Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Alureon.E im Bootsystem

Alureon.E im Bootsystem


Log-Analyse und Auswertung: Alureon.E im Bootsystem

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 08.06.2012, 19:31   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 19:51   #17
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Okay, erledigt.

Die OTL-Log:

Code:
ATTFilter
OTL logfile created on: 08.06.2012 20:38:18 - Run 2
OTL by OldTimer - Version 3.2.46.0     Folder = C:\Users\Bjarne\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 6,14 Gb Available Physical Memory | 77,60% Memory free
15,82 Gb Paging File | 13,71 Gb Available in Paging File | 86,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 676,88 Gb Total Space | 597,22 Gb Free Space | 88,23% Space Free | Partition Type: NTFS
 
Computer Name: BJARNE-VAIO | User Name: Bjarne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.04 13:56:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bjarne\Desktop\OTL.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.20 15:23:00 | 000,054,432 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.11.30 18:49:50 | 000,082,592 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2011.10.24 14:49:14 | 000,958,112 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
PRC - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.09 18:58:14 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2011.09.29 17:14:50 | 000,182,200 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
PRC - [2011.09.29 17:14:50 | 000,065,464 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
PRC - [2011.09.20 16:57:56 | 000,060,552 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2011.09.08 16:44:00 | 000,549,408 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2011.09.08 15:29:16 | 000,381,488 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
PRC - [2011.08.24 17:30:58 | 000,651,832 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
PRC - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2011.07.05 17:41:26 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.06.24 22:39:21 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.06.24 22:39:04 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 00:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) -- c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
PRC - [2010.11.21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.05.21 21:07:06 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2574fd89f1960bc08f0258723970a23b\IAStorUtil.ni.dll
MOD - [2012.05.21 14:44:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\1a690902e9a6293de228c16fab21e2f7\System.Web.ni.dll
MOD - [2012.05.21 14:44:08 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012.05.21 14:44:03 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012.05.19 20:04:17 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\d89ee849317b4d93ea78842dd78f79c0\IAStorCommon.ni.dll
MOD - [2012.05.19 15:56:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.19 15:56:07 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.19 15:56:02 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.19 15:56:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.19 15:55:59 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.19 15:55:47 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.04.09 00:24:55 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.30 18:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2011.09.22 09:04:21 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.11.21 05:24:42 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2009.07.14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV - [2012.05.26 17:10:21 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.04.03 22:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.20 15:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2012.01.13 10:41:36 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent)
SRV - [2011.11.03 20:30:26 | 000,138,392 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2011.11.03 20:30:26 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2011.10.24 14:49:14 | 000,958,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2011.10.21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.09.30 16:31:12 | 000,955,832 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2011.09.29 17:14:50 | 000,065,464 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service)
SRV - [2011.09.27 11:46:10 | 000,248,304 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2011.09.23 19:18:38 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService)
SRV - [2011.09.20 14:33:26 | 000,535,176 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2011.09.08 16:44:00 | 000,549,408 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2011.09.08 15:29:16 | 000,381,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2011.08.26 18:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2011.08.25 02:58:28 | 000,111,776 | ---- | M] (Atheros Communication Inc.) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe -- (DCDhcpService)
SRV - [2011.08.24 17:30:58 | 000,430,136 | ---- | M] (Sony Corporation) [Auto | Running] -- c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2011.07.05 19:10:04 | 000,098,976 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.07.05 17:41:26 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.06.24 22:39:21 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.06.24 22:39:04 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2011.04.30 00:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0)
SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.03 09:41:02 | 000,088,480 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.06.03 09:41:01 | 000,046,400 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.11 00:22:52 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.09.22 09:11:00 | 012,289,472 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.09.22 09:04:42 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.09.22 09:04:42 | 000,306,688 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.09.22 09:02:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2011.07.29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011.07.29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011.07.05 19:10:42 | 000,496,800 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.07.05 19:10:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.07.05 19:10:38 | 000,167,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.07.05 19:10:38 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.07.05 19:10:38 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.07.05 19:10:36 | 000,330,400 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.07.05 19:10:36 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:64bit: - [2011.07.05 19:10:36 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.06.24 22:39:02 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.06.24 22:32:00 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe)
DRV:64bit: - [2011.06.24 22:31:34 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2011.06.24 22:31:15 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.06.24 22:30:19 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.06.21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:55 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010.02.24 12:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009.07.14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2012.05.19 19:25:52 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2011.07.29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011.07.29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes\{34F380A9-A703-417B-8E26-D2B6A48E9C72}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes\{9E7686C7-9BB1-41F2-AC84-F913849EA91B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=416c9ef5-7288-47f9-87b1-e3b33acb067b&apn_sauid=2FD55BD3-4E7C-4B72-8CF6-F649960E9275
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.18 11:53:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.31 13:43:07 | 000,000,000 | ---D | M]
 
[2012.05.18 11:54:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Extensions
[2012.06.03 19:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Firefox\Profiles\yyudgavq.default\extensions
[2012.05.22 17:20:36 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Firefox\Profiles\yyudgavq.default\extensions\software@loadtubes.com
[2012.06.03 13:24:32 | 000,002,344 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\yyudgavq.default\searchplugins\askcom.xml
[2012.05.18 11:53:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Bjarne\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1084989345-2395060513-280258535-1000..\Run: [buxSUmlTRXTbfy.exe] C:\ProgramData\buxSUmlTRXTbfy.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A4DF648-BF41-4CA2-917C-2BDE2B75DBB3}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: McMPFSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: McMPFSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{7F2022E4-5842-4CE3-927B-E841182EDC09} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.08 20:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Online Backup
[2012.06.08 20:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012.06.08 20:16:30 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Bjarne\Desktop\unhide.exe
[2012.06.06 20:09:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.06.06 19:02:48 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Malwarebytes
[2012.06.06 19:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.06 19:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.06 19:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.06 19:01:57 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Bjarne\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.04 13:56:26 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Bjarne\Desktop\OTL.exe
[2012.06.03 17:59:02 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\ElevatedDiagnostics
[2012.06.03 13:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.03 11:38:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.06.03 11:37:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.06.03 11:35:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{8E738F58-3959-4DB2-B6D2-B7ECFE3EEC16}
[2012.06.03 10:05:46 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012.06.02 17:30:57 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Games
[2012.06.02 17:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2012.06.02 17:30:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focus
[2012.06.02 17:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus
[2012.06.02 11:32:42 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{D9DAA897-DC7F-467D-BA4F-7BAD22A6ECD7}
[2012.06.02 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{3B56E71C-C1FD-4607-89A7-2575360FDAE0}
[2012.06.02 10:12:00 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft Corporation
[2012.06.01 13:57:17 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{9C047245-6884-4D6C-8C1E-0FC88E288CEB}
[2012.06.01 13:56:55 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{828785F1-1B2D-4911-81A2-3B00E6D5A6DF}
[2012.05.31 15:18:32 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{FE2410A6-09AA-4E6D-B33F-A07D86A7D95C}
[2012.05.31 15:18:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{3A9F1E0A-E3A1-4465-A6E1-77B8B356F127}
[2012.05.31 14:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.1 Home Edition
[2012.05.31 14:47:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EASEUS
[2012.05.31 13:38:01 | 000,000,000 | ---D | C] -- C:\Program Files\Tracker Software
[2012.05.29 19:51:51 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.05.29 19:04:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012.05.28 21:27:28 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\SoftGrid Client
[2012.05.28 21:27:26 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\SoftGrid Client
[2012.05.28 21:26:12 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\TP
[2012.05.28 09:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Video Codec
[2012.05.28 08:31:05 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\GIANTS Editor 4.1.7
[2012.05.28 08:30:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIANTS Software
[2012.05.28 08:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIANTS Software
[2012.05.27 21:22:53 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.27 20:00:53 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\OpenOffice.org
[2012.05.27 20:00:13 | 000,000,000 | --SD | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
[2012.05.27 19:59:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2012.05.27 16:13:44 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{26DE102A-2FD9-40F8-9323-DC519D7B9C39}
[2012.05.26 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Movie Maker
[2012.05.26 17:17:41 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{E43F1C26-364E-4CCE-B7D5-3F8512150AD4}
[2012.05.26 17:17:19 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{89B86EC0-14D1-46D9-BB26-B2988F570D9A}
[2012.05.26 17:11:07 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Tracing
[2012.05.26 17:06:43 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.05.26 17:04:28 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.05.26 17:04:22 | 000,000,000 | ---D | C] -- C:\Windows\bg
[2012.05.26 17:04:17 | 000,000,000 | ---D | C] -- C:\Windows\cs
[2012.05.26 17:04:11 | 000,000,000 | ---D | C] -- C:\Windows\da
[2012.05.26 17:04:05 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.05.26 17:04:00 | 000,000,000 | ---D | C] -- C:\Windows\fi
[2012.05.26 17:03:54 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.05.26 17:03:48 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.05.26 17:03:42 | 000,000,000 | ---D | C] -- C:\Windows\hu
[2012.05.26 17:03:36 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.05.26 17:03:30 | 000,000,000 | ---D | C] -- C:\Windows\no
[2012.05.26 17:03:25 | 000,000,000 | ---D | C] -- C:\Windows\pl
[2012.05.26 17:03:19 | 000,000,000 | ---D | C] -- C:\Windows\pt-pt
[2012.05.26 17:03:13 | 000,000,000 | ---D | C] -- C:\Windows\ro
[2012.05.26 17:03:08 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.05.26 17:03:01 | 000,000,000 | ---D | C] -- C:\Windows\sk
[2012.05.26 17:02:55 | 000,000,000 | ---D | C] -- C:\Windows\sv
[2012.05.26 17:02:49 | 000,000,000 | ---D | C] -- C:\Windows\tr
[2012.05.26 17:02:44 | 000,000,000 | ---D | C] -- C:\Windows\uk
[2012.05.26 16:36:43 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{168507B2-5BA5-4689-811F-06ECF34B305D}
[2012.05.26 16:12:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Diagnostics
[2012.05.26 16:02:20 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{A290CC84-AB9B-4038-B977-00AE7C63C481}
[2012.05.26 08:47:18 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{673A7BC3-E976-474D-8999-B6B979FFA887}
[2012.05.25 15:30:34 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Audacity
[2012.05.25 15:00:06 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{742EB174-8155-4BB1-824A-5AAD8629454C}
[2012.05.25 14:59:44 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{B3813FCD-1433-437B-B730-3339A6A748D5}
[2012.05.25 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{353986B2-AED6-49E5-9986-A6D69862D862}
[2012.05.25 13:15:55 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{0987D3A8-6548-443B-8A84-D73DE7F02577}
[2012.05.24 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{2ED54B1F-2D11-4B7A-B35D-D60D1A78D684}
[2012.05.24 20:21:05 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.05.22 18:55:40 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Subversion
[2012.05.22 18:40:16 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\flightgear.org
[2012.05.22 18:40:14 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.05.22 18:40:14 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.05.22 18:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.05.22 18:39:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlightGear 2.6.0
[2012.05.22 18:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\FlightGear
[2012.05.22 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Windows Live
[2012.05.22 17:40:42 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{52A2D364-C7EF-4C0A-83B7-9F8CB34BDC7B}
[2012.05.22 17:40:10 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{D410D4AF-2C6E-4CC8-B351-B93F140056E0}
[2012.05.22 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Windows Live Writer
[2012.05.22 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Windows Live Writer
[2012.05.22 17:31:37 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Download Manager
[2012.05.22 17:20:28 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\loadtbs
[2012.05.22 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Thunderbird
[2012.05.22 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Thunderbird
[2012.05.21 18:31:53 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Cyberlink
[2012.05.21 18:31:47 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\CyberLink
[2012.05.21 18:31:46 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\CyberLink
[2012.05.21 16:36:36 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Quadriga Games
[2012.05.21 16:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProtectDisc Driver Installer
[2012.05.21 16:36:15 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\ProtectDISC
[2012.05.21 16:28:13 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Programs
[2012.05.21 16:27:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\WebCam Media
[2012.05.21 16:20:09 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\{9A6DE0A1-7A6B-4A23-8DBA-4D0E544305A1}
[2012.05.21 16:12:27 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\SSubTmr6.dll
[2012.05.21 16:12:27 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.05.21 16:12:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wecker für Windows
[2012.05.21 16:12:26 | 000,739,472 | ---- | C] (Data Dynamics) -- C:\Windows\SysWow64\sg20O.ocx
[2012.05.21 16:12:26 | 000,208,896 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbPrinter.dll
[2012.05.21 16:12:26 | 000,122,880 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbNet.dll
[2012.05.21 16:12:26 | 000,065,536 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBXML.dll
[2012.05.21 16:12:26 | 000,057,344 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbSysHTrck.dll
[2012.05.21 16:12:26 | 000,053,248 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\cbvCalendar.dll
[2012.05.21 16:12:26 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\cbuenger
[2012.05.21 16:12:25 | 000,040,960 | ---- | C] (Christoph Bünger Software) -- C:\Windows\SysWow64\CBDTPicker.dll
[2012.05.21 16:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wecker6
[2012.05.21 16:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote for VAIO
[2012.05.21 15:46:11 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Sony PMB
[2012.05.21 15:45:45 | 000,000,000 | ---D | C] -- C:\VAIO Entertainment
[2012.05.21 15:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.05.21 15:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.05.21 15:28:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fernseh Tycoon
[2012.05.21 14:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012.05.21 14:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.05.21 14:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.05.21 14:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.05.20 21:10:06 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Emergency
[2012.05.20 20:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft DirectX SDK (June 2010)
[2012.05.20 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Emergency 2012
[2012.05.20 20:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft DirectX SDK (June 2010)
[2012.05.20 20:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.05.20 20:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.05.20 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadriga Games
[2012.05.20 20:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.05.20 20:16:15 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Visual Studio 2010
[2012.05.20 20:15:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012.05.20 20:14:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.05.20 20:14:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012.05.20 20:13:55 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012.05.20 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.05.20 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.05.20 20:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.05.19 22:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2012.05.19 22:32:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.05.19 22:32:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.05.19 22:31:57 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Google
[2012.05.19 22:26:56 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Adobe
[2012.05.19 22:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.05.19 19:25:52 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2012.05.19 19:25:52 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\eSupport.com
[2012.05.19 19:05:24 | 000,086,016 | ---- | C] (MindVision Software) -- C:\Windows\unvise32.exe
[2012.05.19 18:59:00 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\TeamViewer
[2012.05.19 18:53:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2012.05.19 18:25:39 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Atheros
[2012.05.19 17:04:44 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\CrashDumps
[2012.05.19 17:03:59 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Bus2009 Beta
[2012.05.19 16:38:47 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Bus-Simulator 2009
[2012.05.19 16:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bus-Simulator 2009
[2012.05.19 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bus-Simulator 2009
[2012.05.19 15:58:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Police
[2012.05.19 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Police
[2012.05.19 15:58:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Police
[2012.05.19 13:18:22 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Euro Truck Simulator
[2012.05.19 13:09:37 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator
[2012.05.19 13:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator
[2012.05.19 13:09:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Euro Truck Simulator
[2012.05.19 13:07:09 | 000,268,048 | ---- | C] (MetaCreations Corporation) -- C:\Windows\SysWow64\dxtmeta2.dll
[2012.05.19 09:34:03 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Microsoft Games
[2012.05.19 09:33:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012.05.19 09:33:06 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2012.05.18 22:09:25 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\My Games
[2012.05.18 22:08:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2012.05.18 22:07:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Landwirtschafts Simulator 2011
[2012.05.18 21:59:47 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Bus Driver
[2012.05.18 21:58:58 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Halycon Media
[2012.05.18 21:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Halycon Media
[2012.05.18 21:58:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bus Driver Gold
[2012.05.18 21:58:16 | 000,000,000 | ---D | C] -- C:\Windows\uninstall
[2012.05.18 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Railroad Lines
[2012.05.18 16:11:15 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Sony Corporation
[2012.05.18 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\BMExplorer
[2012.05.18 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Documents\Bluetooth Folder
[2012.05.18 14:17:34 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\Schule
[2012.05.18 13:21:24 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\WildTangent
[2012.05.18 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Mozilla
[2012.05.18 11:54:09 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Mozilla
[2012.05.18 11:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.05.18 11:53:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.05.18 11:53:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.05.18 11:42:22 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Evernote
[2012.05.18 11:24:08 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Adobe
[2012.05.18 11:21:43 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\iolo
[2012.05.18 11:21:36 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012.05.18 11:15:01 | 000,000,000 | ---D | C] -- C:\Update
[2012.05.18 11:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.05.18 11:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.05.18 11:13:02 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\ArcSoft
[2012.05.18 11:12:57 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\ArcSoft
[2012.05.18 11:12:14 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Skype
[2012.05.18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\ATI
[2012.05.18 11:01:48 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\ATI
[2012.05.18 11:01:03 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Intel Corporation
[2012.05.18 11:00:46 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Adobe
[2012.05.18 11:00:44 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Atheros
[2012.05.18 10:00:38 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.05.18 10:00:38 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Searches
[2012.05.18 10:00:38 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.05.18 10:00:29 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Identities
[2012.05.18 10:00:26 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Contacts
[2012.05.18 10:00:22 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\VirtualStore
[2012.05.18 09:58:27 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\VAIO Startup Setting Tool
[2012.05.18 09:58:27 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Sony Corporation
[2012.05.18 09:58:25 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Vorlagen
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\AppData\Local\Verlauf
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\AppData\Local\Temporary Internet Files
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Startmenü
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\SendTo
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Recent
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Netzwerkumgebung
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Lokale Einstellungen
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Documents\Eigene Videos
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Documents\Eigene Musik
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Eigene Dateien
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Documents\Eigene Bilder
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Druckumgebung
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Cookies
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\AppData\Local\Anwendungsdaten
[2012.05.18 09:57:59 | 000,000,000 | -HSD | C] -- C:\Users\Bjarne\Anwendungsdaten
[2012.05.18 09:57:59 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Temp
[2012.05.18 09:57:59 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Local\Microsoft
[2012.05.18 09:57:59 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Media Center Programs
[2012.05.18 09:57:59 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData\Roaming\Macromedia
[2012.05.18 09:57:58 | 000,000,000 | --SD | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Videos
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Saved Games
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Pictures
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Music
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Links
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Favorites
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Downloads
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Documents
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\Desktop
[2012.05.18 09:57:58 | 000,000,000 | R--D | C] -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.05.18 09:57:58 | 000,000,000 | ---D | C] -- C:\Users\Bjarne\AppData
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.05.18 09:57:42 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.08 20:42:04 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 20:42:04 | 000,020,992 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.08 20:38:54 | 001,619,196 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.08 20:38:54 | 000,698,998 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.08 20:38:54 | 000,654,276 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.08 20:38:54 | 000,149,162 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.08 20:38:54 | 000,122,108 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.08 20:37:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.08 20:34:49 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.08 20:34:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.08 20:34:18 | 2077,597,695 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.08 20:16:30 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Bjarne\Desktop\unhide.exe
[2012.06.08 20:08:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.08 20:05:00 | 000,002,800 | ---- | M] () -- C:\Users\Bjarne\Desktop\mbam-log-2012-06-08 (20-04-49) (logneu)
[2012.06.08 15:37:41 | 000,002,728 | ---- | M] () -- C:\Users\Bjarne\Desktop\log
[2012.06.06 19:02:38 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.06 19:01:57 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Bjarne\Desktop\mbam-setup-1.61.0.1400.exe
[2012.06.04 13:56:26 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Bjarne\Desktop\OTL.exe
[2012.06.04 13:55:19 | 000,000,000 | ---- | M] () -- C:\Users\Bjarne\defogger_reenable
[2012.06.04 13:54:00 | 000,050,477 | ---- | M] () -- C:\Users\Bjarne\Desktop\Defogger.exe
[2012.06.03 11:38:10 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.06.03 11:38:01 | 001,641,654 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.06.03 10:05:46 | 000,000,655 | ---- | M] () -- C:\Users\Bjarne\Desktop\Data_Recovery.lnk
[2012.06.03 09:41:02 | 000,088,480 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.06.03 09:41:01 | 000,046,400 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.05.31 18:52:13 | 000,001,059 | ---- | M] () -- C:\Windows\EPMBatch.ept
[2012.05.28 08:24:39 | 000,324,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.26 16:11:05 | 000,000,000 | ---- | M] () -- C:\Users\Bjarne\Documents\Default.rdp
[2012.05.22 19:43:36 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00001811.LCS
[2012.05.22 18:40:14 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.05.22 18:40:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.05.21 16:11:45 | 000,001,127 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.05.19 19:25:52 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2012.05.19 16:00:05 | 000,007,605 | ---- | M] () -- C:\Users\Bjarne\AppData\Local\Resmon.ResmonCfg
[2012.05.18 14:23:25 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.05.18 11:21:43 | 000,074,703 | ---- | M] () -- C:\Windows\SysWow64\mfc45.dll
[2012.05.18 10:00:18 | 000,000,000 | RH-- | M] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCCB4Z1E.mrk
[2012.05.18 10:00:18 | 000,000,000 | R--- | M] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCCB4Z1E.mrk
[2012.05.18 09:58:52 | 000,000,074 | ---- | M] () -- C:\splash.idx
[2012.05.18 09:56:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.05.18 09:56:51 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.05.18 09:56:51 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.08 20:19:30 | 000,002,534 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.06.08 20:19:30 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.06.08 20:19:30 | 000,001,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012.06.08 20:19:30 | 000,001,374 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012.06.08 20:19:30 | 000,001,305 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012.06.08 20:19:30 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2012.06.08 20:19:29 | 000,002,679 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Easy Connect.lnk
[2012.06.08 20:19:29 | 000,002,269 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk
[2012.06.08 20:19:29 | 000,002,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited - Kostenloses 180-Tage-Basis-Probeabonnement.lnk
[2012.06.08 20:19:29 | 000,002,197 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Smart Network.lnk
[2012.06.08 20:19:29 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk
[2012.06.08 20:19:29 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
[2012.06.08 20:19:29 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012.06.08 20:19:29 | 000,001,995 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Manual.lnk
[2012.06.08 20:19:29 | 000,001,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk
[2012.06.08 20:19:29 | 000,001,396 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO3DPortal.lnk
[2012.06.08 20:19:29 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Register Your VAIO.lnk
[2012.06.08 20:19:29 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2012.06.08 20:19:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.06.08 20:19:29 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2012.06.08 20:19:29 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.06.08 20:19:29 | 000,001,303 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Gallery.lnk
[2012.06.08 20:19:29 | 000,001,275 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Transfer.lnk
[2012.06.08 20:19:29 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2012.06.08 20:19:29 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.06.08 20:19:29 | 000,001,155 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
[2012.06.08 20:19:29 | 000,001,142 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.06.08 20:19:29 | 000,001,139 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMB.lnk
[2012.06.08 20:19:25 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.06.08 20:19:25 | 000,002,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 9.lnk
[2012.06.08 20:19:25 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk
[2012.06.08 20:19:25 | 000,001,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk
[2012.06.08 20:19:25 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.06.08 20:19:25 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.06.08 20:05:00 | 000,002,800 | ---- | C] () -- C:\Users\Bjarne\Desktop\mbam-log-2012-06-08 (20-04-49) (logneu)
[2012.06.08 15:37:41 | 000,002,728 | ---- | C] () -- C:\Users\Bjarne\Desktop\log
[2012.06.06 19:02:38 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.04 13:55:19 | 000,000,000 | ---- | C] () -- C:\Users\Bjarne\defogger_reenable
[2012.06.04 13:54:00 | 000,050,477 | ---- | C] () -- C:\Users\Bjarne\Desktop\Defogger.exe
[2012.06.03 11:38:10 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.06.03 11:38:04 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.06.03 10:05:46 | 000,000,655 | ---- | C] () -- C:\Users\Bjarne\Desktop\Data_Recovery.lnk
[2012.06.02 17:30:31 | 000,088,480 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
[2012.06.02 17:30:31 | 000,046,400 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
[2012.05.31 14:50:39 | 000,001,059 | ---- | C] () -- C:\Windows\EPMBatch.ept
[2012.05.31 14:47:28 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe
[2012.05.31 14:47:28 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012.05.31 14:47:28 | 000,100,232 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe
[2012.05.31 14:47:28 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012.05.31 14:47:28 | 000,016,776 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys
[2012.05.31 14:47:28 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll
[2012.05.31 14:47:28 | 000,009,096 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys
[2012.05.31 14:47:25 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012.05.31 14:47:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2012.05.31 14:47:21 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012.05.26 16:27:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.05.26 16:11:05 | 000,000,000 | ---- | C] () -- C:\Users\Bjarne\Documents\Default.rdp
[2012.05.21 16:36:19 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00001811.LCS
[2012.05.21 16:12:26 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\actskn43.ocx
[2012.05.21 16:11:45 | 000,001,127 | ---- | C] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
[2012.05.20 09:09:06 | 2077,597,695 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.19 22:32:07 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.05.19 22:32:05 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.05.19 16:00:05 | 000,007,605 | ---- | C] () -- C:\Users\Bjarne\AppData\Local\Resmon.ResmonCfg
[2012.05.18 14:23:25 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.05.18 11:21:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012.05.18 11:00:23 | 000,001,405 | ---- | C] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.05.18 10:00:39 | 000,001,439 | ---- | C] () -- C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.05.18 10:00:18 | 000,000,000 | RH-- | C] () -- C:\Windows\SysNative\drivers\104D_Sony_VPCCB4Z1E.mrk
[2012.05.18 10:00:18 | 000,000,000 | R--- | C] () -- C:\Windows\SysWow64\drivers\104D_Sony_VPCCB4Z1E.mrk
[2012.05.18 09:56:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_btath_hcrp_01009.Wdf
[2012.04.08 23:54:12 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.08 23:49:40 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2011.09.22 09:48:42 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.09.22 09:48:42 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.09.22 09:48:42 | 000,216,000 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.09.22 09:48:42 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.09.22 09:48:42 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.09.22 09:48:41 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2011.09.22 09:48:41 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2011.09.22 09:48:41 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.30 08:01:52 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.06.29 03:44:43 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.02.11 01:03:27 | 001,641,654 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2012.05.31 18:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Audacity
[2012.05.21 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\cbuenger
[2012.05.27 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.22 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\flightgear.org
[2012.05.24 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\iolo
[2012.05.22 17:20:36 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\loadtbs
[2012.05.27 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\OpenOffice.org
[2012.05.21 16:41:48 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\ProtectDISC
[2012.05.31 15:00:07 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\SoftGrid Client
[2012.05.22 18:55:40 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Subversion
[2012.05.26 16:26:12 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\TeamViewer
[2012.05.22 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Thunderbird
[2012.05.28 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\TP
[2012.05.18 18:39:54 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\WildTangent
[2012.05.22 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Windows Live Writer
[2009.07.14 07:08:49 | 000,018,890 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.05.27 21:58:25 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Adobe
[2012.05.21 16:27:08 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\ArcSoft
[2012.05.18 23:14:19 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Atheros
[2012.05.18 11:01:48 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\ATI
[2012.05.31 18:48:38 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Audacity
[2012.05.21 16:12:26 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\cbuenger
[2012.05.27 21:22:53 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.05.21 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\CyberLink
[2012.05.27 19:33:47 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Download Manager
[2012.05.22 19:19:34 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\flightgear.org
[2012.05.18 10:00:29 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Identities
[2012.05.18 11:01:03 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Intel Corporation
[2012.05.24 20:13:51 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\iolo
[2012.05.22 17:20:36 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\loadtbs
[2012.04.09 00:31:37 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Macromedia
[2012.06.06 19:02:48 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Malwarebytes
[2011.12.14 02:14:03 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Media Center Programs
[2012.05.31 15:17:36 | 000,000,000 | --SD | M] -- C:\Users\Bjarne\AppData\Roaming\Microsoft
[2012.06.02 10:12:00 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Microsoft Corporation
[2012.05.18 11:54:34 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Mozilla
[2012.05.27 20:00:53 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\OpenOffice.org
[2012.05.21 16:41:48 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\ProtectDISC
[2012.06.08 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Skype
[2012.05.31 15:00:07 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\SoftGrid Client
[2012.05.22 17:38:07 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Sony Corporation
[2012.05.22 18:55:40 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Subversion
[2012.05.26 16:26:12 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\TeamViewer
[2012.05.22 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Thunderbird
[2012.05.28 21:27:35 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\TP
[2012.05.18 18:39:54 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\WildTangent
[2012.05.22 17:39:56 | 000,000,000 | ---D | M] -- C:\Users\Bjarne\AppData\Roaming\Windows Live Writer
 
< %APPDATA%\*.exe /s >
[2012.05.22 17:20:23 | 012,697,088 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\loadtbs\ffmpeg.exe
[2012.05.22 17:20:23 | 001,243,136 | ---- | M] (InfiniAd GmbH) -- C:\Users\Bjarne\AppData\Roaming\loadtbs\uninstall.exe
[2012.05.22 17:20:23 | 000,694,784 | ---- | M] (InfiniAd GmbH) -- C:\Users\Bjarne\AppData\Roaming\loadtbs\ytdl.exe
[2012.04.09 00:31:15 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Bjarne\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.05.21 15:31:37 | 000,989,384 | ---- | M] (WildTangent) -- C:\Users\Bjarne\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe
[2012.05.21 15:31:37 | 000,000,178 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\WildTangent\WildTangent Games\App\DPConfig\InstallTouchpoints-wildgames.exe_filedata
[2012.05.04 20:23:16 | 000,571,008 | ---- | M] (WildTangent, Inc.) -- C:\Users\Bjarne\AppData\Roaming\WildTangent\WildTangent Games\App\Update\Updater.exe
 
< %SYSTEMDRIVE%\*.exe >
[2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2012.01.11 00:22:52 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\drivers\iaStor.sys
[2012.01.11 00:22:52 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_16d1c1de1eca8452\iaStor.sys
[2012.01.11 00:22:52 | 000,557,848 | ---- | M] (Intel Corporation) MD5=26CF4275034214ECEDD8EC17B0A18A99 -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_08d71942172d4761\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >
__________________
Alt 08.06.2012, 20:03   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://vaioportal.sony.eu
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://sony.msn.com [binary data]
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes\{34F380A9-A703-417B-8E26-D2B6A48E9C72}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=http://shop.ebay.de/?oemInLn=ieSrch-Q112&_nkw={searchTerms}
IE - HKU\S-1-5-21-1084989345-2395060513-280258535-1000\..\SearchScopes\{9E7686C7-9BB1-41F2-AC84-F913849EA91B}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=416c9ef5-7288-47f9-87b1-e3b33acb067b&apn_sauid=2FD55BD3-4E7C-4B72-8CF6-F649960E9275
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - user.js - File not found
[2012.05.22 17:20:36 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Bjarne\AppData\Roaming\mozilla\Firefox\Profiles\yyudgavq.default\extensions\software@loadtubes.com
[2012.06.03 13:24:32 | 000,002,344 | ---- | M] () -- C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\yyudgavq.default\searchplugins\askcom.xml
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Bjarne\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4 - HKU\S-1-5-21-1084989345-2395060513-280258535-1000..\Run: [buxSUmlTRXTbfy.exe] C:\ProgramData\buxSUmlTRXTbfy.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\Users\Bjarne\AppData\Roaming\loadtbs
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
__________________
Alt 08.06.2012, 20:17   #19
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Die OTL-Datei:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1084989345-2395060513-280258535-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{34F380A9-A703-417B-8E26-D2B6A48E9C72}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34F380A9-A703-417B-8E26-D2B6A48E9C72}\ not found.
Registry key HKEY_USERS\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9E7686C7-9BB1-41F2-AC84-F913849EA91B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9E7686C7-9BB1-41F2-AC84-F913849EA91B}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Folder C:\Users\Bjarne\AppData\Roaming\mozilla\Firefox\Profiles\yyudgavq.default\extensions\software@loadtubes.com\ not found.
File C:\Users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\yyudgavq.default\searchplugins\askcom.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ not found.
File C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}\ not found.
File C:\Users\Bjarne\AppData\Roaming\loadtbs\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1084989345-2395060513-280258535-1000\Software\Microsoft\Windows\CurrentVersion\Run\\buxSUmlTRXTbfy.exe not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
File\Folder C:\Users\Bjarne\AppData\Roaming\loadtbs not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Bjarne
->Temp folder emptied: 462896 bytes
->Temporary Internet Files folder emptied: 2765131 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 57098 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50670 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 3,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Bjarne
->Flash cache emptied: 0 bytes
 
User: Default
->Flash cache emptied: 0 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.46.0 log created on 06082012_211253

Files\Folders moved on Reboot...
C:\Users\Bjarne\AppData\Local\Temp\{F0B461FB-AA15-48D3-84A3-9267C8DCDBB5}\fpb.tmp moved successfully.
C:\Users\Bjarne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Alt 08.06.2012, 20:36   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 20:43   #21
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Hier ist die Log von Kaspersky:

Code:
ATTFilter
21:40:47.0869 7044	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
21:40:47.0915 7044	============================================================
21:40:47.0915 7044	Current date / time: 2012/06/08 21:40:47.0915
21:40:47.0915 7044	SystemInfo:
21:40:47.0915 7044	
21:40:47.0915 7044	OS Version: 6.1.7601 ServicePack: 1.0
21:40:47.0915 7044	Product type: Workstation
21:40:47.0915 7044	ComputerName: BJARNE-VAIO
21:40:47.0915 7044	UserName: Bjarne
21:40:47.0915 7044	Windows directory: C:\Windows
21:40:47.0915 7044	System windows directory: C:\Windows
21:40:47.0915 7044	Running under WOW64
21:40:47.0915 7044	Processor architecture: Intel x64
21:40:47.0915 7044	Number of processors: 4
21:40:47.0915 7044	Page size: 0x1000
21:40:47.0915 7044	Boot type: Normal boot
21:40:47.0915 7044	============================================================
21:40:48.0368 7044	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:40:48.0368 7044	============================================================
21:40:48.0368 7044	\Device\Harddisk0\DR0:
21:40:48.0368 7044	MBR partitions:
21:40:48.0368 7044	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B4C800, BlocksNum 0x32000
21:40:48.0368 7044	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B7E800, BlocksNum 0x549C2EF0
21:40:48.0368 7044	============================================================
21:40:48.0399 7044	C: <-> \Device\Harddisk0\DR0\Partition1
21:40:48.0399 7044	============================================================
21:40:48.0399 7044	Initialize success
21:40:48.0399 7044	============================================================
21:40:58.0929 7124	============================================================
21:40:58.0929 7124	Scan started
21:40:58.0929 7124	Mode: Manual; 
21:40:58.0929 7124	============================================================
21:40:59.0350 7124	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:40:59.0381 7124	1394ohci - ok
21:40:59.0506 7124	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
21:40:59.0506 7124	ACDaemon - ok
21:40:59.0600 7124	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
21:41:00.0411 7124	acedrv11 - ok
21:41:00.0458 7124	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:41:00.0458 7124	ACPI - ok
21:41:00.0473 7124	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:41:00.0473 7124	AcpiPmi - ok
21:41:00.0551 7124	AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
21:41:00.0551 7124	AdobeActiveFileMonitor9.0 - ok
21:41:00.0598 7124	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:41:00.0598 7124	AdobeARMservice - ok
21:41:00.0785 7124	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:41:00.0785 7124	AdobeFlashPlayerUpdateSvc - ok
21:41:00.0848 7124	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
21:41:00.0863 7124	adp94xx - ok
21:41:00.0895 7124	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
21:41:00.0910 7124	adpahci - ok
21:41:00.0941 7124	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
21:41:00.0941 7124	adpu320 - ok
21:41:00.0973 7124	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:41:00.0973 7124	AeLookupSvc - ok
21:41:01.0035 7124	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:41:01.0051 7124	AFD - ok
21:41:01.0082 7124	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:41:01.0082 7124	agp440 - ok
21:41:01.0097 7124	ahcbbbhf - ok
21:41:01.0144 7124	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:41:01.0144 7124	ALG - ok
21:41:01.0160 7124	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:41:01.0160 7124	aliide - ok
21:41:01.0207 7124	AMD External Events Utility (c577be3e25dd02acfbe936eb27e27d8e) C:\Windows\system32\atiesrxx.exe
21:41:01.0207 7124	AMD External Events Utility - ok
21:41:01.0238 7124	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:41:01.0238 7124	amdide - ok
21:41:01.0238 7124	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
21:41:01.0253 7124	AmdK8 - ok
21:41:01.0737 7124	amdkmdag        (2d969426b5d901fb91a3f4f94b2eb5b8) C:\Windows\system32\DRIVERS\atikmdag.sys
21:41:01.0893 7124	amdkmdag - ok
21:41:02.0049 7124	amdkmdap        (a88d7aaed436780dcf420234873f719d) C:\Windows\system32\DRIVERS\atikmpag.sys
21:41:02.0049 7124	amdkmdap - ok
21:41:02.0080 7124	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
21:41:02.0080 7124	AmdPPM - ok
21:41:02.0127 7124	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:41:02.0127 7124	amdsata - ok
21:41:02.0205 7124	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
21:41:02.0205 7124	amdsbs - ok
21:41:02.0236 7124	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:41:02.0236 7124	amdxata - ok
21:41:02.0283 7124	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:41:02.0283 7124	AppID - ok
21:41:02.0314 7124	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:41:02.0314 7124	AppIDSvc - ok
21:41:02.0330 7124	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
21:41:02.0330 7124	Appinfo - ok
21:41:02.0361 7124	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
21:41:02.0361 7124	arc - ok
21:41:02.0377 7124	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
21:41:02.0377 7124	arcsas - ok
21:41:02.0408 7124	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
21:41:02.0408 7124	ArcSoftKsUFilter - ok
21:41:02.0501 7124	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:41:02.0501 7124	aspnet_state - ok
21:41:02.0564 7124	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:41:02.0564 7124	AsyncMac - ok
21:41:02.0579 7124	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:41:02.0579 7124	atapi - ok
21:41:02.0611 7124	AthBTPort       (a434e093cd25870e5d32cb0b70c442ed) C:\Windows\system32\DRIVERS\btath_flt.sys
21:41:02.0611 7124	AthBTPort - ok
21:41:02.0704 7124	Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
21:41:02.0720 7124	Atheros Bt&Wlan Coex Agent - ok
21:41:02.0751 7124	AtherosSvc      (520ce4bc1d9c83225f1dd76d1d2f28c8) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
21:41:02.0751 7124	AtherosSvc - ok
21:41:02.0923 7124	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
21:41:02.0954 7124	athr - ok
21:41:03.0079 7124	atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
21:41:03.0094 7124	atksgt - ok
21:41:03.0188 7124	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:41:03.0188 7124	AudioEndpointBuilder - ok
21:41:03.0203 7124	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
21:41:03.0203 7124	AudioSrv - ok
21:41:03.0235 7124	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
21:41:03.0235 7124	AxInstSV - ok
21:41:03.0328 7124	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
21:41:03.0328 7124	b06bdrv - ok
21:41:03.0375 7124	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:41:03.0391 7124	b57nd60a - ok
21:41:03.0484 7124	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
21:41:03.0484 7124	BBSvc - ok
21:41:03.0531 7124	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
21:41:03.0531 7124	BBUpdate - ok
21:41:03.0562 7124	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:41:03.0562 7124	BDESVC - ok
21:41:03.0609 7124	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:41:03.0609 7124	Beep - ok
21:41:03.0687 7124	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
21:41:03.0703 7124	BFE - ok
21:41:03.0781 7124	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
21:41:03.0781 7124	BITS - ok
21:41:03.0843 7124	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:41:03.0843 7124	blbdrive - ok
21:41:03.0859 7124	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:41:03.0874 7124	bowser - ok
21:41:03.0890 7124	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
21:41:03.0890 7124	BrFiltLo - ok
21:41:03.0890 7124	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
21:41:03.0890 7124	BrFiltUp - ok
21:41:03.0921 7124	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
21:41:03.0921 7124	Browser - ok
21:41:03.0983 7124	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:41:03.0983 7124	Brserid - ok
21:41:03.0983 7124	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:41:03.0999 7124	BrSerWdm - ok
21:41:03.0999 7124	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:41:03.0999 7124	BrUsbMdm - ok
21:41:03.0999 7124	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:41:03.0999 7124	BrUsbSer - ok
21:41:04.0077 7124	BTATH_A2DP      (bc9616c9d05b4b0843ff0d8d7a003aa7) C:\Windows\system32\drivers\btath_a2dp.sys
21:41:04.0077 7124	BTATH_A2DP - ok
21:41:04.0108 7124	btath_avdt      (00a186bab2d5db4f549bcf8666d8ab39) C:\Windows\system32\drivers\btath_avdt.sys
21:41:04.0108 7124	btath_avdt - ok
21:41:04.0155 7124	BTATH_BUS       (d6ead8f45ecbede3b1adbee5f075e0e2) C:\Windows\system32\DRIVERS\btath_bus.sys
21:41:04.0155 7124	BTATH_BUS - ok
21:41:04.0249 7124	BTATH_HCRP      (557bc22d5ac7fb5dd51ad00f0a03be09) C:\Windows\system32\DRIVERS\btath_hcrp.sys
21:41:04.0264 7124	BTATH_HCRP - ok
21:41:04.0295 7124	BTATH_LWFLT     (3b9f872f1330728172d2f5abfb8a7706) C:\Windows\system32\DRIVERS\btath_lwflt.sys
21:41:04.0295 7124	BTATH_LWFLT - ok
21:41:04.0342 7124	BTATH_RCP       (4225b326514f20bab3751e532f403d1d) C:\Windows\system32\DRIVERS\btath_rcp.sys
21:41:04.0342 7124	BTATH_RCP - ok
21:41:04.0405 7124	BtFilter        (60675e839a37056ed5cbc7e00935451c) C:\Windows\system32\DRIVERS\btfilter.sys
21:41:04.0420 7124	BtFilter - ok
21:41:04.0451 7124	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
21:41:04.0467 7124	BthEnum - ok
21:41:04.0514 7124	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:41:04.0514 7124	BTHMODEM - ok
21:41:04.0529 7124	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:41:04.0529 7124	BthPan - ok
21:41:04.0592 7124	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
21:41:04.0607 7124	BTHPORT - ok
21:41:04.0639 7124	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:41:04.0639 7124	bthserv - ok
21:41:04.0654 7124	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
21:41:04.0654 7124	BTHUSB - ok
21:41:04.0701 7124	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:41:04.0701 7124	cdfs - ok
21:41:04.0732 7124	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:41:04.0748 7124	cdrom - ok
21:41:04.0779 7124	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:41:04.0779 7124	CertPropSvc - ok
21:41:04.0810 7124	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
21:41:04.0810 7124	circlass - ok
21:41:04.0857 7124	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:41:04.0873 7124	CLFS - ok
21:41:04.0966 7124	CLKMSVC10_9EC60124 (bb86f147b2a7152e4b4d71a2f0a87d41) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
21:41:04.0966 7124	CLKMSVC10_9EC60124 - ok
21:41:05.0044 7124	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:41:05.0044 7124	clr_optimization_v2.0.50727_32 - ok
21:41:05.0091 7124	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:41:05.0091 7124	clr_optimization_v2.0.50727_64 - ok
21:41:05.0153 7124	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:41:05.0169 7124	clr_optimization_v4.0.30319_32 - ok
21:41:05.0231 7124	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:41:05.0231 7124	clr_optimization_v4.0.30319_64 - ok
21:41:05.0309 7124	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:41:05.0309 7124	CmBatt - ok
21:41:05.0325 7124	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:41:05.0341 7124	cmdide - ok
21:41:05.0387 7124	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:41:05.0387 7124	CNG - ok
21:41:05.0450 7124	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:41:05.0450 7124	Compbatt - ok
21:41:05.0465 7124	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:41:05.0465 7124	CompositeBus - ok
21:41:05.0481 7124	COMSysApp - ok
21:41:05.0512 7124	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
21:41:05.0512 7124	crcdisk - ok
21:41:05.0559 7124	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
21:41:05.0559 7124	CryptSvc - ok
21:41:05.0715 7124	DCDhcpService   (a759f37e0289f5290bed9138a776b7ff) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
21:41:05.0715 7124	DCDhcpService - ok
21:41:05.0793 7124	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:41:05.0809 7124	DcomLaunch - ok
21:41:05.0855 7124	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:41:05.0871 7124	defragsvc - ok
21:41:05.0887 7124	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:41:05.0887 7124	DfsC - ok
21:41:05.0949 7124	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
21:41:05.0949 7124	Dhcp - ok
21:41:05.0996 7124	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:41:05.0996 7124	discache - ok
21:41:06.0027 7124	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
21:41:06.0027 7124	Disk - ok
21:41:06.0074 7124	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
21:41:06.0074 7124	Dnscache - ok
21:41:06.0105 7124	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
21:41:06.0105 7124	dot3svc - ok
21:41:06.0121 7124	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
21:41:06.0121 7124	DPS - ok
21:41:06.0152 7124	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:41:06.0152 7124	drmkaud - ok
21:41:06.0292 7124	DrvAgent64      (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
21:41:06.0308 7124	DrvAgent64 - ok
21:41:06.0417 7124	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:41:06.0433 7124	DXGKrnl - ok
21:41:06.0479 7124	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
21:41:06.0495 7124	e1yexpress - ok
21:41:06.0526 7124	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:41:06.0526 7124	EapHost - ok
21:41:06.0745 7124	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
21:41:06.0823 7124	ebdrv - ok
21:41:06.0901 7124	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
21:41:06.0901 7124	EFS - ok
21:41:06.0979 7124	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
21:41:07.0025 7124	ehRecvr - ok
21:41:07.0057 7124	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:41:07.0088 7124	ehSched - ok
21:41:07.0166 7124	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
21:41:07.0181 7124	elxstor - ok
21:41:07.0213 7124	epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
21:41:07.0244 7124	epmntdrv - ok
21:41:07.0259 7124	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:41:07.0259 7124	ErrDev - ok
21:41:07.0306 7124	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
21:41:07.0322 7124	EuGdiDrv - ok
21:41:07.0369 7124	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:41:07.0384 7124	EventSystem - ok
21:41:07.0415 7124	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:41:07.0415 7124	exfat - ok
21:41:07.0447 7124	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:41:07.0447 7124	fastfat - ok
21:41:07.0509 7124	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
21:41:07.0525 7124	Fax - ok
21:41:07.0556 7124	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
21:41:07.0556 7124	fdc - ok
21:41:07.0587 7124	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:41:07.0587 7124	fdPHost - ok
21:41:07.0603 7124	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:41:07.0603 7124	FDResPub - ok
21:41:07.0618 7124	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:41:07.0618 7124	FileInfo - ok
21:41:07.0634 7124	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:41:07.0634 7124	Filetrace - ok
21:41:07.0665 7124	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
21:41:07.0665 7124	flpydisk - ok
21:41:07.0712 7124	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:41:07.0712 7124	FltMgr - ok
21:41:07.0805 7124	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
21:41:07.0837 7124	FontCache - ok
21:41:07.0883 7124	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:41:07.0883 7124	FontCache3.0.0.0 - ok
21:41:07.0930 7124	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:41:07.0946 7124	FsDepends - ok
21:41:07.0977 7124	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
21:41:07.0977 7124	Fs_Rec - ok
21:41:08.0024 7124	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:41:08.0024 7124	fvevol - ok
21:41:08.0055 7124	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
21:41:08.0055 7124	gagp30kx - ok
21:41:08.0211 7124	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
21:41:08.0211 7124	GamesAppService - ok
21:41:08.0305 7124	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
21:41:08.0320 7124	gpsvc - ok
21:41:08.0383 7124	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:08.0383 7124	gupdate - ok
21:41:08.0383 7124	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:41:08.0383 7124	gupdatem - ok
21:41:08.0429 7124	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:41:08.0429 7124	hcw85cir - ok
21:41:08.0476 7124	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:41:08.0476 7124	HdAudAddService - ok
21:41:08.0507 7124	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:41:08.0507 7124	HDAudBus - ok
21:41:08.0539 7124	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
21:41:08.0539 7124	HidBatt - ok
21:41:08.0539 7124	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
21:41:08.0539 7124	HidBth - ok
21:41:08.0570 7124	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
21:41:08.0570 7124	HidIr - ok
21:41:08.0601 7124	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
21:41:08.0601 7124	hidserv - ok
21:41:08.0632 7124	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
21:41:08.0632 7124	HidUsb - ok
21:41:08.0663 7124	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
21:41:08.0663 7124	hkmsvc - ok
21:41:08.0679 7124	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
21:41:08.0679 7124	HomeGroupListener - ok
21:41:08.0726 7124	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
21:41:08.0726 7124	HomeGroupProvider - ok
21:41:08.0757 7124	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:41:08.0757 7124	HpSAMD - ok
21:41:08.0819 7124	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:41:08.0819 7124	HTTP - ok
21:41:08.0835 7124	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:41:08.0835 7124	hwpolicy - ok
21:41:08.0851 7124	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:41:08.0851 7124	i8042prt - ok
21:41:08.0913 7124	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
21:41:08.0929 7124	iaStor - ok
21:41:09.0022 7124	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:41:09.0022 7124	IAStorDataMgrSvc - ok
21:41:09.0085 7124	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:41:09.0100 7124	iaStorV - ok
21:41:09.0225 7124	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:41:09.0241 7124	idsvc - ok
21:41:09.0287 7124	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
21:41:09.0287 7124	iirsp - ok
21:41:09.0350 7124	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
21:41:09.0365 7124	IKEEXT - ok
21:41:09.0662 7124	IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
21:41:09.0693 7124	IntcAzAudAddService - ok
21:41:09.0818 7124	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:41:09.0818 7124	IntcDAud - ok
21:41:09.0849 7124	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:41:09.0849 7124	intelide - ok
21:41:10.0520 7124	intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
21:41:10.0754 7124	intelkmd - ok
21:41:10.0863 7124	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:41:10.0863 7124	intelppm - ok
21:41:10.0894 7124	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:41:10.0894 7124	IPBusEnum - ok
21:41:10.0925 7124	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:41:10.0925 7124	IpFilterDriver - ok
21:41:10.0988 7124	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
21:41:10.0988 7124	iphlpsvc - ok
21:41:11.0019 7124	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:41:11.0019 7124	IPMIDRV - ok
21:41:11.0035 7124	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:41:11.0035 7124	IPNAT - ok
21:41:11.0081 7124	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:41:11.0081 7124	IRENUM - ok
21:41:11.0081 7124	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:41:11.0081 7124	isapnp - ok
21:41:11.0113 7124	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:41:11.0113 7124	iScsiPrt - ok
21:41:11.0144 7124	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:41:11.0144 7124	kbdclass - ok
21:41:11.0159 7124	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:41:11.0175 7124	kbdhid - ok
21:41:11.0191 7124	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:41:11.0191 7124	KeyIso - ok
21:41:11.0191 7124	kgufxcjt - ok
21:41:11.0206 7124	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:41:11.0206 7124	KSecDD - ok
21:41:11.0222 7124	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:41:11.0222 7124	KSecPkg - ok
21:41:11.0237 7124	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:41:11.0237 7124	ksthunk - ok
21:41:11.0284 7124	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:41:11.0300 7124	KtmRm - ok
21:41:11.0347 7124	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:41:11.0347 7124	L1C - ok
21:41:11.0393 7124	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
21:41:11.0409 7124	LanmanServer - ok
21:41:11.0440 7124	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
21:41:11.0440 7124	LanmanWorkstation - ok
21:41:11.0503 7124	lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
21:41:11.0503 7124	lirsgt - ok
21:41:11.0534 7124	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:41:11.0534 7124	lltdio - ok
21:41:11.0581 7124	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:41:11.0581 7124	lltdsvc - ok
21:41:11.0596 7124	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:41:11.0596 7124	lmhosts - ok
21:41:11.0690 7124	LMS             (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:41:11.0690 7124	LMS - ok
21:41:11.0737 7124	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
21:41:11.0737 7124	LSI_FC - ok
21:41:11.0752 7124	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
21:41:11.0752 7124	LSI_SAS - ok
21:41:11.0752 7124	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
21:41:11.0752 7124	LSI_SAS2 - ok
21:41:11.0768 7124	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
21:41:11.0768 7124	LSI_SCSI - ok
21:41:11.0783 7124	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:41:11.0783 7124	luafv - ok
21:41:11.0799 7124	MBAMProtector - ok
21:41:11.0877 7124	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:41:11.0893 7124	MBAMService - ok
21:41:11.0908 7124	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
21:41:11.0908 7124	Mcx2Svc - ok
21:41:11.0939 7124	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
21:41:11.0939 7124	megasas - ok
21:41:11.0955 7124	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
21:41:11.0955 7124	MegaSR - ok
21:41:12.0002 7124	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
21:41:12.0002 7124	MEIx64 - ok
21:41:12.0033 7124	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:41:12.0033 7124	MMCSS - ok
21:41:12.0064 7124	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:41:12.0064 7124	Modem - ok
21:41:12.0095 7124	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:41:12.0095 7124	monitor - ok
21:41:12.0111 7124	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:41:12.0111 7124	mouclass - ok
21:41:12.0142 7124	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:41:12.0142 7124	mouhid - ok
21:41:12.0205 7124	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:41:12.0205 7124	mountmgr - ok
21:41:12.0283 7124	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:41:12.0283 7124	MozillaMaintenance - ok
21:41:12.0329 7124	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
21:41:12.0345 7124	MpFilter - ok
21:41:12.0361 7124	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:41:12.0361 7124	mpio - ok
21:41:12.0392 7124	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:41:12.0392 7124	mpsdrv - ok
21:41:12.0470 7124	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
21:41:12.0485 7124	MpsSvc - ok
21:41:12.0517 7124	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:41:12.0517 7124	MRxDAV - ok
21:41:12.0532 7124	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:41:12.0532 7124	mrxsmb - ok
21:41:12.0563 7124	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:41:12.0563 7124	mrxsmb10 - ok
21:41:12.0579 7124	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:41:12.0579 7124	mrxsmb20 - ok
21:41:12.0595 7124	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:41:12.0595 7124	msahci - ok
21:41:12.0595 7124	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:41:12.0610 7124	msdsm - ok
21:41:12.0641 7124	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:41:12.0641 7124	MSDTC - ok
21:41:12.0673 7124	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:41:12.0673 7124	Msfs - ok
21:41:12.0688 7124	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:41:12.0688 7124	mshidkmdf - ok
21:41:12.0704 7124	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:41:12.0704 7124	msisadrv - ok
21:41:12.0751 7124	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:41:12.0751 7124	MSiSCSI - ok
21:41:12.0751 7124	msiserver - ok
21:41:12.0782 7124	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:41:12.0782 7124	MSKSSRV - ok
21:41:12.0860 7124	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:41:12.0860 7124	MsMpSvc - ok
21:41:12.0891 7124	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:41:12.0891 7124	MSPCLOCK - ok
21:41:12.0891 7124	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:41:12.0891 7124	MSPQM - ok
21:41:12.0953 7124	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:41:12.0953 7124	MsRPC - ok
21:41:12.0969 7124	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:41:12.0969 7124	mssmbios - ok
21:41:12.0969 7124	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:41:12.0969 7124	MSTEE - ok
21:41:12.0969 7124	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
21:41:12.0985 7124	MTConfig - ok
21:41:13.0016 7124	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:41:13.0016 7124	Mup - ok
21:41:13.0078 7124	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
21:41:13.0094 7124	napagent - ok
21:41:13.0141 7124	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:41:13.0141 7124	NativeWifiP - ok
21:41:13.0234 7124	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:41:13.0250 7124	NDIS - ok
21:41:13.0281 7124	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:41:13.0281 7124	NdisCap - ok
21:41:13.0297 7124	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:41:13.0312 7124	NdisTapi - ok
21:41:13.0328 7124	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:41:13.0328 7124	Ndisuio - ok
21:41:13.0343 7124	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:41:13.0343 7124	NdisWan - ok
21:41:13.0359 7124	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:41:13.0359 7124	NDProxy - ok
21:41:13.0375 7124	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:41:13.0375 7124	NetBIOS - ok
21:41:13.0390 7124	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:41:13.0390 7124	NetBT - ok
21:41:13.0406 7124	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:41:13.0406 7124	Netlogon - ok
21:41:13.0453 7124	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:41:13.0468 7124	Netman - ok
21:41:13.0546 7124	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:41:13.0546 7124	NetMsmqActivator - ok
21:41:13.0546 7124	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:41:13.0562 7124	NetPipeActivator - ok
21:41:13.0609 7124	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:41:13.0609 7124	netprofm - ok
21:41:13.0609 7124	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:41:13.0609 7124	NetTcpActivator - ok
21:41:13.0609 7124	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:41:13.0624 7124	NetTcpPortSharing - ok
21:41:13.0671 7124	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
21:41:13.0671 7124	nfrd960 - ok
21:41:13.0733 7124	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
21:41:13.0733 7124	NisDrv - ok
21:41:13.0827 7124	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
21:41:13.0843 7124	NisSrv - ok
21:41:13.0905 7124	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
21:41:13.0905 7124	NlaSvc - ok
21:41:13.0936 7124	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:41:13.0936 7124	Npfs - ok
21:41:13.0967 7124	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:41:13.0967 7124	nsi - ok
21:41:13.0967 7124	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:41:13.0967 7124	nsiproxy - ok
21:41:14.0092 7124	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:41:14.0108 7124	Ntfs - ok
21:41:14.0217 7124	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:41:14.0217 7124	Null - ok
21:41:14.0279 7124	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:41:14.0295 7124	nusb3hub - ok
21:41:14.0311 7124	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:41:14.0311 7124	nusb3xhc - ok
21:41:14.0935 7124	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:41:15.0137 7124	nvlddmkm - ok
21:41:15.0247 7124	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:41:15.0247 7124	nvraid - ok
21:41:15.0293 7124	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:41:15.0293 7124	nvstor - ok
21:41:15.0340 7124	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:41:15.0356 7124	nv_agp - ok
21:41:15.0356 7124	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:41:15.0356 7124	ohci1394 - ok
21:41:15.0403 7124	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:41:15.0418 7124	p2pimsvc - ok
21:41:15.0449 7124	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:41:15.0449 7124	p2psvc - ok
21:41:15.0481 7124	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
21:41:15.0496 7124	Parport - ok
21:41:15.0512 7124	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
21:41:15.0527 7124	partmgr - ok
21:41:15.0559 7124	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:41:15.0559 7124	PcaSvc - ok
21:41:15.0605 7124	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:41:15.0605 7124	pci - ok
21:41:15.0621 7124	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:41:15.0621 7124	pciide - ok
21:41:15.0637 7124	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
21:41:15.0637 7124	pcmcia - ok
21:41:15.0637 7124	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:41:15.0652 7124	pcw - ok
21:41:15.0668 7124	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:41:15.0683 7124	PEAUTH - ok
21:41:15.0746 7124	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:41:15.0761 7124	PerfHost - ok
21:41:15.0902 7124	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
21:41:15.0933 7124	pla - ok
21:41:16.0011 7124	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
21:41:16.0011 7124	PlugPlay - ok
21:41:16.0151 7124	PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
21:41:16.0151 7124	PMBDeviceInfoProvider - ok
21:41:16.0214 7124	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:41:16.0214 7124	PNRPAutoReg - ok
21:41:16.0245 7124	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:41:16.0261 7124	PNRPsvc - ok
21:41:16.0307 7124	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
21:41:16.0307 7124	PolicyAgent - ok
21:41:16.0354 7124	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:41:16.0354 7124	Power - ok
21:41:16.0417 7124	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:41:16.0417 7124	PptpMiniport - ok
21:41:16.0448 7124	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
21:41:16.0448 7124	Processor - ok
21:41:16.0479 7124	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
21:41:16.0495 7124	ProfSvc - ok
21:41:16.0510 7124	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:41:16.0510 7124	ProtectedStorage - ok
21:41:16.0557 7124	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:41:16.0557 7124	Psched - ok
21:41:16.0604 7124	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
21:41:16.0619 7124	PxHlpa64 - ok
21:41:16.0729 7124	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
21:41:16.0744 7124	ql2300 - ok
21:41:16.0853 7124	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
21:41:16.0853 7124	ql40xx - ok
21:41:16.0900 7124	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:41:16.0900 7124	QWAVE - ok
21:41:16.0931 7124	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:41:16.0931 7124	QWAVEdrv - ok
21:41:16.0947 7124	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:41:16.0947 7124	RasAcd - ok
21:41:16.0994 7124	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:41:16.0994 7124	RasAgileVpn - ok
21:41:17.0009 7124	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:41:17.0025 7124	RasAuto - ok
21:41:17.0056 7124	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:41:17.0056 7124	Rasl2tp - ok
21:41:17.0087 7124	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
21:41:17.0103 7124	RasMan - ok
21:41:17.0134 7124	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:41:17.0134 7124	RasPppoe - ok
21:41:17.0150 7124	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:41:17.0150 7124	RasSstp - ok
21:41:17.0165 7124	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:41:17.0181 7124	rdbss - ok
21:41:17.0197 7124	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
21:41:17.0197 7124	rdpbus - ok
21:41:17.0212 7124	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:41:17.0212 7124	RDPCDD - ok
21:41:17.0212 7124	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:41:17.0212 7124	RDPENCDD - ok
21:41:17.0243 7124	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:41:17.0243 7124	RDPREFMP - ok
21:41:17.0275 7124	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
21:41:17.0290 7124	RDPWD - ok
21:41:17.0321 7124	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:41:17.0321 7124	rdyboost - ok
21:41:17.0368 7124	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:41:17.0368 7124	RemoteAccess - ok
21:41:17.0399 7124	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:41:17.0399 7124	RemoteRegistry - ok
21:41:17.0431 7124	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:41:17.0446 7124	RFCOMM - ok
21:41:17.0462 7124	rimspci         (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
21:41:17.0477 7124	rimspci - ok
21:41:17.0493 7124	risdsnpe        (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
21:41:17.0493 7124	risdsnpe - ok
21:41:17.0524 7124	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:41:17.0524 7124	RpcEptMapper - ok
21:41:17.0555 7124	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:41:17.0555 7124	RpcLocator - ok
21:41:17.0602 7124	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
21:41:17.0602 7124	RpcSs - ok
21:41:17.0633 7124	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:41:17.0649 7124	rspndr - ok
21:41:17.0680 7124	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:41:17.0680 7124	SamSs - ok
21:41:17.0696 7124	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:41:17.0696 7124	sbp2port - ok
21:41:17.0743 7124	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:41:17.0743 7124	SCardSvr - ok
21:41:17.0774 7124	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:41:17.0774 7124	scfilter - ok
21:41:17.0852 7124	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
21:41:17.0852 7124	Schedule - ok
21:41:17.0899 7124	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
21:41:17.0899 7124	SCPolicySvc - ok
21:41:17.0930 7124	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
21:41:17.0930 7124	sdbus - ok
21:41:17.0961 7124	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
21:41:17.0961 7124	SDRSVC - ok
21:41:17.0977 7124	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:41:17.0992 7124	secdrv - ok
21:41:18.0008 7124	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
21:41:18.0008 7124	seclogon - ok
21:41:18.0023 7124	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
21:41:18.0023 7124	SENS - ok
21:41:18.0070 7124	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:41:18.0070 7124	SensrSvc - ok
21:41:18.0101 7124	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
21:41:18.0101 7124	Serenum - ok
21:41:18.0117 7124	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
21:41:18.0117 7124	Serial - ok
21:41:18.0133 7124	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
21:41:18.0133 7124	sermouse - ok
21:41:18.0179 7124	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
21:41:18.0179 7124	SessionEnv - ok
21:41:18.0195 7124	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
21:41:18.0195 7124	SFEP - ok
21:41:18.0211 7124	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:41:18.0211 7124	sffdisk - ok
21:41:18.0242 7124	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:41:18.0242 7124	sffp_mmc - ok
21:41:18.0242 7124	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:41:18.0242 7124	sffp_sd - ok
21:41:18.0257 7124	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
21:41:18.0257 7124	sfloppy - ok
21:41:18.0304 7124	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:41:18.0304 7124	SharedAccess - ok
21:41:18.0367 7124	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
21:41:18.0367 7124	ShellHWDetection - ok
21:41:18.0382 7124	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
21:41:18.0382 7124	SiSRaid2 - ok
21:41:18.0413 7124	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
21:41:18.0413 7124	SiSRaid4 - ok
21:41:18.0476 7124	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:41:18.0476 7124	SkypeUpdate - ok
21:41:18.0507 7124	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:41:18.0507 7124	Smb - ok
21:41:18.0569 7124	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:41:18.0569 7124	SNMPTRAP - ok
21:41:18.0663 7124	SOHCImp         (4aea7a1c3ca06d95d6966c34d13c0d8b) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
21:41:18.0679 7124	SOHCImp - ok
21:41:18.0710 7124	SOHDs           (16fd95781117e13107d477ae36219e6f) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
21:41:18.0710 7124	SOHDs - ok
21:41:18.0819 7124	SpfService      (c03e480e63a80d73fabe28d24d3b6b47) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
21:41:18.0819 7124	SpfService - ok
21:41:18.0866 7124	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:41:18.0866 7124	spldr - ok
21:41:18.0928 7124	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
21:41:18.0944 7124	Spooler - ok
21:41:19.0147 7124	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
21:41:19.0209 7124	sppsvc - ok
21:41:19.0303 7124	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:41:19.0303 7124	sppuinotify - ok
21:41:19.0396 7124	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:41:19.0412 7124	srv - ok
21:41:19.0427 7124	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:41:19.0427 7124	srv2 - ok
21:41:19.0443 7124	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:41:19.0443 7124	srvnet - ok
21:41:19.0490 7124	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:41:19.0490 7124	SSDPSRV - ok
21:41:19.0505 7124	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:41:19.0505 7124	SstpSvc - ok
21:41:19.0537 7124	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
21:41:19.0537 7124	stexstor - ok
21:41:19.0599 7124	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
21:41:19.0615 7124	stisvc - ok
21:41:19.0630 7124	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:41:19.0630 7124	swenum - ok
21:41:19.0693 7124	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:41:19.0708 7124	swprv - ok
21:41:19.0817 7124	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
21:41:19.0833 7124	SynTP - ok
21:41:20.0020 7124	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
21:41:20.0036 7124	SysMain - ok
21:41:20.0129 7124	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
21:41:20.0129 7124	TabletInputService - ok
21:41:20.0192 7124	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
21:41:20.0192 7124	TapiSrv - ok
21:41:20.0223 7124	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:41:20.0239 7124	TBS - ok
21:41:20.0379 7124	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
21:41:20.0410 7124	Tcpip - ok
21:41:20.0613 7124	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
21:41:20.0629 7124	TCPIP6 - ok
21:41:20.0738 7124	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:41:20.0753 7124	tcpipreg - ok
21:41:20.0769 7124	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:41:20.0769 7124	TDPIPE - ok
21:41:20.0800 7124	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
21:41:20.0800 7124	TDTCP - ok
21:41:20.0816 7124	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:41:20.0816 7124	tdx - ok
21:41:21.0034 7124	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
21:41:21.0050 7124	TeamViewer7 - ok
21:41:21.0159 7124	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
21:41:21.0159 7124	TermDD - ok
21:41:21.0237 7124	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
21:41:21.0253 7124	TermService - ok
21:41:21.0268 7124	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:41:21.0268 7124	Themes - ok
21:41:21.0299 7124	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:41:21.0299 7124	THREADORDER - ok
21:41:21.0331 7124	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:41:21.0331 7124	TrkWks - ok
21:41:21.0377 7124	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
21:41:21.0409 7124	TrustedInstaller - ok
21:41:21.0424 7124	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:41:21.0424 7124	tssecsrv - ok
21:41:21.0440 7124	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:41:21.0440 7124	TsUsbFlt - ok
21:41:21.0455 7124	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
21:41:21.0455 7124	TsUsbGD - ok
21:41:21.0502 7124	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:41:21.0502 7124	tunnel - ok
21:41:21.0518 7124	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
21:41:21.0518 7124	uagp35 - ok
21:41:21.0580 7124	uCamMonitor     (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
21:41:21.0580 7124	uCamMonitor - ok
21:41:21.0611 7124	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:41:21.0627 7124	udfs - ok
21:41:21.0658 7124	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:41:21.0658 7124	UI0Detect - ok
21:41:21.0705 7124	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:41:21.0705 7124	uliagpkx - ok
21:41:21.0721 7124	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
21:41:21.0736 7124	umbus - ok
21:41:21.0767 7124	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
21:41:21.0767 7124	UmPass - ok
21:41:21.0955 7124	UNS             (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
21:41:21.0986 7124	UNS - ok
21:41:22.0095 7124	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:41:22.0095 7124	upnphost - ok
21:41:22.0173 7124	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:41:22.0173 7124	usbccgp - ok
21:41:22.0204 7124	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:41:22.0204 7124	usbcir - ok
21:41:22.0204 7124	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:41:22.0220 7124	usbehci - ok
21:41:22.0267 7124	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:41:22.0267 7124	usbhub - ok
21:41:22.0282 7124	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:41:22.0282 7124	usbohci - ok
21:41:22.0313 7124	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
21:41:22.0313 7124	usbprint - ok
21:41:22.0329 7124	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:41:22.0329 7124	USBSTOR - ok
21:41:22.0345 7124	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:41:22.0345 7124	usbuhci - ok
21:41:22.0376 7124	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
21:41:22.0376 7124	usbvideo - ok
21:41:22.0423 7124	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:41:22.0423 7124	UxSms - ok
21:41:22.0516 7124	VAIO Event Service (203fd19d70549a2939e1ae3a36608151) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
21:41:22.0516 7124	VAIO Event Service - ok
21:41:22.0641 7124	VAIO Power Management (63dd41d4c6f5fd59beb08c88292ca76a) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
21:41:22.0641 7124	VAIO Power Management - ok
21:41:22.0672 7124	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
21:41:22.0672 7124	VaultSvc - ok
21:41:22.0797 7124	VCFw            (24f7e301defd05f3e36a8b76f498c282) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
21:41:22.0813 7124	VCFw - ok
21:41:22.0922 7124	VcmIAlzMgr      (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
21:41:22.0922 7124	VcmIAlzMgr - ok
21:41:22.0969 7124	VcmINSMgr       (c350d9b371d28c551bc661f3baf1a109) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
21:41:22.0969 7124	VcmINSMgr - ok
21:41:23.0047 7124	VcmXmlIfHelper  (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
21:41:23.0062 7124	VcmXmlIfHelper - ok
21:41:23.0109 7124	VCService       (d076011ecd0d1310e879f32ebf3b4886) C:\Program Files\Sony\VAIO Care\VCService.exe
21:41:23.0125 7124	VCService - ok
21:41:23.0234 7124	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:41:23.0234 7124	vdrvroot - ok
21:41:23.0296 7124	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
21:41:23.0312 7124	vds - ok
21:41:23.0343 7124	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:41:23.0343 7124	vga - ok
21:41:23.0359 7124	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:41:23.0359 7124	VgaSave - ok
21:41:23.0374 7124	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:41:23.0374 7124	vhdmp - ok
21:41:23.0390 7124	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:41:23.0390 7124	viaide - ok
21:41:23.0437 7124	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:41:23.0437 7124	volmgr - ok
21:41:23.0452 7124	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:41:23.0468 7124	volmgrx - ok
21:41:23.0483 7124	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:41:23.0483 7124	volsnap - ok
21:41:23.0515 7124	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
21:41:23.0515 7124	vsmraid - ok
21:41:23.0686 7124	VSNService      (6b427ef11b77646e7e3eefb2c4870191) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
21:41:23.0702 7124	VSNService - ok
21:41:23.0811 7124	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
21:41:23.0827 7124	VSS - ok
21:41:24.0014 7124	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
21:41:24.0029 7124	VUAgent - ok
21:41:24.0139 7124	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:41:24.0154 7124	vwifibus - ok
21:41:24.0154 7124	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:41:24.0154 7124	vwififlt - ok
21:41:24.0185 7124	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:41:24.0185 7124	vwifimp - ok
21:41:24.0232 7124	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:41:24.0248 7124	W32Time - ok
21:41:24.0263 7124	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
21:41:24.0263 7124	WacomPen - ok
21:41:24.0310 7124	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:24.0310 7124	WANARP - ok
21:41:24.0310 7124	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:41:24.0310 7124	Wanarpv6 - ok
21:41:24.0419 7124	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
21:41:24.0435 7124	wbengine - ok
21:41:24.0560 7124	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:41:24.0560 7124	WbioSrvc - ok
21:41:24.0591 7124	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
21:41:24.0607 7124	wcncsvc - ok
21:41:24.0607 7124	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:41:24.0607 7124	WcsPlugInService - ok
21:41:24.0653 7124	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
21:41:24.0653 7124	Wd - ok
21:41:24.0716 7124	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:41:24.0731 7124	Wdf01000 - ok
21:41:24.0747 7124	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:41:24.0747 7124	WdiServiceHost - ok
21:41:24.0747 7124	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:41:24.0763 7124	WdiSystemHost - ok
21:41:24.0778 7124	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
21:41:24.0778 7124	WebClient - ok
21:41:24.0794 7124	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:41:24.0794 7124	Wecsvc - ok
21:41:24.0825 7124	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:41:24.0825 7124	wercplsupport - ok
21:41:24.0841 7124	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:41:24.0841 7124	WerSvc - ok
21:41:24.0903 7124	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:41:24.0903 7124	WfpLwf - ok
21:41:24.0919 7124	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:41:24.0919 7124	WIMMount - ok
21:41:24.0950 7124	WinDefend - ok
21:41:24.0965 7124	WinHttpAutoProxySvc - ok
21:41:25.0028 7124	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:41:25.0059 7124	Winmgmt - ok
21:41:25.0184 7124	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
21:41:25.0215 7124	WinRM - ok
21:41:25.0371 7124	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:41:25.0387 7124	Wlansvc - ok
21:41:25.0465 7124	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:41:25.0465 7124	wlcrasvc - ok
21:41:25.0636 7124	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:41:25.0652 7124	wlidsvc - ok
21:41:25.0730 7124	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:41:25.0730 7124	WmiAcpi - ok
21:41:25.0792 7124	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:41:25.0839 7124	wmiApSrv - ok
21:41:25.0870 7124	WMPNetworkSvc - ok
21:41:25.0901 7124	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:41:25.0901 7124	WPCSvc - ok
21:41:25.0933 7124	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
21:41:25.0933 7124	WPDBusEnum - ok
21:41:25.0964 7124	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:41:25.0964 7124	ws2ifsl - ok
21:41:25.0995 7124	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
21:41:26.0011 7124	wscsvc - ok
21:41:26.0011 7124	WSearch - ok
21:41:26.0167 7124	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
21:41:26.0213 7124	wuauserv - ok
21:41:26.0338 7124	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:41:26.0338 7124	WudfPf - ok
21:41:26.0369 7124	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:41:26.0369 7124	WUDFRd - ok
21:41:26.0401 7124	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
21:41:26.0401 7124	wudfsvc - ok
21:41:26.0432 7124	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:41:26.0432 7124	WwanSvc - ok
21:41:26.0479 7124	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:41:26.0525 7124	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected
21:41:26.0525 7124	\Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)
21:41:26.0572 7124	Boot (0x1200)   (da401678e94c13280d73877d5238867c) \Device\Harddisk0\DR0\Partition0
21:41:26.0572 7124	\Device\Harddisk0\DR0\Partition0 - ok
21:41:26.0588 7124	Boot (0x1200)   (6fc4bfdd26c7a60e02c71cb1b1c056a0) \Device\Harddisk0\DR0\Partition1
21:41:26.0588 7124	\Device\Harddisk0\DR0\Partition1 - ok
21:41:26.0588 7124	============================================================
21:41:26.0588 7124	Scan finished
21:41:26.0588 7124	============================================================
21:41:26.0603 7116	Detected object count: 1
21:41:26.0603 7116	Actual detected object count: 1
21:42:26.0779 7116	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
21:42:26.0779 7116	\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Skip
lg Banane

Alt 08.06.2012, 21:11   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Zitat:
\Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - skipped by user
Das Rootkit.Boot.SST.b bitte mit dem TDSS-Killer löschen lassen, starte Windows danach neu und mach ein neues Log mit diesem Tool. Poste es wieder mit CODE-Tags umschlossen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 21:21   #23
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Ich habe die Datei jezt löschen lassen, und hier ist die Log:

Code:
ATTFilter
22:16:35.0859 5836	TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
22:16:36.0046 5836	============================================================
22:16:36.0046 5836	Current date / time: 2012/06/08 22:16:36.0046
22:16:36.0046 5836	SystemInfo:
22:16:36.0046 5836	
22:16:36.0046 5836	OS Version: 6.1.7601 ServicePack: 1.0
22:16:36.0046 5836	Product type: Workstation
22:16:36.0046 5836	ComputerName: BJARNE-VAIO
22:16:36.0062 5836	UserName: Bjarne
22:16:36.0062 5836	Windows directory: C:\Windows
22:16:36.0062 5836	System windows directory: C:\Windows
22:16:36.0062 5836	Running under WOW64
22:16:36.0062 5836	Processor architecture: Intel x64
22:16:36.0062 5836	Number of processors: 4
22:16:36.0062 5836	Page size: 0x1000
22:16:36.0062 5836	Boot type: Normal boot
22:16:36.0062 5836	============================================================
22:16:36.0577 5836	Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:16:36.0592 5836	============================================================
22:16:36.0592 5836	\Device\Harddisk0\DR0:
22:16:36.0592 5836	MBR partitions:
22:16:36.0592 5836	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B4C800, BlocksNum 0x32000
22:16:36.0592 5836	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2B7E800, BlocksNum 0x549C2EF0
22:16:36.0592 5836	============================================================
22:16:36.0639 5836	C: <-> \Device\Harddisk0\DR0\Partition1
22:16:36.0639 5836	============================================================
22:16:36.0639 5836	Initialize success
22:16:36.0639 5836	============================================================
22:16:46.0374 5196	============================================================
22:16:46.0374 5196	Scan started
22:16:46.0374 5196	Mode: Manual; 
22:16:46.0374 5196	============================================================
22:16:47.0044 5196	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
22:16:47.0060 5196	1394ohci - ok
22:16:47.0263 5196	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
22:16:47.0263 5196	ACDaemon - ok
22:16:47.0481 5196	acedrv11        (a3769020f7e8a70fd3e824c050f33306) C:\Windows\system32\drivers\acedrv11.sys
22:16:48.0277 5196	acedrv11 - ok
22:16:48.0339 5196	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
22:16:48.0355 5196	ACPI - ok
22:16:48.0370 5196	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
22:16:48.0370 5196	AcpiPmi - ok
22:16:48.0448 5196	AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
22:16:48.0448 5196	AdobeActiveFileMonitor9.0 - ok
22:16:48.0526 5196	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:16:48.0526 5196	AdobeARMservice - ok
22:16:48.0714 5196	AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:16:48.0714 5196	AdobeFlashPlayerUpdateSvc - ok
22:16:48.0807 5196	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
22:16:48.0823 5196	adp94xx - ok
22:16:48.0854 5196	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
22:16:48.0870 5196	adpahci - ok
22:16:48.0885 5196	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
22:16:48.0885 5196	adpu320 - ok
22:16:48.0932 5196	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:16:48.0932 5196	AeLookupSvc - ok
22:16:49.0010 5196	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
22:16:49.0010 5196	AFD - ok
22:16:49.0057 5196	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
22:16:49.0057 5196	agp440 - ok
22:16:49.0072 5196	ahcbbbhf - ok
22:16:49.0119 5196	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:16:49.0119 5196	ALG - ok
22:16:49.0150 5196	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
22:16:49.0150 5196	aliide - ok
22:16:49.0197 5196	AMD External Events Utility (c577be3e25dd02acfbe936eb27e27d8e) C:\Windows\system32\atiesrxx.exe
22:16:49.0197 5196	AMD External Events Utility - ok
22:16:49.0228 5196	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
22:16:49.0228 5196	amdide - ok
22:16:49.0244 5196	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
22:16:49.0244 5196	AmdK8 - ok
22:16:49.0759 5196	amdkmdag        (2d969426b5d901fb91a3f4f94b2eb5b8) C:\Windows\system32\DRIVERS\atikmdag.sys
22:16:49.0930 5196	amdkmdag - ok
22:16:50.0086 5196	amdkmdap        (a88d7aaed436780dcf420234873f719d) C:\Windows\system32\DRIVERS\atikmpag.sys
22:16:50.0102 5196	amdkmdap - ok
22:16:50.0118 5196	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
22:16:50.0118 5196	AmdPPM - ok
22:16:50.0164 5196	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
22:16:50.0180 5196	amdsata - ok
22:16:50.0227 5196	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
22:16:50.0227 5196	amdsbs - ok
22:16:50.0274 5196	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
22:16:50.0274 5196	amdxata - ok
22:16:50.0320 5196	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
22:16:50.0320 5196	AppID - ok
22:16:50.0352 5196	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:16:50.0352 5196	AppIDSvc - ok
22:16:50.0367 5196	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
22:16:50.0367 5196	Appinfo - ok
22:16:50.0398 5196	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
22:16:50.0398 5196	arc - ok
22:16:50.0414 5196	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
22:16:50.0414 5196	arcsas - ok
22:16:50.0445 5196	ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
22:16:50.0461 5196	ArcSoftKsUFilter - ok
22:16:50.0554 5196	aspnet_state    (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:16:50.0601 5196	aspnet_state - ok
22:16:50.0648 5196	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:16:50.0648 5196	AsyncMac - ok
22:16:50.0664 5196	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
22:16:50.0664 5196	atapi - ok
22:16:50.0710 5196	AthBTPort       (a434e093cd25870e5d32cb0b70c442ed) C:\Windows\system32\DRIVERS\btath_flt.sys
22:16:50.0710 5196	AthBTPort - ok
22:16:50.0820 5196	Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
22:16:50.0820 5196	Atheros Bt&Wlan Coex Agent - ok
22:16:50.0851 5196	AtherosSvc      (520ce4bc1d9c83225f1dd76d1d2f28c8) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
22:16:50.0866 5196	AtherosSvc - ok
22:16:51.0132 5196	athr            (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
22:16:51.0163 5196	athr - ok
22:16:51.0303 5196	atksgt          (b4bde3f758a34658a37dfed3d9783cd8) C:\Windows\system32\DRIVERS\atksgt.sys
22:16:51.0303 5196	atksgt - ok
22:16:51.0397 5196	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:16:51.0413 5196	AudioEndpointBuilder - ok
22:16:51.0428 5196	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
22:16:51.0428 5196	AudioSrv - ok
22:16:51.0475 5196	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
22:16:51.0475 5196	AxInstSV - ok
22:16:51.0537 5196	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
22:16:51.0553 5196	b06bdrv - ok
22:16:51.0615 5196	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:16:51.0615 5196	b57nd60a - ok
22:16:51.0709 5196	BBSvc           (01a24b415926bb5f772dbe12459d97de) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
22:16:51.0709 5196	BBSvc - ok
22:16:51.0771 5196	BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
22:16:51.0771 5196	BBUpdate - ok
22:16:51.0834 5196	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:16:51.0849 5196	BDESVC - ok
22:16:51.0865 5196	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:16:51.0865 5196	Beep - ok
22:16:51.0974 5196	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
22:16:51.0990 5196	BFE - ok
22:16:52.0099 5196	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
22:16:52.0115 5196	BITS - ok
22:16:52.0161 5196	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:16:52.0161 5196	blbdrive - ok
22:16:52.0193 5196	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
22:16:52.0193 5196	bowser - ok
22:16:52.0208 5196	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
22:16:52.0224 5196	BrFiltLo - ok
22:16:52.0239 5196	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
22:16:52.0239 5196	BrFiltUp - ok
22:16:52.0271 5196	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
22:16:52.0271 5196	Browser - ok
22:16:52.0317 5196	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:16:52.0333 5196	Brserid - ok
22:16:52.0333 5196	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:16:52.0333 5196	BrSerWdm - ok
22:16:52.0349 5196	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:16:52.0349 5196	BrUsbMdm - ok
22:16:52.0364 5196	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:16:52.0364 5196	BrUsbSer - ok
22:16:52.0442 5196	BTATH_A2DP      (bc9616c9d05b4b0843ff0d8d7a003aa7) C:\Windows\system32\drivers\btath_a2dp.sys
22:16:52.0458 5196	BTATH_A2DP - ok
22:16:52.0489 5196	btath_avdt      (00a186bab2d5db4f549bcf8666d8ab39) C:\Windows\system32\drivers\btath_avdt.sys
22:16:52.0505 5196	btath_avdt - ok
22:16:52.0536 5196	BTATH_BUS       (d6ead8f45ecbede3b1adbee5f075e0e2) C:\Windows\system32\DRIVERS\btath_bus.sys
22:16:52.0551 5196	BTATH_BUS - ok
22:16:52.0598 5196	BTATH_HCRP      (557bc22d5ac7fb5dd51ad00f0a03be09) C:\Windows\system32\DRIVERS\btath_hcrp.sys
22:16:52.0598 5196	BTATH_HCRP - ok
22:16:52.0614 5196	BTATH_LWFLT     (3b9f872f1330728172d2f5abfb8a7706) C:\Windows\system32\DRIVERS\btath_lwflt.sys
22:16:52.0629 5196	BTATH_LWFLT - ok
22:16:52.0692 5196	BTATH_RCP       (4225b326514f20bab3751e532f403d1d) C:\Windows\system32\DRIVERS\btath_rcp.sys
22:16:52.0692 5196	BTATH_RCP - ok
22:16:52.0801 5196	BtFilter        (60675e839a37056ed5cbc7e00935451c) C:\Windows\system32\DRIVERS\btfilter.sys
22:16:52.0817 5196	BtFilter - ok
22:16:52.0863 5196	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
22:16:52.0879 5196	BthEnum - ok
22:16:52.0910 5196	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:16:52.0926 5196	BTHMODEM - ok
22:16:52.0957 5196	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
22:16:52.0957 5196	BthPan - ok
22:16:53.0035 5196	BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
22:16:53.0035 5196	BTHPORT - ok
22:16:53.0082 5196	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:16:53.0082 5196	bthserv - ok
22:16:53.0097 5196	BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
22:16:53.0113 5196	BTHUSB - ok
22:16:53.0144 5196	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:16:53.0144 5196	cdfs - ok
22:16:53.0207 5196	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
22:16:53.0207 5196	cdrom - ok
22:16:53.0253 5196	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:16:53.0253 5196	CertPropSvc - ok
22:16:53.0269 5196	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
22:16:53.0269 5196	circlass - ok
22:16:53.0331 5196	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:16:53.0347 5196	CLFS - ok
22:16:53.0456 5196	CLKMSVC10_9EC60124 (bb86f147b2a7152e4b4d71a2f0a87d41) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
22:16:53.0456 5196	CLKMSVC10_9EC60124 - ok
22:16:53.0534 5196	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:16:53.0550 5196	clr_optimization_v2.0.50727_32 - ok
22:16:53.0581 5196	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:16:53.0581 5196	clr_optimization_v2.0.50727_64 - ok
22:16:53.0659 5196	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:16:53.0721 5196	clr_optimization_v4.0.30319_32 - ok
22:16:53.0799 5196	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:16:53.0862 5196	clr_optimization_v4.0.30319_64 - ok
22:16:53.0955 5196	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:16:53.0971 5196	CmBatt - ok
22:16:53.0987 5196	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
22:16:53.0987 5196	cmdide - ok
22:16:54.0049 5196	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
22:16:54.0065 5196	CNG - ok
22:16:54.0111 5196	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:16:54.0111 5196	Compbatt - ok
22:16:54.0127 5196	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:16:54.0127 5196	CompositeBus - ok
22:16:54.0143 5196	COMSysApp - ok
22:16:54.0174 5196	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
22:16:54.0174 5196	crcdisk - ok
22:16:54.0252 5196	CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
22:16:54.0252 5196	CryptSvc - ok
22:16:54.0408 5196	DCDhcpService   (a759f37e0289f5290bed9138a776b7ff) C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
22:16:54.0408 5196	DCDhcpService - ok
22:16:54.0501 5196	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:16:54.0517 5196	DcomLaunch - ok
22:16:54.0579 5196	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:16:54.0595 5196	defragsvc - ok
22:16:54.0611 5196	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
22:16:54.0626 5196	DfsC - ok
22:16:54.0689 5196	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
22:16:54.0704 5196	Dhcp - ok
22:16:54.0735 5196	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:16:54.0735 5196	discache - ok
22:16:54.0767 5196	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
22:16:54.0767 5196	Disk - ok
22:16:54.0813 5196	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
22:16:54.0813 5196	Dnscache - ok
22:16:54.0829 5196	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
22:16:54.0829 5196	dot3svc - ok
22:16:54.0845 5196	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
22:16:54.0860 5196	DPS - ok
22:16:54.0891 5196	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:16:54.0891 5196	drmkaud - ok
22:16:55.0016 5196	DrvAgent64      (1ed08a6264c5c92099d6d1dae5e8f530) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
22:16:55.0047 5196	DrvAgent64 - ok
22:16:55.0157 5196	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
22:16:55.0172 5196	DXGKrnl - ok
22:16:55.0219 5196	e1yexpress      (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
22:16:55.0235 5196	e1yexpress - ok
22:16:55.0266 5196	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:16:55.0266 5196	EapHost - ok
22:16:55.0578 5196	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
22:16:55.0671 5196	ebdrv - ok
22:16:55.0796 5196	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
22:16:55.0796 5196	EFS - ok
22:16:55.0890 5196	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
22:16:55.0937 5196	ehRecvr - ok
22:16:55.0968 5196	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:16:55.0999 5196	ehSched - ok
22:16:56.0093 5196	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
22:16:56.0108 5196	elxstor - ok
22:16:56.0139 5196	epmntdrv        (9eafb3b3b60b8ad958985152a9309aca) C:\Windows\system32\epmntdrv.sys
22:16:56.0171 5196	epmntdrv - ok
22:16:56.0186 5196	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
22:16:56.0186 5196	ErrDev - ok
22:16:56.0249 5196	EuGdiDrv        (fb949ed2c93c878a189039f3d7730942) C:\Windows\system32\EuGdiDrv.sys
22:16:56.0280 5196	EuGdiDrv - ok
22:16:56.0358 5196	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:16:56.0373 5196	EventSystem - ok
22:16:56.0405 5196	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:16:56.0420 5196	exfat - ok
22:16:56.0451 5196	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:16:56.0451 5196	fastfat - ok
22:16:56.0545 5196	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
22:16:56.0561 5196	Fax - ok
22:16:56.0607 5196	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
22:16:56.0607 5196	fdc - ok
22:16:56.0623 5196	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:16:56.0639 5196	fdPHost - ok
22:16:56.0639 5196	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:16:56.0639 5196	FDResPub - ok
22:16:56.0670 5196	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:16:56.0670 5196	FileInfo - ok
22:16:56.0685 5196	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:16:56.0685 5196	Filetrace - ok
22:16:56.0717 5196	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
22:16:56.0717 5196	flpydisk - ok
22:16:56.0779 5196	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
22:16:56.0779 5196	FltMgr - ok
22:16:56.0904 5196	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
22:16:56.0919 5196	FontCache - ok
22:16:56.0997 5196	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:16:56.0997 5196	FontCache3.0.0.0 - ok
22:16:57.0044 5196	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:16:57.0044 5196	FsDepends - ok
22:16:57.0075 5196	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
22:16:57.0075 5196	Fs_Rec - ok
22:16:57.0138 5196	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:16:57.0138 5196	fvevol - ok
22:16:57.0185 5196	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
22:16:57.0185 5196	gagp30kx - ok
22:16:57.0325 5196	GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
22:16:57.0325 5196	GamesAppService - ok
22:16:57.0497 5196	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
22:16:57.0528 5196	gpsvc - ok
22:16:57.0606 5196	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:57.0606 5196	gupdate - ok
22:16:57.0621 5196	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:16:57.0621 5196	gupdatem - ok
22:16:57.0668 5196	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:16:57.0668 5196	hcw85cir - ok
22:16:57.0715 5196	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
22:16:57.0731 5196	HdAudAddService - ok
22:16:57.0777 5196	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:16:57.0777 5196	HDAudBus - ok
22:16:57.0824 5196	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
22:16:57.0824 5196	HidBatt - ok
22:16:57.0840 5196	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
22:16:57.0840 5196	HidBth - ok
22:16:57.0871 5196	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
22:16:57.0887 5196	HidIr - ok
22:16:57.0918 5196	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
22:16:57.0918 5196	hidserv - ok
22:16:57.0980 5196	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
22:16:58.0011 5196	HidUsb - ok
22:16:58.0043 5196	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
22:16:58.0043 5196	hkmsvc - ok
22:16:58.0089 5196	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
22:16:58.0121 5196	HomeGroupListener - ok
22:16:58.0245 5196	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
22:16:58.0245 5196	HomeGroupProvider - ok
22:16:58.0292 5196	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
22:16:58.0292 5196	HpSAMD - ok
22:16:58.0604 5196	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
22:16:58.0620 5196	HTTP - ok
22:16:58.0651 5196	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
22:16:58.0651 5196	hwpolicy - ok
22:16:58.0667 5196	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:16:58.0667 5196	i8042prt - ok
22:16:58.0791 5196	iaStor          (26cf4275034214ecedd8ec17b0a18a99) C:\Windows\system32\drivers\iaStor.sys
22:16:58.0807 5196	iaStor - ok
22:16:58.0963 5196	IAStorDataMgrSvc (e79a8e33bd136d14bae1fa20eb2ef124) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
22:16:58.0963 5196	IAStorDataMgrSvc - ok
22:16:59.0057 5196	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
22:16:59.0088 5196	iaStorV - ok
22:16:59.0306 5196	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:16:59.0322 5196	idsvc - ok
22:16:59.0369 5196	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
22:16:59.0369 5196	iirsp - ok
22:16:59.0727 5196	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
22:16:59.0759 5196	IKEEXT - ok
22:17:01.0693 5196	IntcAzAudAddService (150ac23f21dbdbf8488408ba944b0d65) C:\Windows\system32\drivers\RTKVHD64.sys
22:17:01.0724 5196	IntcAzAudAddService - ok
22:17:02.0067 5196	IntcDAud        (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
22:17:02.0067 5196	IntcDAud - ok
22:17:02.0114 5196	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
22:17:02.0114 5196	intelide - ok
22:17:06.0825 5196	intelkmd        (33faa40b288002c89529dbd14f3ab72c) C:\Windows\system32\DRIVERS\igdpmd64.sys
22:17:07.0075 5196	intelkmd - ok
22:17:07.0325 5196	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:17:07.0340 5196	intelppm - ok
22:17:07.0356 5196	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:17:07.0371 5196	IPBusEnum - ok
22:17:07.0403 5196	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:17:07.0418 5196	IpFilterDriver - ok
22:17:07.0496 5196	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
22:17:07.0512 5196	iphlpsvc - ok
22:17:07.0574 5196	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
22:17:07.0574 5196	IPMIDRV - ok
22:17:07.0590 5196	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:17:07.0590 5196	IPNAT - ok
22:17:07.0621 5196	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:17:07.0621 5196	IRENUM - ok
22:17:07.0652 5196	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
22:17:07.0652 5196	isapnp - ok
22:17:07.0699 5196	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
22:17:07.0730 5196	iScsiPrt - ok
22:17:07.0761 5196	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:17:07.0761 5196	kbdclass - ok
22:17:07.0808 5196	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
22:17:07.0808 5196	kbdhid - ok
22:17:07.0855 5196	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:07.0855 5196	KeyIso - ok
22:17:07.0871 5196	kgufxcjt - ok
22:17:07.0886 5196	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
22:17:07.0886 5196	KSecDD - ok
22:17:07.0917 5196	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
22:17:07.0933 5196	KSecPkg - ok
22:17:07.0964 5196	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:17:07.0964 5196	ksthunk - ok
22:17:08.0042 5196	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:17:08.0058 5196	KtmRm - ok
22:17:08.0105 5196	L1C             (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
22:17:08.0105 5196	L1C - ok
22:17:08.0183 5196	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
22:17:08.0183 5196	LanmanServer - ok
22:17:08.0214 5196	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
22:17:08.0229 5196	LanmanWorkstation - ok
22:17:08.0292 5196	lirsgt          (955982bf4421b77722196552b62e8dc2) C:\Windows\system32\DRIVERS\lirsgt.sys
22:17:08.0292 5196	lirsgt - ok
22:17:08.0323 5196	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:17:08.0323 5196	lltdio - ok
22:17:08.0385 5196	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:17:08.0385 5196	lltdsvc - ok
22:17:08.0432 5196	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:17:08.0463 5196	lmhosts - ok
22:17:08.0573 5196	LMS             (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
22:17:08.0573 5196	LMS - ok
22:17:08.0619 5196	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
22:17:08.0619 5196	LSI_FC - ok
22:17:08.0635 5196	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
22:17:08.0635 5196	LSI_SAS - ok
22:17:08.0651 5196	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
22:17:08.0651 5196	LSI_SAS2 - ok
22:17:08.0666 5196	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
22:17:08.0682 5196	LSI_SCSI - ok
22:17:08.0697 5196	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:17:08.0713 5196	luafv - ok
22:17:08.0713 5196	MBAMProtector - ok
22:17:08.0994 5196	MBAMService     (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:17:09.0041 5196	MBAMService - ok
22:17:09.0072 5196	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
22:17:09.0072 5196	Mcx2Svc - ok
22:17:09.0103 5196	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
22:17:09.0103 5196	megasas - ok
22:17:09.0134 5196	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
22:17:09.0150 5196	MegaSR - ok
22:17:09.0197 5196	MEIx64          (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys
22:17:09.0197 5196	MEIx64 - ok
22:17:09.0228 5196	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:09.0243 5196	MMCSS - ok
22:17:09.0275 5196	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:17:09.0275 5196	Modem - ok
22:17:09.0306 5196	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:17:09.0306 5196	monitor - ok
22:17:09.0353 5196	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:17:09.0353 5196	mouclass - ok
22:17:09.0399 5196	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:17:09.0415 5196	mouhid - ok
22:17:09.0446 5196	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
22:17:09.0446 5196	mountmgr - ok
22:17:09.0509 5196	MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:17:09.0524 5196	MozillaMaintenance - ok
22:17:09.0587 5196	MpFilter        (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
22:17:09.0587 5196	MpFilter - ok
22:17:09.0633 5196	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
22:17:09.0633 5196	mpio - ok
22:17:09.0680 5196	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:17:09.0680 5196	mpsdrv - ok
22:17:09.0821 5196	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
22:17:09.0836 5196	MpsSvc - ok
22:17:09.0883 5196	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
22:17:09.0883 5196	MRxDAV - ok
22:17:09.0914 5196	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:17:09.0914 5196	mrxsmb - ok
22:17:09.0977 5196	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:17:09.0992 5196	mrxsmb10 - ok
22:17:10.0008 5196	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:17:10.0008 5196	mrxsmb20 - ok
22:17:10.0023 5196	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
22:17:10.0039 5196	msahci - ok
22:17:10.0070 5196	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
22:17:10.0070 5196	msdsm - ok
22:17:10.0117 5196	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:17:10.0117 5196	MSDTC - ok
22:17:10.0148 5196	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:17:10.0148 5196	Msfs - ok
22:17:10.0164 5196	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:17:10.0164 5196	mshidkmdf - ok
22:17:10.0179 5196	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
22:17:10.0179 5196	msisadrv - ok
22:17:10.0273 5196	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:17:10.0273 5196	MSiSCSI - ok
22:17:10.0273 5196	msiserver - ok
22:17:10.0304 5196	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:17:10.0304 5196	MSKSSRV - ok
22:17:10.0382 5196	MsMpSvc         (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
22:17:10.0398 5196	MsMpSvc - ok
22:17:10.0429 5196	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:17:10.0429 5196	MSPCLOCK - ok
22:17:10.0445 5196	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:17:10.0445 5196	MSPQM - ok
22:17:10.0491 5196	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
22:17:10.0491 5196	MsRPC - ok
22:17:10.0507 5196	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:17:10.0507 5196	mssmbios - ok
22:17:10.0538 5196	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:17:10.0538 5196	MSTEE - ok
22:17:10.0538 5196	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
22:17:10.0538 5196	MTConfig - ok
22:17:10.0569 5196	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:17:10.0569 5196	Mup - ok
22:17:10.0897 5196	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
22:17:10.0928 5196	napagent - ok
22:17:11.0022 5196	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:17:11.0022 5196	NativeWifiP - ok
22:17:11.0240 5196	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
22:17:11.0271 5196	NDIS - ok
22:17:11.0334 5196	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:17:11.0334 5196	NdisCap - ok
22:17:11.0349 5196	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:17:11.0349 5196	NdisTapi - ok
22:17:11.0381 5196	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
22:17:11.0381 5196	Ndisuio - ok
22:17:11.0396 5196	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
22:17:11.0396 5196	NdisWan - ok
22:17:11.0412 5196	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
22:17:11.0412 5196	NDProxy - ok
22:17:11.0427 5196	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:17:11.0427 5196	NetBIOS - ok
22:17:11.0443 5196	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
22:17:11.0459 5196	NetBT - ok
22:17:11.0474 5196	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:11.0474 5196	Netlogon - ok
22:17:11.0537 5196	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:17:11.0552 5196	Netman - ok
22:17:11.0646 5196	NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0677 5196	NetMsmqActivator - ok
22:17:11.0677 5196	NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0693 5196	NetPipeActivator - ok
22:17:11.0817 5196	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:17:11.0833 5196	netprofm - ok
22:17:11.0833 5196	NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0849 5196	NetTcpActivator - ok
22:17:11.0849 5196	NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:17:11.0849 5196	NetTcpPortSharing - ok
22:17:11.0942 5196	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
22:17:11.0942 5196	nfrd960 - ok
22:17:12.0036 5196	NisDrv          (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
22:17:12.0036 5196	NisDrv - ok
22:17:12.0145 5196	NisSrv          (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
22:17:12.0145 5196	NisSrv - ok
22:17:12.0207 5196	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
22:17:12.0223 5196	NlaSvc - ok
22:17:12.0254 5196	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:17:12.0254 5196	Npfs - ok
22:17:12.0301 5196	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:17:12.0301 5196	nsi - ok
22:17:12.0317 5196	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:17:12.0317 5196	nsiproxy - ok
22:17:12.0722 5196	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
22:17:12.0785 5196	Ntfs - ok
22:17:13.0175 5196	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:17:13.0175 5196	Null - ok
22:17:13.0221 5196	nusb3hub        (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
22:17:13.0221 5196	nusb3hub - ok
22:17:13.0237 5196	nusb3xhc        (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
22:17:13.0253 5196	nusb3xhc - ok
22:17:18.0947 5196	nvlddmkm        (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:17:19.0165 5196	nvlddmkm - ok
22:17:19.0383 5196	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
22:17:19.0415 5196	nvraid - ok
22:17:19.0446 5196	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
22:17:19.0446 5196	nvstor - ok
22:17:19.0493 5196	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
22:17:19.0508 5196	nv_agp - ok
22:17:19.0508 5196	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
22:17:19.0524 5196	ohci1394 - ok
22:17:19.0602 5196	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:19.0617 5196	p2pimsvc - ok
22:17:19.0711 5196	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:17:19.0727 5196	p2psvc - ok
22:17:19.0758 5196	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
22:17:19.0758 5196	Parport - ok
22:17:19.0805 5196	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
22:17:19.0805 5196	partmgr - ok
22:17:19.0867 5196	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:17:19.0867 5196	PcaSvc - ok
22:17:19.0929 5196	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
22:17:19.0945 5196	pci - ok
22:17:19.0945 5196	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
22:17:19.0961 5196	pciide - ok
22:17:20.0023 5196	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
22:17:20.0039 5196	pcmcia - ok
22:17:20.0054 5196	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:17:20.0054 5196	pcw - ok
22:17:20.0132 5196	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:17:20.0148 5196	PEAUTH - ok
22:17:20.0319 5196	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:17:20.0335 5196	PerfHost - ok
22:17:20.0975 5196	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
22:17:21.0021 5196	pla - ok
22:17:21.0099 5196	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
22:17:21.0115 5196	PlugPlay - ok
22:17:21.0443 5196	PMBDeviceInfoProvider (ae6c778717de2f6b0c0b5335036d3363) c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
22:17:21.0474 5196	PMBDeviceInfoProvider - ok
22:17:21.0521 5196	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:17:21.0536 5196	PNRPAutoReg - ok
22:17:21.0583 5196	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:17:21.0599 5196	PNRPsvc - ok
22:17:21.0708 5196	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
22:17:21.0739 5196	PolicyAgent - ok
22:17:21.0833 5196	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:17:21.0833 5196	Power - ok
22:17:21.0911 5196	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
22:17:21.0911 5196	PptpMiniport - ok
22:17:21.0942 5196	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
22:17:21.0942 5196	Processor - ok
22:17:22.0004 5196	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
22:17:22.0020 5196	ProfSvc - ok
22:17:22.0035 5196	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:22.0035 5196	ProtectedStorage - ok
22:17:22.0082 5196	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
22:17:22.0082 5196	Psched - ok
22:17:22.0145 5196	PxHlpa64        (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
22:17:22.0145 5196	PxHlpa64 - ok
22:17:23.0081 5196	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
22:17:23.0127 5196	ql2300 - ok
22:17:23.0408 5196	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
22:17:23.0408 5196	ql40xx - ok
22:17:23.0455 5196	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:17:23.0471 5196	QWAVE - ok
22:17:23.0502 5196	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:17:23.0502 5196	QWAVEdrv - ok
22:17:23.0549 5196	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:17:23.0549 5196	RasAcd - ok
22:17:23.0580 5196	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:17:23.0580 5196	RasAgileVpn - ok
22:17:23.0611 5196	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:17:23.0627 5196	RasAuto - ok
22:17:23.0689 5196	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:17:23.0705 5196	Rasl2tp - ok
22:17:23.0798 5196	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
22:17:23.0814 5196	RasMan - ok
22:17:23.0861 5196	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:17:23.0861 5196	RasPppoe - ok
22:17:23.0892 5196	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:17:23.0892 5196	RasSstp - ok
22:17:23.0907 5196	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
22:17:23.0923 5196	rdbss - ok
22:17:23.0939 5196	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
22:17:23.0939 5196	rdpbus - ok
22:17:23.0954 5196	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:17:23.0954 5196	RDPCDD - ok
22:17:23.0954 5196	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:17:23.0954 5196	RDPENCDD - ok
22:17:23.0970 5196	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:17:23.0985 5196	RDPREFMP - ok
22:17:24.0017 5196	RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
22:17:24.0017 5196	RDPWD - ok
22:17:24.0063 5196	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
22:17:24.0063 5196	rdyboost - ok
22:17:24.0110 5196	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:17:24.0110 5196	RemoteAccess - ok
22:17:24.0188 5196	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:17:24.0188 5196	RemoteRegistry - ok
22:17:24.0251 5196	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
22:17:24.0251 5196	RFCOMM - ok
22:17:24.0282 5196	rimspci         (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\DRIVERS\rimssne64.sys
22:17:24.0282 5196	rimspci - ok
22:17:24.0297 5196	risdsnpe        (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\DRIVERS\risdsnxc64.sys
22:17:24.0297 5196	risdsnpe - ok
22:17:24.0344 5196	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:17:24.0344 5196	RpcEptMapper - ok
22:17:24.0375 5196	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:17:24.0375 5196	RpcLocator - ok
22:17:24.0453 5196	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
22:17:24.0469 5196	RpcSs - ok
22:17:24.0500 5196	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:17:24.0516 5196	rspndr - ok
22:17:24.0547 5196	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:24.0563 5196	SamSs - ok
22:17:24.0594 5196	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
22:17:24.0594 5196	sbp2port - ok
22:17:24.0656 5196	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:17:24.0656 5196	SCardSvr - ok
22:17:24.0687 5196	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
22:17:24.0703 5196	scfilter - ok
22:17:25.0124 5196	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
22:17:25.0171 5196	Schedule - ok
22:17:25.0265 5196	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
22:17:25.0280 5196	SCPolicySvc - ok
22:17:25.0311 5196	sdbus           (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
22:17:25.0327 5196	sdbus - ok
22:17:25.0374 5196	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
22:17:25.0374 5196	SDRSVC - ok
22:17:25.0405 5196	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:17:25.0405 5196	secdrv - ok
22:17:25.0452 5196	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
22:17:25.0452 5196	seclogon - ok
22:17:25.0483 5196	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
22:17:25.0483 5196	SENS - ok
22:17:25.0514 5196	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:17:25.0530 5196	SensrSvc - ok
22:17:25.0561 5196	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
22:17:25.0561 5196	Serenum - ok
22:17:25.0577 5196	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
22:17:25.0577 5196	Serial - ok
22:17:25.0577 5196	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
22:17:25.0592 5196	sermouse - ok
22:17:25.0639 5196	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
22:17:25.0655 5196	SessionEnv - ok
22:17:25.0701 5196	SFEP            (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\DRIVERS\SFEP.sys
22:17:25.0701 5196	SFEP - ok
22:17:25.0717 5196	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
22:17:25.0717 5196	sffdisk - ok
22:17:25.0733 5196	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
22:17:25.0733 5196	sffp_mmc - ok
22:17:25.0748 5196	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
22:17:25.0748 5196	sffp_sd - ok
22:17:25.0779 5196	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
22:17:25.0811 5196	sfloppy - ok
22:17:25.0982 5196	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:17:25.0998 5196	SharedAccess - ok
22:17:26.0107 5196	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
22:17:26.0123 5196	ShellHWDetection - ok
22:17:26.0154 5196	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
22:17:26.0154 5196	SiSRaid2 - ok
22:17:26.0169 5196	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
22:17:26.0169 5196	SiSRaid4 - ok
22:17:26.0294 5196	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:17:26.0294 5196	SkypeUpdate - ok
22:17:26.0325 5196	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:17:26.0325 5196	Smb - ok
22:17:26.0388 5196	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:17:26.0388 5196	SNMPTRAP - ok
22:17:26.0528 5196	SOHCImp         (4aea7a1c3ca06d95d6966c34d13c0d8b) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
22:17:26.0544 5196	SOHCImp - ok
22:17:26.0575 5196	SOHDs           (16fd95781117e13107d477ae36219e6f) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
22:17:26.0575 5196	SOHDs - ok
22:17:26.0793 5196	SpfService      (c03e480e63a80d73fabe28d24d3b6b47) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
22:17:26.0809 5196	SpfService - ok
22:17:26.0840 5196	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:17:26.0840 5196	spldr - ok
22:17:27.0215 5196	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
22:17:27.0261 5196	Spooler - ok
22:17:28.0712 5196	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
22:17:28.0790 5196	sppsvc - ok
22:17:28.0899 5196	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:17:28.0915 5196	sppuinotify - ok
22:17:29.0055 5196	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
22:17:29.0087 5196	srv - ok
22:17:29.0133 5196	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
22:17:29.0149 5196	srv2 - ok
22:17:29.0165 5196	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
22:17:29.0165 5196	srvnet - ok
22:17:29.0211 5196	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:17:29.0227 5196	SSDPSRV - ok
22:17:29.0243 5196	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:17:29.0243 5196	SstpSvc - ok
22:17:29.0258 5196	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
22:17:29.0274 5196	stexstor - ok
22:17:29.0367 5196	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
22:17:29.0383 5196	stisvc - ok
22:17:29.0430 5196	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:17:29.0430 5196	swenum - ok
22:17:29.0633 5196	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:17:29.0664 5196	swprv - ok
22:17:30.0023 5196	SynTP           (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\DRIVERS\SynTP.sys
22:17:30.0038 5196	SynTP - ok
22:17:31.0302 5196	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
22:17:31.0349 5196	SysMain - ok
22:17:31.0832 5196	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
22:17:31.0848 5196	TabletInputService - ok
22:17:31.0910 5196	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
22:17:31.0926 5196	TapiSrv - ok
22:17:31.0957 5196	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:17:31.0973 5196	TBS - ok
22:17:32.0909 5196	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
22:17:32.0971 5196	Tcpip - ok
22:17:34.0188 5196	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
22:17:34.0219 5196	TCPIP6 - ok
22:17:34.0578 5196	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
22:17:34.0593 5196	tcpipreg - ok
22:17:34.0625 5196	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:17:34.0625 5196	TDPIPE - ok
22:17:34.0656 5196	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
22:17:34.0656 5196	TDTCP - ok
22:17:34.0687 5196	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
22:17:34.0687 5196	tdx - ok
22:17:35.0451 5196	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
22:17:35.0498 5196	TeamViewer7 - ok
22:17:35.0841 5196	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
22:17:35.0841 5196	TermDD - ok
22:17:36.0013 5196	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
22:17:36.0044 5196	TermService - ok
22:17:36.0075 5196	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:17:36.0091 5196	Themes - ok
22:17:36.0122 5196	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:17:36.0122 5196	THREADORDER - ok
22:17:36.0200 5196	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:17:36.0216 5196	TrkWks - ok
22:17:36.0294 5196	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
22:17:36.0356 5196	TrustedInstaller - ok
22:17:36.0372 5196	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:17:36.0372 5196	tssecsrv - ok
22:17:36.0403 5196	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
22:17:36.0403 5196	TsUsbFlt - ok
22:17:36.0419 5196	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
22:17:36.0419 5196	TsUsbGD - ok
22:17:36.0450 5196	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
22:17:36.0450 5196	tunnel - ok
22:17:36.0465 5196	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
22:17:36.0481 5196	uagp35 - ok
22:17:36.0575 5196	uCamMonitor     (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
22:17:36.0590 5196	uCamMonitor - ok
22:17:36.0668 5196	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
22:17:36.0684 5196	udfs - ok
22:17:36.0746 5196	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:17:36.0762 5196	UI0Detect - ok
22:17:36.0809 5196	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
22:17:36.0809 5196	uliagpkx - ok
22:17:36.0824 5196	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
22:17:36.0824 5196	umbus - ok
22:17:36.0855 5196	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
22:17:36.0855 5196	UmPass - ok
22:17:38.0603 5196	UNS             (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
22:17:38.0681 5196	UNS - ok
22:17:39.0117 5196	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:17:39.0117 5196	upnphost - ok
22:17:39.0227 5196	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
22:17:39.0227 5196	usbccgp - ok
22:17:39.0273 5196	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
22:17:39.0273 5196	usbcir - ok
22:17:39.0320 5196	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
22:17:39.0320 5196	usbehci - ok
22:17:39.0398 5196	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
22:17:39.0414 5196	usbhub - ok
22:17:39.0461 5196	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
22:17:39.0461 5196	usbohci - ok
22:17:39.0476 5196	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
22:17:39.0476 5196	usbprint - ok
22:17:39.0507 5196	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:17:39.0507 5196	USBSTOR - ok
22:17:39.0523 5196	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
22:17:39.0523 5196	usbuhci - ok
22:17:39.0570 5196	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
22:17:39.0570 5196	usbvideo - ok
22:17:39.0617 5196	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:17:39.0617 5196	UxSms - ok
22:17:39.0741 5196	VAIO Event Service (203fd19d70549a2939e1ae3a36608151) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
22:17:39.0741 5196	VAIO Event Service - ok
22:17:40.0053 5196	VAIO Power Management (63dd41d4c6f5fd59beb08c88292ca76a) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
22:17:40.0085 5196	VAIO Power Management - ok
22:17:40.0116 5196	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
22:17:40.0116 5196	VaultSvc - ok
22:17:40.0521 5196	VCFw            (24f7e301defd05f3e36a8b76f498c282) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
22:17:40.0553 5196	VCFw - ok
22:17:40.0771 5196	VcmIAlzMgr      (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
22:17:40.0787 5196	VcmIAlzMgr - ok
22:17:41.0005 5196	VcmINSMgr       (c350d9b371d28c551bc661f3baf1a109) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
22:17:41.0021 5196	VcmINSMgr - ok
22:17:41.0255 5196	VcmXmlIfHelper  (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
22:17:41.0270 5196	VcmXmlIfHelper - ok
22:17:41.0333 5196	VCService       (d076011ecd0d1310e879f32ebf3b4886) C:\Program Files\Sony\VAIO Care\VCService.exe
22:17:41.0333 5196	VCService - ok
22:17:41.0567 5196	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
22:17:41.0567 5196	vdrvroot - ok
22:17:41.0691 5196	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
22:17:41.0738 5196	vds - ok
22:17:41.0754 5196	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:17:41.0754 5196	vga - ok
22:17:41.0801 5196	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:17:41.0801 5196	VgaSave - ok
22:17:41.0816 5196	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
22:17:41.0832 5196	vhdmp - ok
22:17:41.0832 5196	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
22:17:41.0847 5196	viaide - ok
22:17:41.0894 5196	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
22:17:41.0894 5196	volmgr - ok
22:17:41.0925 5196	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
22:17:41.0941 5196	volmgrx - ok
22:17:41.0988 5196	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
22:17:42.0003 5196	volsnap - ok
22:17:42.0035 5196	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
22:17:42.0050 5196	vsmraid - ok
22:17:42.0643 5196	VSNService      (6b427ef11b77646e7e3eefb2c4870191) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
22:17:42.0690 5196	VSNService - ok
22:17:43.0345 5196	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
22:17:43.0392 5196	VSS - ok
22:17:43.0673 5196	VUAgent         (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
22:17:43.0688 5196	VUAgent - ok
22:17:43.0891 5196	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
22:17:43.0891 5196	vwifibus - ok
22:17:43.0922 5196	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
22:17:43.0922 5196	vwififlt - ok
22:17:43.0953 5196	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
22:17:43.0953 5196	vwifimp - ok
22:17:44.0016 5196	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:17:44.0031 5196	W32Time - ok
22:17:44.0063 5196	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
22:17:44.0063 5196	WacomPen - ok
22:17:44.0109 5196	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:44.0109 5196	WANARP - ok
22:17:44.0109 5196	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
22:17:44.0125 5196	Wanarpv6 - ok
22:17:44.0343 5196	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
22:17:44.0390 5196	wbengine - ok
22:17:44.0546 5196	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:17:44.0546 5196	WbioSrvc - ok
22:17:44.0577 5196	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
22:17:44.0577 5196	wcncsvc - ok
22:17:44.0593 5196	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:17:44.0593 5196	WcsPlugInService - ok
22:17:44.0655 5196	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
22:17:44.0655 5196	Wd - ok
22:17:44.0718 5196	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:17:44.0733 5196	Wdf01000 - ok
22:17:44.0765 5196	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:44.0765 5196	WdiServiceHost - ok
22:17:44.0765 5196	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:17:44.0780 5196	WdiSystemHost - ok
22:17:44.0796 5196	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
22:17:44.0811 5196	WebClient - ok
22:17:44.0827 5196	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:17:44.0843 5196	Wecsvc - ok
22:17:44.0858 5196	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:17:44.0874 5196	wercplsupport - ok
22:17:44.0905 5196	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:17:44.0905 5196	WerSvc - ok
22:17:44.0952 5196	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:17:44.0952 5196	WfpLwf - ok
22:17:44.0983 5196	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:17:44.0983 5196	WIMMount - ok
22:17:45.0014 5196	WinDefend - ok
22:17:45.0014 5196	WinHttpAutoProxySvc - ok
22:17:45.0108 5196	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:17:45.0108 5196	Winmgmt - ok
22:17:45.0342 5196	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
22:17:45.0404 5196	WinRM - ok
22:17:45.0747 5196	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:17:45.0779 5196	Wlansvc - ok
22:17:45.0903 5196	wlcrasvc        (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
22:17:45.0903 5196	wlcrasvc - ok
22:17:46.0278 5196	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:17:46.0340 5196	wlidsvc - ok
22:17:46.0590 5196	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
22:17:46.0590 5196	WmiAcpi - ok
22:17:46.0683 5196	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:17:46.0683 5196	wmiApSrv - ok
22:17:46.0730 5196	WMPNetworkSvc - ok
22:17:46.0777 5196	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:17:46.0777 5196	WPCSvc - ok
22:17:46.0808 5196	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
22:17:46.0808 5196	WPDBusEnum - ok
22:17:46.0839 5196	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:17:46.0839 5196	ws2ifsl - ok
22:17:46.0871 5196	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
22:17:46.0886 5196	wscsvc - ok
22:17:46.0902 5196	WSearch - ok
22:17:47.0354 5196	wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
22:17:47.0417 5196	wuauserv - ok
22:17:47.0604 5196	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
22:17:47.0604 5196	WudfPf - ok
22:17:47.0651 5196	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:17:47.0651 5196	WUDFRd - ok
22:17:47.0682 5196	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
22:17:47.0682 5196	wudfsvc - ok
22:17:47.0713 5196	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:17:47.0729 5196	WwanSvc - ok
22:17:47.0822 5196	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:17:48.0275 5196	\Device\Harddisk0\DR0 - ok
22:17:48.0290 5196	Boot (0x1200)   (da401678e94c13280d73877d5238867c) \Device\Harddisk0\DR0\Partition0
22:17:48.0321 5196	\Device\Harddisk0\DR0\Partition0 - ok
22:17:48.0321 5196	Boot (0x1200)   (6fc4bfdd26c7a60e02c71cb1b1c056a0) \Device\Harddisk0\DR0\Partition1
22:17:48.0337 5196	\Device\Harddisk0\DR0\Partition1 - ok
22:17:48.0337 5196	============================================================
22:17:48.0337 5196	Scan finished
22:17:48.0337 5196	============================================================
22:17:48.0353 5744	Detected object count: 0
22:17:48.0353 5744	Actual detected object count: 0
22:18:05.0684 1808	Deinitialize success

Alt 08.06.2012, 21:56   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Sehr gut!

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 08.06.2012, 22:23   #25
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Hier ist die Combofix.txt:

Code:
ATTFilter
ComboFix 12-06-08.02 - Bjarne 08.06.2012  23:13:56.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8103.6325 [GMT 2:00]
ausgeführt von:: c:\users\Bjarne\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Bjarne\Desktop\Data_Recovery.lnk
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-08 bis 2012-06-08  ))))))))))))))))))))))))))))))
.
.
2012-06-08 21:20 . 2012-06-08 21:20	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-06-08 20:14 . 2012-06-08 21:11	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5595EC3-B0BE-47F1-AA02-AFCE64A9FA80}\offreg.dll
2012-06-08 20:12 . 2012-06-08 20:12	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-08 19:05 . 2012-06-08 19:05	--------	d-----w-	C:\_OTL
2012-06-08 18:47 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5595EC3-B0BE-47F1-AA02-AFCE64A9FA80}\mpengine.dll
2012-06-07 17:47 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 18:09 . 2012-06-06 18:09	--------	d-----w-	c:\program files (x86)\ESET
2012-06-06 17:02 . 2012-06-06 17:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-06 17:02 . 2012-06-06 17:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 11:24 . 2012-06-04 11:48	--------	d-----w-	c:\programdata\Avira
2012-06-03 09:39 . 2012-06-03 09:39	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C627EDE4-F640-48B8-AF2E-D813C9282816}\gapaengine.dll
2012-06-03 09:38 . 2012-06-03 09:38	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-03 09:37 . 2012-06-03 09:38	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-02 15:30 . 2012-06-02 15:30	--------	d-----w-	c:\programdata\InstallShield
2012-06-02 15:30 . 2012-06-03 07:41	88480	----a-w-	c:\windows\system32\drivers\atksgt.sys
2012-06-02 15:30 . 2012-06-03 07:41	46400	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2012-06-02 15:28 . 2012-06-02 15:28	--------	d-----w-	c:\program files (x86)\Focus
2012-06-02 15:28 . 2004-08-09 04:04	73728	----a-w-	c:\windows\SysWow64\ISUSPM.cpl
2012-06-02 15:28 . 2004-08-09 04:03	385024	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-06-02 15:28 . 2004-08-09 04:03	221184	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-06-02 15:28 . 2004-08-09 04:03	81920	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-06-02 15:28 . 2004-08-09 04:03	368640	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-06-02 15:28 . 2004-08-09 04:03	512000	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-06-02 15:28 . 2004-08-09 04:02	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-06-02 15:27 . 2004-10-22 00:18	749568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-02 15:27 . 2004-10-22 00:17	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-02 15:27 . 2004-10-22 00:17	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-02 15:27 . 2004-10-22 00:16	180224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-02 15:27 . 2004-10-22 00:16	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-02 15:27 . 2012-06-02 15:27	192644	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-06-02 15:27 . 2012-06-02 15:27	323716	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-05-31 12:47 . 2012-03-13 17:18	2469760	----a-w-	c:\windows\SysWow64\BootMan.exe
2012-05-31 12:47 . 2012-03-13 17:05	3316736	----a-w-	c:\windows\system32\BootMan.exe
2012-05-31 12:47 . 2011-07-29 11:54	9096	----a-w-	c:\windows\system32\EuGdiDrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	16776	----a-w-	c:\windows\system32\epmntdrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	100232	----a-w-	c:\windows\system32\setupempdrvx64.exe
2012-05-31 12:47 . 2011-07-29 11:54	19840	----a-w-	c:\windows\SysWow64\EuEpmGdi.dll
2012-05-31 12:47 . 2011-07-29 11:54	16256	----a-w-	c:\windows\system32\EuEpmGdi.dll
2012-05-31 12:47 . 2011-07-29 11:54	86408	----a-w-	c:\windows\SysWow64\setupempdrv03.exe
2012-05-31 12:47 . 2011-07-29 11:54	8456	----a-w-	c:\windows\SysWow64\EuGdiDrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	14216	----a-w-	c:\windows\SysWow64\epmntdrv.sys
2012-05-31 12:47 . 2012-05-31 12:47	--------	d-----w-	c:\program files (x86)\EASEUS
2012-05-31 11:38 . 2012-05-31 11:44	--------	d-----w-	c:\program files\Tracker Software
2012-05-29 17:51 . 2012-05-29 17:51	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-05-29 17:04 . 2012-05-29 17:05	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-05-28 07:42 . 2012-05-28 07:42	--------	d-----w-	c:\program files (x86)\Video Codec
2012-05-28 06:30 . 2012-05-28 06:30	--------	d-----w-	c:\program files (x86)\GIANTS Software
2012-05-27 17:59 . 2012-05-27 17:59	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2012-05-26 15:09 . 2012-05-26 15:09	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-26 15:06 . 2012-05-26 15:06	--------	d-----w-	c:\windows\de
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\en
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\bg
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\cs
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\da
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\nl
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\fi
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\fr
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\el
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\hu
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\it
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\no
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\pl
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\pt-pt
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\ro
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\ru
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\sk
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\sv
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\tr
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\uk
2012-05-26 14:51 . 2012-05-26 14:51	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\DSETUP.dll
2012-05-26 14:51 . 2012-05-26 14:51	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\DXSETUP.exe
2012-05-26 14:51 . 2012-05-26 14:51	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\dsetup32.dll
2012-05-26 14:51 . 2012-05-26 14:51	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\4379461cd3b4f02\MeshBetaRemover.exe
2012-05-26 14:27 . 2012-05-26 15:10	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 18:21 . 2012-05-24 18:21	--------	d-----w-	c:\program files\CCleaner
2012-05-22 16:40 . 2012-05-22 16:40	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-05-22 16:40 . 2012-05-22 16:40	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-05-22 16:40 . 2012-05-22 16:40	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-05-22 16:40 . 2012-05-22 16:40	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-05-22 16:40 . 2012-05-22 16:40	--------	d-----w-	c:\program files (x86)\OpenAL
2012-05-22 16:33 . 2012-05-22 17:09	--------	d-----w-	c:\program files\FlightGear
2012-05-21 14:36 . 2012-05-21 14:36	--------	d-----w-	c:\program files (x86)\ProtectDisc Driver Installer
2012-05-21 14:28 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-21 14:28 . 2001-09-05 02:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-21 14:28 . 2001-09-05 02:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-21 14:28 . 2001-09-05 02:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-21 14:28 . 2012-05-21 14:28	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-05-21 14:28 . 2012-05-21 14:28	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-05-21 14:28 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-21 14:17 . 2012-05-21 14:17	--------	d-----w-	c:\users\Default\AppData\Local\Sony Corporation
2012-05-21 14:12 . 2003-01-26 12:41	40960	----a-w-	c:\windows\SysWow64\SSubTmr6.dll
2012-05-21 14:12 . 2000-05-21 23:00	203976	----a-w-	c:\windows\SysWow64\RICHTX32.OCX
2012-05-21 14:12 . 2004-08-28 12:03	739472	----a-w-	c:\windows\SysWow64\sg20O.ocx
2012-05-21 14:12 . 2004-08-24 21:55	53248	----a-w-	c:\windows\SysWow64\cbvCalendar.dll
2012-05-21 14:12 . 2004-03-26 09:36	122880	----a-w-	c:\windows\SysWow64\cbNet.dll
2012-05-21 14:12 . 2003-05-14 20:07	389120	----a-w-	c:\windows\SysWow64\actskn43.ocx
2012-05-21 14:12 . 2002-02-17 11:17	65536	----a-w-	c:\windows\SysWow64\CBXML.dll
2012-05-21 14:12 . 2002-02-08 00:01	208896	----a-w-	c:\windows\SysWow64\cbPrinter.dll
2012-05-21 14:12 . 2002-01-10 23:09	57344	----a-w-	c:\windows\SysWow64\cbSysHTrck.dll
2012-05-21 14:12 . 2000-05-21 23:00	140488	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2012-05-21 14:12 . 2004-06-18 21:09	40960	----a-w-	c:\windows\SysWow64\CBDTPicker.dll
2012-05-21 14:12 . 2012-05-21 20:04	--------	d-----w-	c:\program files (x86)\Wecker6
2012-05-21 13:45 . 2012-06-01 13:47	--------	d-----w-	C:\VAIO Entertainment
2012-05-21 13:41 . 2012-05-21 13:41	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-05-21 13:40 . 2012-06-02 15:30	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-21 13:28 . 2012-05-21 13:29	--------	d-----w-	c:\program files (x86)\Fernseh Tycoon
2012-05-21 12:56 . 2012-05-21 12:56	--------	d-----w-	c:\programdata\VS
2012-05-21 12:40 . 2012-05-21 12:40	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-21 12:40 . 2012-05-21 12:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-20 18:35 . 2012-05-20 18:34	111960	----a-w-	c:\windows\dxsdkuninst.exe
2012-05-20 18:35 . 2012-05-20 18:46	--------	d-----w-	c:\program files (x86)\Microsoft DirectX SDK (June 2010)
2012-05-20 18:31 . 2010-02-04 08:01	78680	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2012-05-20 18:31 . 2010-02-04 08:01	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_4.dll
2012-05-20 18:31 . 2010-02-04 08:01	530776	----a-w-	c:\windows\system32\XAudio2_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	528216	----a-w-	c:\windows\SysWow64\XAudio2_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	238936	----a-w-	c:\windows\SysWow64\xactengine3_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	176984	----a-w-	c:\windows\system32\xactengine3_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	24920	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2012-05-20 18:31 . 2010-02-04 08:01	22360	----a-w-	c:\windows\SysWow64\X3DAudio1_7.dll
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files (x86)\Quadriga Games
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2012-05-20 18:16 . 2012-05-21 13:02	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-05-20 18:14 . 2012-05-20 18:14	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 15:10 . 2012-04-08 22:32	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 09:09 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-08 23:08 . 2012-04-08 23:08	88851008	----a-w-	c:\windows\system32\VAIO Hero Screensaver - Fall 2011 - DE.scr
2012-04-08 22:53 . 2012-04-08 22:53	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-04-08 22:53 . 2003-03-18 18:14	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-04-08 22:53 . 2003-02-21 02:42	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-04-08 22:26 . 2012-04-08 22:26	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-04-08 22:25 . 2012-04-08 22:25	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-04-08 22:25 . 2012-04-08 22:25	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-04-08 22:24 . 2012-04-08 22:24	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-04-08 22:24 . 2012-04-08 22:24	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-04-08 22:24 . 2012-04-08 22:24	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-04-08 21:56 . 2012-04-08 21:56	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-08 21:55 . 2012-04-08 21:55	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-20 18:44 . 2012-03-20 18:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-10-09 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ahcbbbhf;ahcbbbhf;c:\windows\system32\drivers\ahcbbbhf.sys [x]
R1 kgufxcjt;kgufxcjt;c:\windows\system32\drivers\kgufxcjt.sys [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/09 00:53;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-09-27 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 116648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 257696]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-08-25 111776]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-19 21712]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 116648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-03 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-03 74904]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-10-24 958112]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-09-08 381488]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-09-23 289952]
S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 47354149
*Deregistered* - 47354149
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 15:10]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 20:32]
.
2012-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 20:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-12-26 2277992]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-22 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-22 416024]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\yyudgavq.default\
FF - prefs.js: browser.search.selectedEngine - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-loadtbs-2.1 - c:\users\Bjarne\AppData\Roaming\loadtbs\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-08  23:22:16
ComboFix-quarantined-files.txt  2012-06-08 21:22
.
Vor Suchlauf: 17 Verzeichnis(se), 643.369.680.896 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 643.090.448.384 Bytes frei
.
- - End Of File - - AE2C0FB14898F71B510B495C6DDA2A8F
lg Banane

Alt 08.06.2012, 22:50   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
ATTFilter
File::
c:\windows\system32\drivers\ahcbbbhf.sys
c:\windows\system32\drivers\kgufxcjt.sys

Driver::
ahcbbbhf
kgufxcjt
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 09.06.2012, 06:24   #27
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Hier die Combofix log:

Code:
ATTFilter
ComboFix 12-06-08.02 - Bjarne 09.06.2012   0:01.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8103.6068 [GMT 2:00]
ausgeführt von:: c:\users\Bjarne\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Bjarne\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\ahcbbbhf.sys"
"c:\windows\system32\drivers\kgufxcjt.sys"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ahcbbbhf
-------\Service_kgufxcjt
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-05-09 bis 2012-06-09  ))))))))))))))))))))))))))))))
.
.
2012-06-08 20:14 . 2012-06-08 22:05	69000	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5595EC3-B0BE-47F1-AA02-AFCE64A9FA80}\offreg.dll
2012-06-08 20:12 . 2012-06-08 20:12	--------	d-----w-	C:\TDSSKiller_Quarantine
2012-06-08 19:05 . 2012-06-08 19:05	--------	d-----w-	C:\_OTL
2012-06-08 18:47 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5595EC3-B0BE-47F1-AA02-AFCE64A9FA80}\mpengine.dll
2012-06-07 17:47 . 2012-05-08 08:02	8955792	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-06 18:09 . 2012-06-06 18:09	--------	d-----w-	c:\program files (x86)\ESET
2012-06-06 17:02 . 2012-06-06 17:02	--------	d-----w-	c:\programdata\Malwarebytes
2012-06-06 17:02 . 2012-06-06 17:02	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-03 11:24 . 2012-06-04 11:48	--------	d-----w-	c:\programdata\Avira
2012-06-03 09:39 . 2012-06-03 09:39	927800	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C627EDE4-F640-48B8-AF2E-D813C9282816}\gapaengine.dll
2012-06-03 09:38 . 2012-06-03 09:38	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-06-03 09:37 . 2012-06-03 09:38	--------	d-----w-	c:\program files\Microsoft Security Client
2012-06-02 15:30 . 2012-06-02 15:30	--------	d-----w-	c:\programdata\InstallShield
2012-06-02 15:30 . 2012-06-03 07:41	88480	----a-w-	c:\windows\system32\drivers\atksgt.sys
2012-06-02 15:30 . 2012-06-03 07:41	46400	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2012-06-02 15:28 . 2012-06-02 15:28	--------	d-----w-	c:\program files (x86)\Focus
2012-06-02 15:28 . 2004-08-09 04:04	73728	----a-w-	c:\windows\SysWow64\ISUSPM.cpl
2012-06-02 15:28 . 2004-08-09 04:03	385024	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll
2012-06-02 15:28 . 2004-08-09 04:03	221184	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
2012-06-02 15:28 . 2004-08-09 04:03	81920	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-06-02 15:28 . 2004-08-09 04:03	368640	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll
2012-06-02 15:28 . 2004-08-09 04:03	512000	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-06-02 15:28 . 2004-08-09 04:02	217088	----a-w-	c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-06-02 15:27 . 2004-10-22 00:18	749568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2012-06-02 15:27 . 2004-10-22 00:17	69715	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2012-06-02 15:27 . 2004-10-22 00:17	274432	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2012-06-02 15:27 . 2004-10-22 00:16	180224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2012-06-02 15:27 . 2004-10-22 00:16	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2012-06-02 15:27 . 2012-06-02 15:27	192644	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2012-06-02 15:27 . 2012-06-02 15:27	323716	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2012-05-31 12:47 . 2012-03-13 17:18	2469760	----a-w-	c:\windows\SysWow64\BootMan.exe
2012-05-31 12:47 . 2012-03-13 17:05	3316736	----a-w-	c:\windows\system32\BootMan.exe
2012-05-31 12:47 . 2011-07-29 11:54	9096	----a-w-	c:\windows\system32\EuGdiDrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	16776	----a-w-	c:\windows\system32\epmntdrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	100232	----a-w-	c:\windows\system32\setupempdrvx64.exe
2012-05-31 12:47 . 2011-07-29 11:54	19840	----a-w-	c:\windows\SysWow64\EuEpmGdi.dll
2012-05-31 12:47 . 2011-07-29 11:54	16256	----a-w-	c:\windows\system32\EuEpmGdi.dll
2012-05-31 12:47 . 2011-07-29 11:54	86408	----a-w-	c:\windows\SysWow64\setupempdrv03.exe
2012-05-31 12:47 . 2011-07-29 11:54	8456	----a-w-	c:\windows\SysWow64\EuGdiDrv.sys
2012-05-31 12:47 . 2011-07-29 11:54	14216	----a-w-	c:\windows\SysWow64\epmntdrv.sys
2012-05-31 12:47 . 2012-05-31 12:47	--------	d-----w-	c:\program files (x86)\EASEUS
2012-05-31 11:38 . 2012-05-31 11:44	--------	d-----w-	c:\program files\Tracker Software
2012-05-29 17:51 . 2012-05-29 17:51	--------	d-----w-	c:\programdata\VirtualizedApplications
2012-05-29 17:04 . 2012-05-29 17:05	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-05-28 07:42 . 2012-05-28 07:42	--------	d-----w-	c:\program files (x86)\Video Codec
2012-05-28 06:30 . 2012-05-28 06:30	--------	d-----w-	c:\program files (x86)\GIANTS Software
2012-05-27 17:59 . 2012-05-27 17:59	--------	d-----w-	c:\program files (x86)\OpenOffice.org 3
2012-05-26 15:09 . 2012-05-26 15:09	8769696	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-26 15:06 . 2012-05-26 15:06	--------	d-----w-	c:\windows\de
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\en
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\bg
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\cs
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\da
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\nl
2012-05-26 15:04 . 2012-05-26 15:04	--------	d-----w-	c:\windows\fi
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\fr
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\el
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\hu
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\it
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\no
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\pl
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\pt-pt
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\ro
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\ru
2012-05-26 15:03 . 2012-05-26 15:03	--------	d-----w-	c:\windows\sk
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\sv
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\tr
2012-05-26 15:02 . 2012-05-26 15:02	--------	d-----w-	c:\windows\uk
2012-05-26 14:51 . 2012-05-26 14:51	89944	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\DSETUP.dll
2012-05-26 14:51 . 2012-05-26 14:51	537432	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\DXSETUP.exe
2012-05-26 14:51 . 2012-05-26 14:51	1801048	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\12cba01cd3b4f01\dsetup32.dll
2012-05-26 14:51 . 2012-05-26 14:51	15712	----a-w-	c:\program files (x86)\Common Files\Windows Live\.cache\4379461cd3b4f02\MeshBetaRemover.exe
2012-05-26 14:27 . 2012-05-26 15:10	419488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-05-24 18:21 . 2012-05-24 18:21	--------	d-----w-	c:\program files\CCleaner
2012-05-22 16:40 . 2012-05-22 16:40	466456	----a-w-	c:\windows\system32\wrap_oal.dll
2012-05-22 16:40 . 2012-05-22 16:40	444952	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2012-05-22 16:40 . 2012-05-22 16:40	122904	----a-w-	c:\windows\system32\OpenAL32.dll
2012-05-22 16:40 . 2012-05-22 16:40	109080	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2012-05-22 16:40 . 2012-05-22 16:40	--------	d-----w-	c:\program files (x86)\OpenAL
2012-05-22 16:33 . 2012-05-22 17:09	--------	d-----w-	c:\program files\FlightGear
2012-05-21 14:36 . 2012-05-21 14:36	--------	d-----w-	c:\program files (x86)\ProtectDisc Driver Installer
2012-05-21 14:28 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-05-21 14:28 . 2001-09-05 02:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-05-21 14:28 . 2001-09-05 02:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-05-21 14:28 . 2001-09-05 02:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-05-21 14:28 . 2012-05-21 14:28	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2012-05-21 14:28 . 2012-05-21 14:28	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2012-05-21 14:28 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-05-21 14:17 . 2012-05-21 14:17	--------	d-----w-	c:\users\Default\AppData\Local\Sony Corporation
2012-05-21 14:12 . 2003-01-26 12:41	40960	----a-w-	c:\windows\SysWow64\SSubTmr6.dll
2012-05-21 14:12 . 2000-05-21 23:00	203976	----a-w-	c:\windows\SysWow64\RICHTX32.OCX
2012-05-21 14:12 . 2004-08-28 12:03	739472	----a-w-	c:\windows\SysWow64\sg20O.ocx
2012-05-21 14:12 . 2004-08-24 21:55	53248	----a-w-	c:\windows\SysWow64\cbvCalendar.dll
2012-05-21 14:12 . 2004-03-26 09:36	122880	----a-w-	c:\windows\SysWow64\cbNet.dll
2012-05-21 14:12 . 2003-05-14 20:07	389120	----a-w-	c:\windows\SysWow64\actskn43.ocx
2012-05-21 14:12 . 2002-02-17 11:17	65536	----a-w-	c:\windows\SysWow64\CBXML.dll
2012-05-21 14:12 . 2002-02-08 00:01	208896	----a-w-	c:\windows\SysWow64\cbPrinter.dll
2012-05-21 14:12 . 2002-01-10 23:09	57344	----a-w-	c:\windows\SysWow64\cbSysHTrck.dll
2012-05-21 14:12 . 2000-05-21 23:00	140488	----a-w-	c:\windows\SysWow64\COMDLG32.OCX
2012-05-21 14:12 . 2004-06-18 21:09	40960	----a-w-	c:\windows\SysWow64\CBDTPicker.dll
2012-05-21 14:12 . 2012-05-21 20:04	--------	d-----w-	c:\program files (x86)\Wecker6
2012-05-21 13:45 . 2012-06-01 13:47	--------	d-----w-	C:\VAIO Entertainment
2012-05-21 13:41 . 2012-05-21 13:41	--------	d-----w-	c:\program files (x86)\NVIDIA Corporation
2012-05-21 13:40 . 2012-06-02 15:30	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2012-05-21 13:28 . 2012-05-21 13:29	--------	d-----w-	c:\program files (x86)\Fernseh Tycoon
2012-05-21 12:56 . 2012-05-21 12:56	--------	d-----w-	c:\programdata\VS
2012-05-21 12:40 . 2012-05-21 12:40	--------	d-----w-	c:\program files\Microsoft Silverlight
2012-05-21 12:40 . 2012-05-21 12:40	--------	d-----w-	c:\program files (x86)\Microsoft Silverlight
2012-05-20 18:35 . 2012-05-20 18:34	111960	----a-w-	c:\windows\dxsdkuninst.exe
2012-05-20 18:35 . 2012-05-20 18:46	--------	d-----w-	c:\program files (x86)\Microsoft DirectX SDK (June 2010)
2012-05-20 18:31 . 2010-02-04 08:01	78680	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2012-05-20 18:31 . 2010-02-04 08:01	74072	----a-w-	c:\windows\SysWow64\XAPOFX1_4.dll
2012-05-20 18:31 . 2010-02-04 08:01	530776	----a-w-	c:\windows\system32\XAudio2_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	528216	----a-w-	c:\windows\SysWow64\XAudio2_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	238936	----a-w-	c:\windows\SysWow64\xactengine3_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	176984	----a-w-	c:\windows\system32\xactengine3_6.dll
2012-05-20 18:31 . 2010-02-04 08:01	24920	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2012-05-20 18:31 . 2010-02-04 08:01	22360	----a-w-	c:\windows\SysWow64\X3DAudio1_7.dll
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files (x86)\Quadriga Games
2012-05-20 18:17 . 2012-05-20 18:17	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2012-05-20 18:16 . 2012-05-21 13:02	113440	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1031\ResourceCache.dll
2012-05-20 18:14 . 2012-05-20 18:14	--------	d-----w-	c:\program files (x86)\Common Files\Merge Modules
2012-05-20 18:14 . 2012-05-20 18:15	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 10.0
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-26 15:10 . 2012-04-08 22:32	70304	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-18 09:09 . 2011-03-28 16:36	19736	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-08 23:08 . 2012-04-08 23:08	88851008	----a-w-	c:\windows\system32\VAIO Hero Screensaver - Fall 2011 - DE.scr
2012-04-08 22:53 . 2012-04-08 22:53	29480	----a-w-	c:\windows\SysWow64\msxml3a.dll
2012-04-08 22:53 . 2003-03-18 18:14	505128	----a-w-	c:\windows\SysWow64\msvcp71.dll
2012-04-08 22:53 . 2003-02-21 02:42	353576	----a-w-	c:\windows\SysWow64\msvcr71.dll
2012-04-08 22:26 . 2012-04-08 22:26	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
2012-04-08 22:25 . 2012-04-08 22:25	2560	----a-w-	c:\windows\SysWow64\drivers\de-DE\scfilter.sys.mui
2012-04-08 22:25 . 2012-04-08 22:25	5632	----a-w-	c:\windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
2012-04-08 22:24 . 2012-04-08 22:24	51712	----a-w-	c:\windows\SysWow64\drivers\de-DE\tcpip.sys.mui
2012-04-08 22:24 . 2012-04-08 22:24	29696	----a-w-	c:\windows\SysWow64\drivers\de-DE\bfe.dll.mui
2012-04-08 22:24 . 2012-04-08 22:24	16896	----a-w-	c:\windows\SysWow64\drivers\de-DE\pacer.sys.mui
2012-04-08 21:56 . 2012-04-08 21:56	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-04-08 21:55 . 2012-04-08 21:55	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-03-20 18:44 . 2012-03-20 18:44	98688	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 18:44 . 2012-03-20 18:44	203888	----a-w-	c:\windows\system32\drivers\MpFilter.sys
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-06-08_21.20.20   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-09 05:12 . 2012-04-14 09:22	71680              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
+ 2012-06-09 05:12 . 2012-01-10 01:49	87040              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
+ 2012-06-09 05:12 . 2012-01-10 01:49	18944              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\earthps.dll
+ 2012-06-09 05:12 . 2012-04-14 09:22	71680              c:\windows\temp\._msige61\program files\Google\Google Earth\client\googleearth.exe
+ 2012-06-09 05:12 . 2012-01-10 01:49	87040              c:\windows\temp\._msige61\program files\Google\Google Earth\client\ge_expat.dll
+ 2012-06-09 05:12 . 2012-01-10 01:49	18944              c:\windows\temp\._msige61\program files\Google\Google Earth\client\earthps.dll
+ 2012-06-09 05:12 . 2012-04-05 01:01	50688              c:\windows\temp\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
- 2012-04-08 21:50 . 2012-06-08 21:10	49152              c:\windows\SysWOW64\config\systemprofile\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	49152              c:\windows\SysWOW64\config\systemprofile\Lokale Einstellungen\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:10	16384              c:\windows\SysWOW64\config\systemprofile\Lokale Einstellungen\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:47	16384              c:\windows\SysWOW64\config\systemprofile\Lokale Einstellungen\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 20:13	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:07	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Verlauf\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:47	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Verlauf\History.IE5\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-08 21:50 . 2012-06-08 21:10	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:07	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 20:13	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 20:13	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:07	65536              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-08 21:50 . 2012-06-08 21:10	49152              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:47	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Anwendungsdaten\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	32768              c:\windows\SysWOW64\config\systemprofile\Anwendungsdaten\Microsoft\Windows\Cookies\index.dat
- 2012-04-08 21:50 . 2012-06-08 21:10	32768              c:\windows\SysWOW64\config\systemprofile\Anwendungsdaten\Microsoft\Windows\Cookies\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-04-08 21:50 . 2012-06-08 21:10	32768              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-04-08 21:50 . 2012-06-08 22:47	49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-04-08 21:50 . 2012-06-08 21:10	49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-06-08 21:10	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-06-08 22:47	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-06-08 20:13 . 2012-06-08 21:07	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 22:05 . 2012-06-08 22:05	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-08 22:05 . 2012-06-08 22:05	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-08 20:13 . 2012-06-08 21:07	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-09 05:12 . 2012-01-10 01:46	770384              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
+ 2012-06-09 05:12 . 2012-01-10 01:46	421200              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
+ 2012-06-09 05:12 . 2012-04-14 09:08	834048              c:\windows\temp\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
+ 2012-06-09 05:12 . 2012-01-10 01:46	770384              c:\windows\temp\._msige61\program files\Google\Google Earth\client\msvcr100.dll
+ 2012-06-09 05:12 . 2012-01-10 01:46	421200              c:\windows\temp\._msige61\program files\Google\Google Earth\client\msvcp100.dll
+ 2012-06-09 05:12 . 2012-03-12 09:43	293888              c:\windows\temp\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
+ 2012-05-25 10:36 . 2012-06-09 05:12	218864              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2012-05-18 12:14 . 2012-06-09 04:57	267952              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-06-08 22:09	654276              c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-08 21:12	654276              c:\windows\system32\perfh009.dat
- 2012-04-08 22:28 . 2012-06-08 21:12	698998              c:\windows\system32\perfh007.dat
+ 2012-04-08 22:28 . 2012-06-08 22:09	698998              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-06-08 22:09	122108              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-08 21:12	122108              c:\windows\system32\perfc009.dat
+ 2012-04-08 22:28 . 2012-06-08 22:09	149162              c:\windows\system32\perfc007.dat
- 2012-04-08 22:28 . 2012-06-08 21:12	149162              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-06-08 20:13	312124              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-08 22:04	312124              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-09 05:12 . 2012-04-14 09:23	2415616              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
+ 2012-06-09 05:12 . 2012-04-14 09:23	1966080              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
+ 2012-06-09 05:12 . 2012-04-14 09:43	1207296              c:\windows\temp\._msige61\GoogleEarth.exe
+ 2012-06-09 05:12 . 2012-04-14 09:44	1328128              c:\windows\temp\._msige61\Google Earth.msi
- 2012-04-08 21:42 . 2012-06-08 20:13	1861880              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-04-08 21:42 . 2012-06-08 22:04	1861880              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2012-05-18 09:07 . 2012-06-08 22:04	5240442              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1084989345-2395060513-280258535-1000-8192.dat
+ 2012-05-18 10:29 . 2012-06-08 22:04	3569547              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1084989345-2395060513-280258535-1000-12288.dat
- 2012-05-18 10:29 . 2012-06-08 20:13	3569547              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1084989345-2395060513-280258535-1000-12288.dat
+ 2012-06-09 05:12 . 2012-04-14 09:22	32602112              c:\windows\temp\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
+ 2012-06-09 05:12 . 2012-04-14 09:22	32602112              c:\windows\temp\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
.
-- Snapshot auf jetziges Datum zurückgesetzt --
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-04-29 284440]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-06-30 336384]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-09-20 60552]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-10-09 75048]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/04/09 00:53;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-09-27 248304]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 116648]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 257696]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [2011-08-25 111776]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-05-19 21712]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 116648]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-03 138392]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-03 74904]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-29 13592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-08-24 430136]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys [x]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-09-20 535176]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-10-24 958112]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-09-08 381488]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-09-30 955832]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-09-23 289952]
S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_9EC60124
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-26 15:10]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 20:32]
.
2012-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-19 20:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-12-26 2277992]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-22 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-22 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-22 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"combofix"="c:\combofix\CF22714.3XE" [2010-11-21 345088]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Bjarne\AppData\Roaming\Mozilla\Firefox\Profiles\yyudgavq.default\
FF - prefs.js: browser.search.selectedEngine - 
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-09  07:17:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-06-09 05:17
ComboFix2.txt  2012-06-08 21:22
.
Vor Suchlauf: 17 Verzeichnis(se), 642.850.713.600 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 642.035.146.752 Bytes frei
.
- - End Of File - - 7AB8EAE9975B86FA3463070B691112A9

Alt 09.06.2012, 23:07   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.06.2012, 17:33   #29
Banane999
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Okay, alles geschafft:

die GMER:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-10 17:58:41
Windows 6.1.7601 Service Pack 1 
Running: 08m8jm09.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737b08db4                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737b08db4@0025476d5229         0xB4 0x1C 0xD2 0x54 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\642737b08db4@00249030500e         0xC9 0x12 0x75 0x95 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737b08db4 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737b08db4@0025476d5229             0xB4 0x1C 0xD2 0x54 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\642737b08db4@00249030500e             0xC9 0x12 0x75 0x95 ...

---- EOF - GMER 1.0.15 ----
Die Osam:
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:21:12 on 10.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DrvAgent64" (DrvAgent64) - "Phoenix Technologies" - C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? -   (File not found | COM-object registry key not found)
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? -   (File not found | COM-object registry key not found)
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KPeerNexonEU" - "NEXON Inc." - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
"Dolby Home Theater v4" - "Dolby Laboratories Inc." - "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"ISBMgr.exe" - ? - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PMBVolumeWatcher" - "Sony Corporation" - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Atheros Bt&Wlan Coex Agent" (Atheros Bt&Wlan Coex Agent) - "Atheros" - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"CyberLink Product - 2012/04/09 00:53:54" (CLKMSVC10_9EC60124) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
"DCDhcpService" (DCDhcpService) - "Atheros Communication Inc." - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"VAIO Care Performance Service" (SampleCollector) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata Intelligent Network Service Manager" (VcmINSMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
"VAIO Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
"VAIO Entertainment Common Service" (SpfService) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"VCService" (VCService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCService.exe
"VSNService" (VSNService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Dann die aswMBR.exe:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:21:12 on 10.06.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 12.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"acedrv11" (acedrv11) - "Protect Software GmbH" - C:\Windows\system32\drivers\acedrv11.sys
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"DrvAgent64" (DrvAgent64) - "Phoenix Technologies" - C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
"EagleX64" (EagleX64) - ? - C:\Windows\system32\drivers\EagleX64.sys  (File not found)
"epmntdrv" (epmntdrv) - ? - C:\Windows\system32\epmntdrv.sys  (File found, but it contains no detailed information)
"EuGdiDrv" (EuGdiDrv) - ? - C:\Windows\system32\EuGdiDrv.sys  (File found, but it contains no detailed information)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MBAMProtector" (MBAMProtector) - ? - C:\Windows\system32\drivers\mbam.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - ? -   (File not found | COM-object registry key not found)
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - ? -   (File not found | COM-object registry key not found)
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
XCShInfo "{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A}" - ? -   (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_27" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_27.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204  (File not found)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Bjarne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"EvernoteClipper.lnk" - "Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041" - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe  (Shortcut exists | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KPeerNexonEU" - "NEXON Inc." - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
"Dolby Home Theater v4" - "Dolby Laboratories Inc." - "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"ISBMgr.exe" - ? - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PMBVolumeWatcher" - "Sony Corporation" - c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
"StartCCC" - "Advanced Micro Devices, Inc." - "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
"Atheros Bt&Wlan Coex Agent" (Atheros Bt&Wlan Coex Agent) - "Atheros" - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
"AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
"CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - c:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
"CyberLink Product - 2012/04/09 00:53:54" (CLKMSVC10_9EC60124) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe
"DCDhcpService" (DCDhcpService) - "Atheros Communication Inc." - C:\Program Files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe
"GamesAppService" (GamesAppService) - "WildTangent, Inc." - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
"Google Update-Dienst (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
"VAIO Care Performance Service" (SampleCollector) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
"VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
"VAIO Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
"VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
"VAIO Content Metadata Intelligent Network Service Manager" (VcmINSMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
"VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
"VAIO Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
"VAIO Entertainment Common Service" (SpfService) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
"VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
"VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
"VCService" (VCService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCService.exe
"VSNService" (VSNService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
"VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
Lg Banane

Alt 10.06.2012, 18:43   #30
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alureon.E im Bootsystem - Standard

Alureon.E im Bootsystem


Das war jetzt aber 2x OSAM, aswMBR bitte nachreichen
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort
Seite 2 von 3 1 2 3

Themen zu Alureon.E im Bootsystem
alureon.e, application/pdf, application/pdf:, autorun, bho, bingbar, downloader, error, euro, failed, festplatte, firefox, flash player, google earth, home, igdpmd64.sys, install.exe, installation, logfile, mozilla, plug-in, programm, realtek, registry, scan, searchscopes, security, software, svchost.exe, system, tracker, trojan, trojaner, usb, usb 3.0, version=1.0, visual studio, wildtangent games, windows, ändern


« EXP/CVE-2010-0840.EO (evtl. Verschlüsselungs/BKA-Trojaner) | Problem mit Windows Verschlüsselungs Trojaner »


Ähnliche Themen: Alureon.E im Bootsystem


  1. TR/Fakealert.grb.225 und TR/Alureon.FE.2
    Log-Analyse und Auswertung - 03.07.2012 (20)
  2. TR/Alureon.FL.2 auf Notebook
    Log-Analyse und Auswertung - 28.12.2011 (17)
  3. TR/Alureon.FL.2
    Plagegeister aller Art und deren Bekämpfung - 18.12.2011 (1)
  4. Avira TR/Alureon.FL.2
    Log-Analyse und Auswertung - 11.12.2011 (16)
  5. TR/Alureon.AD.33 entfernen
    Plagegeister aller Art und deren Bekämpfung - 19.08.2011 (6)
  6. alureon.a W7 Versäucht
    Log-Analyse und Auswertung - 04.11.2010 (1)
  7. Bootsektorvirus BOO/Alureon.A
    Log-Analyse und Auswertung - 21.10.2010 (0)
  8. Alureon.H mit CF gelöscht
    Plagegeister aller Art und deren Bekämpfung - 15.08.2010 (15)
  9. Infektion mit Alureon.B - was tun..?
    Plagegeister aller Art und deren Bekämpfung - 11.08.2010 (15)
  10. ALUREON-Fund
    Log-Analyse und Auswertung - 11.02.2010 (1)
  11. Alureon Trojaner
    Log-Analyse und Auswertung - 28.12.2009 (3)
  12. Trojaner Alureon
    Log-Analyse und Auswertung - 28.12.2009 (5)
  13. TR/Alureon.19968U.10
    Plagegeister aller Art und deren Bekämpfung - 26.09.2009 (1)
  14. TR/Alureon.19456U.3
    Plagegeister aller Art und deren Bekämpfung - 24.09.2009 (2)
  15. TR/Alureon.BP.4 - beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 14.06.2009 (3)
  16. W32.Alureon!inf und Alureon.gen!J
    Antiviren-, Firewall- und andere Schutzprogramme - 17.03.2009 (14)
  17. Dual Bootsystem defekt
    Log-Analyse und Auswertung - 11.09.2005 (19)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Alureon.E im Bootsystem - Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code: - Alureon.E im Bootsystem...
Archiv
Du betrachtest: Alureon.E im Bootsystem auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132