
16:15:22.0864 5632	Mbm3DevMt - ok
16:15:22.0885 5632	Mbm3mdfl        (2f71edb697752d409b9983f0e1d88f70) C:\Windows\system32\DRIVERS\Mbm3mdfl.sys
16:15:22.0891 5632	Mbm3mdfl - ok
16:15:22.0933 5632	Mbm3Mdm         (21b412a36de3ccfe4e13383b88cfc90c) C:\Windows\system32\DRIVERS\Mbm3Mdm.sys
16:15:22.0952 5632	Mbm3Mdm - ok
16:15:22.0995 5632	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
16:15:23.0028 5632	Mcx2Svc - ok
16:15:23.0048 5632	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
16:15:23.0057 5632	megasas - ok
16:15:23.0090 5632	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
16:15:23.0099 5632	MegaSR - ok
16:15:23.0120 5632	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
16:15:23.0126 5632	MEIx64 - ok
16:15:23.0140 5632	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:15:23.0178 5632	MMCSS - ok
16:15:23.0198 5632	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
16:15:23.0231 5632	Modem - ok
16:15:23.0247 5632	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
16:15:23.0262 5632	monitor - ok
16:15:23.0300 5632	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
16:15:23.0307 5632	mouclass - ok
16:15:23.0323 5632	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
16:15:23.0340 5632	mouhid - ok
16:15:23.0378 5632	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
16:15:23.0386 5632	mountmgr - ok
16:15:23.0427 5632	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
16:15:23.0441 5632	MpFilter - ok
16:15:23.0489 5632	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
16:15:23.0497 5632	mpio - ok
16:15:23.0521 5632	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
16:15:23.0547 5632	mpsdrv - ok
16:15:23.0632 5632	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
16:15:23.0669 5632	MpsSvc - ok
16:15:23.0710 5632	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
16:15:23.0729 5632	MRxDAV - ok
16:15:23.0765 5632	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:15:23.0791 5632	mrxsmb - ok
16:15:23.0851 5632	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:15:23.0861 5632	mrxsmb10 - ok
16:15:23.0901 5632	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:15:23.0912 5632	mrxsmb20 - ok
16:15:23.0951 5632	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
16:15:23.0958 5632	msahci - ok
16:15:23.0998 5632	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
16:15:24.0006 5632	msdsm - ok
16:15:24.0043 5632	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
16:15:24.0072 5632	MSDTC - ok
16:15:24.0096 5632	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
16:15:24.0126 5632	Msfs - ok
16:15:24.0135 5632	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
16:15:24.0171 5632	mshidkmdf - ok
16:15:24.0182 5632	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
16:15:24.0190 5632	msisadrv - ok
16:15:24.0219 5632	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
16:15:24.0253 5632	MSiSCSI - ok
16:15:24.0256 5632	msiserver - ok
16:15:24.0264 5632	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
16:15:24.0296 5632	MSKSSRV - ok
16:15:24.0353 5632	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
16:15:24.0360 5632	MsMpSvc - ok
16:15:24.0370 5632	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
16:15:24.0406 5632	MSPCLOCK - ok
16:15:24.0423 5632	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
16:15:24.0460 5632	MSPQM - ok
16:15:24.0515 5632	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
16:15:24.0526 5632	MsRPC - ok
16:15:24.0583 5632	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
16:15:24.0592 5632	mssmbios - ok
16:15:24.0604 5632	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
16:15:24.0641 5632	MSTEE - ok
16:15:24.0650 5632	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
16:15:24.0658 5632	MTConfig - ok
16:15:24.0673 5632	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
16:15:24.0680 5632	Mup - ok
16:15:24.0741 5632	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
16:15:24.0785 5632	napagent - ok
16:15:24.0819 5632	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
16:15:24.0842 5632	NativeWifiP - ok
16:15:24.0914 5632	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
16:15:24.0941 5632	NDIS - ok
16:15:24.0952 5632	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
16:15:24.0976 5632	NdisCap - ok
16:15:24.0986 5632	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
16:15:25.0023 5632	NdisTapi - ok
16:15:25.0055 5632	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
16:15:25.0088 5632	Ndisuio - ok
16:15:25.0146 5632	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
16:15:25.0189 5632	NdisWan - ok
16:15:25.0224 5632	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
16:15:25.0284 5632	NDProxy - ok
16:15:25.0313 5632	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
16:15:25.0347 5632	Netaapl - ok
16:15:25.0358 5632	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
16:15:25.0403 5632	NetBIOS - ok
16:15:25.0455 5632	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
16:15:25.0498 5632	NetBT - ok
16:15:25.0533 5632	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:25.0549 5632	Netlogon - ok
16:15:25.0592 5632	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
16:15:25.0635 5632	Netman - ok
16:15:25.0664 5632	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
16:15:25.0700 5632	netprofm - ok
16:15:25.0755 5632	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:15:25.0761 5632	NetTcpPortSharing - ok
16:15:26.0209 5632	NETwNs64        (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
16:15:26.0304 5632	NETwNs64 - ok
16:15:26.0406 5632	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
16:15:26.0416 5632	nfrd960 - ok
16:15:26.0450 5632	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
16:15:26.0458 5632	NisDrv - ok
16:15:26.0561 5632	NisSrv          (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
16:15:26.0579 5632	NisSrv - ok
16:15:26.0644 5632	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
16:15:26.0680 5632	NlaSvc - ok
16:15:26.0693 5632	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
16:15:26.0716 5632	Npfs - ok
16:15:26.0737 5632	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
16:15:26.0777 5632	nsi - ok
16:15:26.0791 5632	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
16:15:26.0830 5632	nsiproxy - ok
16:15:26.0964 5632	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
16:15:26.0995 5632	Ntfs - ok
16:15:27.0127 5632	NuidFltr        (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:15:27.0144 5632	NuidFltr - ok
16:15:27.0168 5632	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
16:15:27.0212 5632	Null - ok
16:15:27.0252 5632	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
16:15:27.0283 5632	nvraid - ok
16:15:27.0314 5632	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
16:15:27.0325 5632	nvstor - ok
16:15:27.0360 5632	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
16:15:27.0370 5632	nv_agp - ok
16:15:27.0404 5632	O2FLASH         (4e37455db16aec75862b1d0bc35b589e) C:\Windows\system32\DRIVERS\o2flash.exe
16:15:27.0411 5632	O2FLASH - ok
16:15:27.0441 5632	O2MDFRDR        (6172db160fc566cf24307941c0e94d8e) C:\Windows\system32\DRIVERS\O2MDFw7x64.sys
16:15:27.0449 5632	O2MDFRDR - ok
16:15:27.0481 5632	O2SDJRDR        (61b2aca7f48738afc883c05fa136a468) C:\Windows\system32\DRIVERS\o2sdjw7x64.sys
16:15:27.0488 5632	O2SDJRDR - ok
16:15:27.0608 5632	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:15:27.0618 5632	odserv - ok
16:15:27.0648 5632	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
16:15:27.0663 5632	ohci1394 - ok
16:15:27.0703 5632	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:15:27.0711 5632	ose - ok
16:15:27.0751 5632	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:15:27.0779 5632	p2pimsvc - ok
16:15:27.0828 5632	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
16:15:27.0839 5632	p2psvc - ok
16:15:27.0869 5632	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
16:15:27.0877 5632	Parport - ok
16:15:27.0909 5632	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
16:15:27.0918 5632	partmgr - ok
16:15:27.0945 5632	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
16:15:27.0965 5632	PcaSvc - ok
16:15:28.0008 5632	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
16:15:28.0033 5632	pci - ok
16:15:28.0065 5632	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
16:15:28.0077 5632	pciide - ok
16:15:28.0107 5632	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
16:15:28.0115 5632	pcmcia - ok
16:15:28.0128 5632	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
16:15:28.0136 5632	pcw - ok
16:15:28.0189 5632	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
16:15:28.0230 5632	PEAUTH - ok
16:15:28.0326 5632	PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
16:15:28.0378 5632	PeerDistSvc - ok
16:15:28.0456 5632	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
16:15:28.0484 5632	PerfHost - ok
16:15:28.0657 5632	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
16:15:28.0726 5632	pla - ok
16:15:28.0776 5632	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
16:15:28.0792 5632	PlugPlay - ok
16:15:28.0821 5632	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
16:15:28.0839 5632	PNRPAutoReg - ok
16:15:28.0877 5632	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
16:15:28.0887 5632	PNRPsvc - ok
16:15:28.0946 5632	Point64         (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
16:15:28.0965 5632	Point64 - ok
16:15:29.0038 5632	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
16:15:29.0084 5632	PolicyAgent - ok
16:15:29.0111 5632	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
16:15:29.0152 5632	Power - ok
16:15:29.0184 5632	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
16:15:29.0213 5632	PptpMiniport - ok
16:15:29.0234 5632	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
16:15:29.0246 5632	Processor - ok
16:15:29.0301 5632	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
16:15:29.0336 5632	ProfSvc - ok
16:15:29.0376 5632	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:29.0393 5632	ProtectedStorage - ok
16:15:29.0441 5632	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
16:15:29.0482 5632	Psched - ok
16:15:29.0719 5632	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
16:15:29.0753 5632	ql2300 - ok
16:15:29.0870 5632	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
16:15:29.0879 5632	ql40xx - ok
16:15:29.0916 5632	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
16:15:29.0937 5632	QWAVE - ok
16:15:29.0950 5632	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
16:15:29.0970 5632	QWAVEdrv - ok
16:15:30.0038 5632	RapiMgr         (a55e7d0d873b2c97585b3b5926ac6ade) C:\Windows\WindowsMobile\rapimgr.dll
16:15:30.0054 5632	RapiMgr - ok
16:15:30.0072 5632	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
16:15:30.0107 5632	RasAcd - ok
16:15:30.0129 5632	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
16:15:30.0154 5632	RasAgileVpn - ok
16:15:30.0173 5632	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
16:15:30.0215 5632	RasAuto - ok
16:15:30.0249 5632	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:15:30.0298 5632	Rasl2tp - ok
16:15:30.0354 5632	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
16:15:30.0384 5632	RasMan - ok
16:15:30.0403 5632	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
16:15:30.0428 5632	RasPppoe - ok
16:15:30.0445 5632	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
16:15:30.0481 5632	RasSstp - ok
16:15:30.0529 5632	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
16:15:30.0568 5632	rdbss - ok
16:15:30.0579 5632	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
16:15:30.0589 5632	rdpbus - ok
16:15:30.0595 5632	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:15:30.0631 5632	RDPCDD - ok
16:15:30.0679 5632	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
16:15:30.0708 5632	RDPDR - ok
16:15:30.0721 5632	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
16:15:30.0756 5632	RDPENCDD - ok
16:15:30.0771 5632	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
16:15:30.0797 5632	RDPREFMP - ok
16:15:30.0829 5632	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
16:15:30.0861 5632	RdpVideoMiniport - ok
16:15:30.0909 5632	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
16:15:30.0936 5632	RDPWD - ok
16:15:30.0983 5632	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
16:15:30.0994 5632	rdyboost - ok
16:15:31.0022 5632	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
16:15:31.0065 5632	RemoteAccess - ok
16:15:31.0091 5632	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
16:15:31.0128 5632	RemoteRegistry - ok
16:15:31.0161 5632	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
16:15:31.0186 5632	RFCOMM - ok
16:15:31.0203 5632	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
16:15:31.0245 5632	RpcEptMapper - ok
16:15:31.0266 5632	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
16:15:31.0293 5632	RpcLocator - ok
16:15:31.0352 5632	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
16:15:31.0380 5632	RpcSs - ok
16:15:31.0409 5632	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
16:15:31.0433 5632	rspndr - ok
16:15:31.0461 5632	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
16:15:31.0480 5632	s3cap - ok
16:15:31.0516 5632	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:31.0524 5632	SamSs - ok
16:15:31.0558 5632	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
16:15:31.0566 5632	sbp2port - ok
16:15:31.0731 5632	SBSDWSCService  (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
16:15:31.0757 5632	SBSDWSCService - ok
16:15:31.0791 5632	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
16:15:31.0835 5632	SCardSvr - ok
16:15:31.0895 5632	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
16:15:31.0918 5632	scfilter - ok
16:15:32.0011 5632	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
16:15:32.0081 5632	Schedule - ok
16:15:32.0119 5632	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
16:15:32.0142 5632	SCPolicySvc - ok
16:15:32.0188 5632	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
16:15:32.0211 5632	sdbus - ok
16:15:32.0248 5632	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
16:15:32.0262 5632	SDRSVC - ok
16:15:32.0279 5632	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:15:32.0313 5632	secdrv - ok
16:15:32.0346 5632	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
16:15:32.0412 5632	seclogon - ok
16:15:32.0446 5632	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
16:15:32.0472 5632	SENS - ok
16:15:32.0486 5632	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
16:15:32.0513 5632	SensrSvc - ok
16:15:32.0530 5632	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
16:15:32.0537 5632	Serenum - ok
16:15:32.0550 5632	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
16:15:32.0571 5632	Serial - ok
16:15:32.0604 5632	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
16:15:32.0647 5632	sermouse - ok
16:15:32.0708 5632	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
16:15:32.0745 5632	SessionEnv - ok
16:15:32.0787 5632	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
16:15:32.0809 5632	sffdisk - ok
16:15:32.0822 5632	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
16:15:32.0841 5632	sffp_mmc - ok
16:15:32.0853 5632	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
16:15:32.0871 5632	sffp_sd - ok
16:15:32.0886 5632	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
16:15:32.0894 5632	sfloppy - ok
16:15:32.0939 5632	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
16:15:32.0980 5632	SharedAccess - ok
16:15:33.0028 5632	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
16:15:33.0066 5632	ShellHWDetection - ok
16:15:33.0081 5632	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:15:33.0088 5632	SiSRaid2 - ok
16:15:33.0104 5632	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
16:15:33.0112 5632	SiSRaid4 - ok
16:15:33.0119 5632	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
16:15:33.0151 5632	Smb - ok
16:15:33.0178 5632	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
16:15:33.0186 5632	SNMPTRAP - ok
16:15:33.0195 5632	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
16:15:33.0201 5632	spldr - ok
16:15:33.0264 5632	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
16:15:33.0292 5632	Spooler - ok
16:15:33.0521 5632	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
16:15:33.0585 5632	sppsvc - ok
16:15:33.0673 5632	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
16:15:33.0713 5632	sppuinotify - ok
16:15:33.0788 5632	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
16:15:33.0819 5632	srv - ok
16:15:33.0863 5632	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
16:15:33.0886 5632	srv2 - ok
16:15:33.0924 5632	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
16:15:33.0940 5632	srvnet - ok
16:15:33.0980 5632	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
16:15:34.0014 5632	SSDPSRV - ok
16:15:34.0035 5632	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
16:15:34.0061 5632	SstpSvc - ok
16:15:34.0133 5632	STacSV          (c8f44e5e99ff6cf2e0627139cfec0742) C:\Program Files\IDT\WDM\STacSV64.exe
16:15:34.0154 5632	STacSV - ok
16:15:34.0178 5632	stdcfltn        (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
16:15:34.0185 5632	stdcfltn - ok
16:15:34.0206 5632	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
16:15:34.0214 5632	stexstor - ok
16:15:34.0270 5632	STHDA           (7a69c8af123f4c6a1d63daa7f5e2638d) C:\Windows\system32\DRIVERS\stwrt64.sys
16:15:34.0282 5632	STHDA - ok
16:15:34.0352 5632	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
16:15:34.0369 5632	stisvc - ok
16:15:34.0407 5632	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
16:15:34.0414 5632	storflt - ok
16:15:34.0440 5632	StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
16:15:34.0458 5632	StorSvc - ok
16:15:34.0475 5632	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
16:15:34.0482 5632	storvsc - ok
16:15:34.0493 5632	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
16:15:34.0501 5632	swenum - ok
16:15:34.0545 5632	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
16:15:34.0592 5632	swprv - ok
16:15:34.0594 5632	Synth3dVsc - ok
16:15:34.0742 5632	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
16:15:34.0778 5632	SysMain - ok
16:15:34.0901 5632	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
16:15:34.0920 5632	TabletInputService - ok
16:15:34.0978 5632	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
16:15:35.0023 5632	TapiSrv - ok
16:15:35.0047 5632	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
16:15:35.0081 5632	TBS - ok
16:15:35.0249 5632	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
16:15:35.0284 5632	Tcpip - ok
16:15:35.0493 5632	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
16:15:35.0523 5632	TCPIP6 - ok
16:15:35.0602 5632	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
16:15:35.0669 5632	tcpipreg - ok
16:15:35.0699 5632	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
16:15:35.0717 5632	TDPIPE - ok
16:15:35.0747 5632	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
16:15:35.0761 5632	TDTCP - ok
16:15:35.0808 5632	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
16:15:35.0861 5632	tdx - ok
16:15:36.0114 5632	TeamViewer7     (33966a658ff37e0c65d46e59f37e2380) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
16:15:36.0159 5632	TeamViewer7 - ok
16:15:36.0281 5632	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
16:15:36.0290 5632	TermDD - ok
16:15:36.0378 5632	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
16:15:36.0445 5632	TermService - ok
16:15:36.0472 5632	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
16:15:36.0492 5632	Themes - ok
16:15:36.0522 5632	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
16:15:36.0552 5632	THREADORDER - ok
16:15:36.0572 5632	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
16:15:36.0603 5632	TrkWks - ok
16:15:36.0687 5632	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
16:15:36.0739 5632	TrustedInstaller - ok
16:15:36.0773 5632	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:15:36.0796 5632	tssecsrv - ok
16:15:36.0824 5632	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
16:15:36.0866 5632	TsUsbFlt - ok
16:15:36.0877 5632	tsusbhub - ok
16:15:36.0915 5632	TTCinergyT2     (a52c83517f54e1e33000d86389ae78cf) C:\Windows\system32\DRIVERS\TTCinergyT2BDA.sys
16:15:36.0923 5632	TTCinergyT2 - ok
16:15:36.0963 5632	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
16:15:37.0015 5632	tunnel - ok
16:15:37.0041 5632	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
16:15:37.0048 5632	uagp35 - ok
16:15:37.0101 5632	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
16:15:37.0141 5632	udfs - ok
16:15:37.0236 5632	ufad-ws60       (215462ae7e6a897d675e84dd1e3b3b56) C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
16:15:37.0251 5632	ufad-ws60 - ok
16:15:37.0283 5632	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
16:15:37.0299 5632	UI0Detect - ok
16:15:37.0335 5632	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
16:15:37.0343 5632	uliagpkx - ok
16:15:37.0379 5632	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
16:15:37.0400 5632	umbus - ok
16:15:37.0419 5632	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
16:15:37.0436 5632	UmPass - ok
16:15:37.0485 5632	UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
16:15:37.0531 5632	UmRdpService - ok
16:15:37.0567 5632	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
16:15:37.0606 5632	upnphost - ok
16:15:37.0641 5632	USBAAPL64       (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
16:15:37.0656 5632	USBAAPL64 - ok
16:15:37.0697 5632	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
16:15:37.0707 5632	usbaudio - ok
16:15:37.0742 5632	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
16:15:37.0769 5632	usbccgp - ok
16:15:37.0809 5632	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
16:15:37.0819 5632	usbcir - ok
16:15:37.0837 5632	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
16:15:37.0855 5632	usbehci - ok
16:15:37.0885 5632	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
16:15:37.0904 5632	usbhub - ok
16:15:37.0930 5632	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
16:15:37.0947 5632	usbohci - ok
16:15:37.0963 5632	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
16:15:37.0982 5632	usbprint - ok
16:15:38.0022 5632	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:15:38.0055 5632	USBSTOR - ok
16:15:38.0083 5632	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
16:15:38.0102 5632	usbuhci - ok
16:15:38.0152 5632	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
16:15:38.0163 5632	usbvideo - ok
16:15:38.0189 5632	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
16:15:38.0220 5632	UxSms - ok
16:15:38.0258 5632	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
16:15:38.0266 5632	VaultSvc - ok
16:15:38.0282 5632	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
16:15:38.0289 5632	vdrvroot - ok
16:15:38.0345 5632	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
16:15:38.0390 5632	vds - ok
16:15:38.0416 5632	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
16:15:38.0426 5632	vga - ok
16:15:38.0439 5632	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
16:15:38.0471 5632	VgaSave - ok
16:15:38.0473 5632	VGPU - ok
16:15:38.0515 5632	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
16:15:38.0525 5632	vhdmp - ok
16:15:38.0541 5632	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
16:15:38.0548 5632	viaide - ok
16:15:38.0618 5632	VMAuthdService  (42f0ecaf36636841a4a006850695507f) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
16:15:38.0625 5632	VMAuthdService - ok
16:15:38.0644 5632	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
16:15:38.0653 5632	vmbus - ok
16:15:38.0668 5632	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
16:15:38.0690 5632	VMBusHID - ok
16:15:38.0730 5632	vmci            (3d810a11c3e7fd4682a8824f54c1a04f) C:\Windows\system32\drivers\vmci.sys
16:15:38.0736 5632	vmci - ok
16:15:38.0749 5632	vmkbd           (1af6462718e5ab0ed55014a6ef3790ef) C:\Windows\system32\drivers\VMkbd.sys
16:15:38.0755 5632	vmkbd - ok
16:15:38.0792 5632	VMnetAdapter    (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
16:15:38.0798 5632	VMnetAdapter - ok
16:15:38.0839 5632	VMnetBridge     (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
16:15:38.0845 5632	VMnetBridge - ok
16:15:38.0847 5632	VMnetDHCP - ok
16:15:38.0857 5632	VMnetuserif     (daf5e04eb56cd0ed945fb2fdd94812db) C:\Windows\system32\drivers\vmnetuserif.sys
16:15:38.0862 5632	VMnetuserif - ok
16:15:38.0874 5632	VMparport       (a459ee9a95fde6b7140336e2f5e6a4cb) C:\Windows\system32\drivers\VMparport.sys
16:15:38.0880 5632	VMparport - ok
16:15:38.0916 5632	vmusb           (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
16:15:38.0922 5632	vmusb - ok
16:15:39.0004 5632	VMUSBArbService (f22098dbdd13c1221c274496b3e18da7) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
16:15:39.0015 5632	VMUSBArbService - ok
16:15:39.0020 5632	VMware NAT Service - ok
16:15:39.0033 5632	vmx86           (ae7f667db83e108e83c86a56b821e9a6) C:\Windows\system32\drivers\vmx86.sys
16:15:39.0040 5632	vmx86 - ok
16:15:39.0077 5632	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
16:15:39.0085 5632	volmgr - ok
16:15:39.0139 5632	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
16:15:39.0149 5632	volmgrx - ok
16:15:39.0195 5632	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
16:15:39.0204 5632	volsnap - ok
16:15:39.0239 5632	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
16:15:39.0248 5632	vsmraid - ok
16:15:39.0380 5632	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
16:15:39.0433 5632	VSS - ok
16:15:39.0500 5632	vstor2-ws60     (e61c910e2ddf4797c1b1f9239636e894) C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys
16:15:39.0515 5632	vstor2-ws60 - ok
16:15:39.0638 5632	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
16:15:39.0664 5632	vwifibus - ok
16:15:39.0683 5632	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
16:15:39.0701 5632	vwififlt - ok
16:15:39.0713 5632	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
16:15:39.0730 5632	vwifimp - ok
16:15:39.0780 5632	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
16:15:39.0830 5632	W32Time - ok
16:15:39.0853 5632	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
16:15:39.0876 5632	WacomPen - ok
16:15:39.0927 5632	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:39.0989 5632	WANARP - ok
16:15:39.0993 5632	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
16:15:40.0019 5632	Wanarpv6 - ok
16:15:40.0128 5632	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
16:15:40.0162 5632	wbengine - ok
16:15:40.0289 5632	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
16:15:40.0303 5632	WbioSrvc - ok
16:15:40.0388 5632	WcesComm        (8bda6db43aa54e8bb5e0794541ddc209) C:\Windows\WindowsMobile\wcescomm.dll
16:15:40.0404 5632	WcesComm - ok
16:15:40.0459 5632	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
16:15:40.0476 5632	wcncsvc - ok
16:15:40.0495 5632	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
16:15:40.0530 5632	WcsPlugInService - ok
16:15:40.0564 5632	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
16:15:40.0571 5632	Wd - ok
16:15:40.0602 5632	WDC_SAM         (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:15:40.0615 5632	WDC_SAM - ok
16:15:40.0694 5632	WDDMService     (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
16:15:40.0719 5632	WDDMService ( UnsignedFile.Multi.Generic ) - warning
16:15:40.0719 5632	WDDMService - detected UnsignedFile.Multi.Generic (1)
16:15:40.0775 5632	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
16:15:40.0800 5632	Wdf01000 - ok
16:15:40.0879 5632	WDFME           (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
16:15:40.0903 5632	WDFME - ok
16:15:41.0000 5632	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:15:41.0086 5632	WdiServiceHost - ok
16:15:41.0090 5632	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
16:15:41.0111 5632	WdiSystemHost - ok
16:15:41.0152 5632	WDSC            (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
16:15:41.0162 5632	WDSC - ok
16:15:41.0210 5632	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
16:15:41.0231 5632	WebClient - ok
16:15:41.0261 5632	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
16:15:41.0320 5632	Wecsvc - ok
16:15:41.0345 5632	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
16:15:41.0370 5632	wercplsupport - ok
16:15:41.0383 5632	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
16:15:41.0414 5632	WerSvc - ok
16:15:41.0448 5632	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
16:15:41.0472 5632	WfpLwf - ok
16:15:41.0486 5632	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
16:15:41.0493 5632	WIMMount - ok
16:15:41.0500 5632	WinDefend - ok
16:15:41.0504 5632	WinHttpAutoProxySvc - ok
16:15:41.0555 5632	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
16:15:41.0580 5632	Winmgmt - ok
16:15:41.0730 5632	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
16:15:41.0773 5632	WinRM - ok
16:15:41.0902 5632	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
16:15:41.0914 5632	WinUsb - ok
16:15:41.0981 5632	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
16:15:42.0014 5632	Wlansvc - ok
16:15:42.0195 5632	wlidsvc         (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:15:42.0229 5632	wlidsvc - ok
16:15:42.0363 5632	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
16:15:42.0386 5632	WmiAcpi - ok
16:15:42.0436 5632	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
16:15:42.0452 5632	wmiApSrv - ok
16:15:42.0467 5632	WMPNetworkSvc - ok
16:15:42.0492 5632	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
16:15:42.0510 5632	WPCSvc - ok
16:15:42.0545 5632	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
16:15:42.0574 5632	WPDBusEnum - ok
16:15:42.0595 5632	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
16:15:42.0623 5632	ws2ifsl - ok
16:15:42.0654 5632	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
16:15:42.0680 5632	wscsvc - ok
16:15:42.0682 5632	WSearch - ok
16:15:42.0867 5632	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
16:15:42.0925 5632	wuauserv - ok
16:15:43.0065 5632	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
16:15:43.0120 5632	WudfPf - ok
16:15:43.0151 5632	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:15:43.0176 5632	WUDFRd - ok
16:15:43.0209 5632	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
16:15:43.0233 5632	wudfsvc - ok
16:15:43.0266 5632	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
16:15:43.0284 5632	WwanSvc - ok
16:15:43.0325 5632	WwanUsbServ     (a100bd898b40de890dbe53eae4896d20) C:\Windows\system32\DRIVERS\WwanUsbMp64.sys
16:15:43.0334 5632	WwanUsbServ - ok
16:15:43.0356 5632	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:15:43.0683 5632	\Device\Harddisk0\DR0 - ok
16:15:43.0688 5632	Boot (0x1200)   (f978931a0526a4a206a6a3c700e00f6e) \Device\Harddisk0\DR0\Partition0
16:15:43.0691 5632	\Device\Harddisk0\DR0\Partition0 - ok
16:15:43.0724 5632	Boot (0x1200)   (bc398a7b6ccd4bd3d6e56941670283e3) \Device\Harddisk0\DR0\Partition1
16:15:43.0726 5632	\Device\Harddisk0\DR0\Partition1 - ok
16:15:43.0743 5632	Boot (0x1200)   (4429aa7c6889c6c6b4f98e32749f73ea) \Device\Harddisk0\DR0\Partition2
16:15:43.0745 5632	\Device\Harddisk0\DR0\Partition2 - ok
16:15:43.0745 5632	============================================================
16:15:43.0745 5632	Scan finished
16:15:43.0745 5632	============================================================
16:15:43.0752 5836	Detected object count: 2
16:15:43.0752 5836	Actual detected object count: 2
16:16:00.0199 5836	EMP_UDSA ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:00.0199 5836	EMP_UDSA ( UnsignedFile.Multi.Generic ) - User select action: Skip 
16:16:00.0200 5836	WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user
16:16:00.0200 5836	WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein

Plagegeister aller Art und deren Bekämpfung: Popup rechts unten im Browser, nervende Werbung auch als Flash, schiebt sich von unten rein